Endangering Student Privacy in the Name of School Safety
Written by Elizabeth Laird
In the wake of tragedy, there is an understandable desire by policymakers to act with urgency. Unfortunately, this can lead to untested policy that may jeopardize the very people it is intended to protect. A recent example is Florida’s Marjory Stoneman Douglas High School Public Safety Act. Enacted in March, the bill requires the Florida Department of Education to:
Coordinate with the Department of Law Enforcement to provide a centralized integrated data repository and data analytics resources to improve access to timely, complete and accurate information integrating data from, at a minimum, but not limited to, the following data sources by December 1, 2018:
a) Social Media;
b) Department of Children and Families;
c) Department of Law Enforcement;
d) Department of Juvenile Justice; and
e) Local law enforcement.
Amassing and integrating large amounts of data without first proving it will be effective, establishing boundaries on its use, enacting strong data governance practices that limit access, or articulating clear data retention and deletion timelines and protocols will almost certainly lead to misuse of this information that may harm the very students it is aimed to protect.
Specifically, this loss of student privacy could lead to damaging outcomes for students, such as:
- False positives: Because there is insufficient information and research that can predict with certainty a school shooter, students will inevitably be monitored by and referred to law enforcement. Most of these student will never actually commit acts of violence. However, this exposure can have a lasting negative impact on students, even if they are cleared of any potential for wrongdoing.
- Discrimination: Students of color are already subject to more restrictive security measures and disproportionately exposed to the criminal justice system, so integrating and sharing data with law enforcement may contribute to entrenched racism. This is especially true if there are not limits on how law enforcement uses this information.
- Data incidents: Amassing large amounts of data on individuals makes for a more attractive target for hackers and the consequences of a data breach even more dire. Every sector is experiencing increased cybersecurity attacks, and education is no exception. What is different is when this information is housed in a singular repository and includes a diversity and breadth of data that no state has collected before.
There is not yet evidence that this massive data collection program will be effective, and there is cause for concern, especially regarding data incidents.
Three weeks ago Broward County Public Schools (BCPS), home to Marjory Stoneman Douglas High School and the bill’s namesake, released a redacted report, entitled “Independent Review of NC’s Educational Record,” about the alleged perpetrator of the shooting. The report is significant for many important reasons, including that insufficient redaction techniques were applied that permitted reporters and the public to recover the entirety of the report and the related personally identifiable information.
Document redaction is a foundational privacy practice for which every school district and state education agency is responsible, and yet, there are regular reports of student privacy violations that are the result of human error. This demonstrated record of inadvertent exposure of student data does not bode well for the current trend of states considering expanding their data collection and integration efforts to strengthen school safety including the recent efforts in in Nevada.
Policymakers and education practitioners should be mindful of the risk this information could pose to the wellbeing of children. Limited and appropriate data sharing can play a role in supporting school safety, but it should not come at the expense of the students it is intended to protect.