by Kyle Jones
(Crossposted from chooseprivacyweek.org)
Records define us–partially. They enclose data and information that reveal our past, present, and increasingly our future. But they are never perfect representations of who we are as individuals, nor are they able to capture the richness of our relationships with others. So, we are naturally wary of their contents, who has access to them, and the risks their disclosure creates. Because of these reasons and others, we want those in charge of these identifiable records to treat us fairly by giving us the opportunity to access, review, and request changes to their contents in order to reflect truths about our life, not harmful or misleading falsehoods. In educational contexts, these expectations may not be met as what has traditionally been considered to be an “educational record” takes on new characteristics and import in data-driven schools, colleges, and universities.
Increasingly, primary, secondary, and post-secondary educational institutions are adopting new systems and developing advanced technical infrastructures to capitalize on emerging flows of student data and information. These flows include, among other things, information students disclose willingly to their schools. But they are increasingly capturing the so-called “data exhaust” students create as they interact with information systems of all stripes. Every click, mouse movement, login and logout event, and form submitted creates analyzable data that captures student behaviors; so, too, do the RFID signals emitted by student ID cards and the metadata attached to WiFi access point logs when students connect. Simply put: When students use any type of data-based school system, they create analyzable data; and much of that data is increasingly tied to them as individuals.
The aims of analyzing student data are admirable. Educational actors–from teachers to administrators, advisors to technologists–often argue that data analytics practices will reap actionable information that can improve learning outcomes; they may also uncover new income by identifying poorly performing programs and replacing them with those who use resources more efficiently and effectively. Using data to accomplish these goals is especially important given that schools at all levels are facing tightening budgets and increased public scrutiny. However, we should be concerned about how new ways of documenting student life in very granular, comprehensive ways becomes a part of their educational record, regardless of whether or not the ends seem worthwhile.
We may believe that the educational records of the students we instruct and serve are relatively benign. Surely, they include a profile of who students are, where they live, and how to contact them; they also keep an audit trail of courses they’ve taken and grades they’ve earned. But based the definition stated in the Family Educational Rights and Privacy Act (FERPA) of 1974, they include much, much more. According to the federal law, an educational record is that which contains information directly related to a student and is maintained by the educational institution (20 U.S.C § 1232g 4.A.; see part 4.B. for exemptions). The information may exist in a physical file drawer, or it may have been born digital in application files or system logs. As long as the data and information identifies a particular student, it is subsumed into her educational record. Importantly, students–and their legal guardians until the students reaches 18–have the legal right to inspect and review their educational records, and educational institutions must provide students or their guardians access within 45 days of their request.
When schools abide by the legal definition of an educational record, they seem to maximize student privacy rights. Students can seek to discover what kinds of log data, for instance, is kept about them. To this point, nearly 2,800 students at Stanford University sought access to their admissions records by expressing their FERPA rights. What was returned to at least one student was pages upon pages of a system log detailing when she opened campus doors with her student ID card. But not all schools have Stanford’s resources to enable audits of myriad systems for identifiable student data and information. So, it may not even be possible for students to access aspects of their record, even if the definition is inclusive of such information.
Other schools may interpret FERPA’s definition with a narrow focus, for instance to include only traditional academic information. In practice, this may serve to more clearly define what about a student’s record is educational in nature and what is related to the “business” of running a school. One result may be that students feel better informed about what their records contain. But, in this case most personally identifiable data exhaust would fall outside of the boundaries that enable students to review how their school is using such data, in effect limiting their legal privacy rights. This is especially problematic when schools enter into contracts with third-party vendors, yet provide students and guardians little recourse to see or limit what those vendors do with the data. In 2013, related concerns among parents and legislators culminated in insurmountable pressures for inBloom, a student data aggregation company.
Knowing that the definition of an educational record directly affects student privacy rights is necessary for understanding what privacy principles schools should develop into policy. The following principles may provide guidance here:
If it is the case that not all data is accessible for students to review, then schools should be transparent about this limitation.
Schools should actively seek to resolve impediments that limit access to personally identifiable data and information, especially when there is clear evidence that the data flow has or may negatively affect student privacy.
3) Value Justifications
Given the sensitivity of emerging data flows and the ways in which they can record and provide insight into student life, schools should be able to justify the value of such flows in terms of the ways they will benefit student learning outcomes.
A student’s educational record follows her throughout her academic tenure and into her professional career. As such, it informs many decisions made about her and impacts how others judge her. It is one of the more important collections of documents, files, and data about a person, and it deserves the greatest of protections. Therefore, it is of significant consequence that the right to access, review, and request amendments to educational records be maximized and respected–regardless of the social and technical burdens schools encounter while doing so.
Dr. Jones is a recent doctoral graduate of UW-Madison’s School of Library and Information Studies. His research focuses on understanding student privacy problems in relationship to learning analytics in order to develop ethical frameworks and information policy for educational institutions. In the Fall semester, Dr. Jones will join the faculty as an assistant professor in the School of Informatics and Computing at Indiana University-Indianapolis (IUPUI). Should you like to contact Dr. Jones, you can reach him on Twitter at @thecorkboard.