Last month I posted about the Edvance report that blasted the State Center for its lack of transparency and accountability (among other identified problems). You can access that prior post here.
Shortly thereafter, the Dallas Morning News ran a story entitled Landmark Preschool Program Isn't Paying Off that highlighted the Edvance report.
Today the Dallas Morning News has another story about the State Center that highlights an equally troubling problem -- the collection and dissemination of personal student information, including student's social security numbers. The article appears after the jump below.
My own investigation of the State Center has revealed the following:
First, the State Center, which has failed to get parental consent, is requiring school districts to provide personal student identifier information to it for the District's kindergarten students, including the following:
- Student's full name
- ID numbers: PEIMS, social security, and interim TEA (if known/applicable)
- Date of birth
- Gender
- Anticipated kindergarten year
- The student's teacher and/or classroom name
- enrollment status
- race/ethnicity
- home county
- school district
- home language
- street address
- home phone
- language of instruction
- instructional days attended
- Limited English Proficiency
- Special Education with IEP
- Free/reduced lunch eligible
- CCMS student
Second, it appears that by doing so, the State Center, which is part of the University of Texas Health Science Center, is violating the University's own guidelines for collection of research data for research involving children. UTHSC's policy specifically requires the following:
School-Based Research
Research conducted with school students holds special concerns as it relates to coordination with school districts and schools as well as obtaining informed permission from parents. . . . obtaining active informed permission of parents will be expected of investigators.
The State Center has failed to comply with this policy.
Third, in addition, the State Center has contracted with Wireless Generation (WGen) regarding the data collected, and, as shown below, the State Center has specifically agreed that WGen is the owner of all data, including "personally identifiable information.
The Assessment is broadly defined to include all of the items administered to student's as part of the State Center's research including student results on a variety of tests and social measures. More on the social screener is below.
Subsequently, in an effort to be perfectly clear, WGen sent a letter dated November 15, 2006, to the State Center in which it sought the State Center's permission to "distribute, both electronically and in print, Student Assessment Sheets . . . for use by its customers . . . ."
In exchange for agreeing to collect student's personal information for WGen, the State Center receives a flat-rate license fee and a per student royalty fee (see paragraphs 4.1 and 4.2 of the contract. This is in addition to the tens of millions of dollars the Center has received and continues to receive from Texas taxpayers.
Included in the information collected by the State Center without parental consent and provided to WGen for use by WGen's customers is kindergarten student performance information on assessments including Rapid Letter Naming, Rapid Vocabulary Naming, Phonological Awareness, Teacher's Behavior checklist, and a Social Screener that asks the teacher to identify subjective behavioral characteristics of a student (click on the image to enlarge):
Fourth, the DMN article discusses that the information is collected by OZ Systems (Optimization Zorn, Inc.). It is interesting to note that OZ Systems was in bankruptcy just 3 years ago. Nevertheless, OZ is quoted in the DMN article as saying that "parents have nothing to worry about." Wouldn't it be better to give parents the choice of whether this outside contractor should be given their child's personal information?
For more information about the State Center, please see these prior posts (here and here).
Company gets kindergartners' Social Security numbers, data
Permission not needed to hand over Social Security info; TEA says it's safe Texas school districts are
handing over Social Security numbers, dates of birth and other
sensitive information about the state's kindergarten students to a
private software company without permission from the children's
parents. State education officials who set up the unusual arrangement insist
that the information is safe. But some educators and parents worry
about sending student Social Security numbers to a private company
hired to store kindergarten reading test scores. A privacy expert says thousands of 5- and 6-year-olds are vulnerable to identity theft as a result.
"I would hope that any company that had the financial future of every
single kindergartner in Texas would be put through the mill as far as
security," said David Holtzman, a former security analyst who wrote the
book Privacy Lost. "This is more valuable than a million dollars in gold coins in the bank."
OZ Systems, an Arlington software company, has received at least $2.3
million in state money to create databases of preschool and
kindergarten student records. The new database for
kindergarten test scores also includes sections for children's names,
Social Security numbers, dates of birth, gender, school identification
numbers and parents' names and addresses, educators say.
OZ Systems was hired by a University of Texas research group that
describes itself as the early childhood arm of the Texas Education
Agency, which regulates public schools. "It's quite
amazing the security that OZ has in place for this information," said
Susan Landry, director of the UT group, known as the State Center for
Early Childhood Development. "You are overemphasizing the Social
Security number." More than 350,000 children attend public school kindergarten in Texas. Dr. Landry's group uses their scores on the Texas Primary Reading Index
and its Spanish equivalent, the Tejas LEE, as part of a new "school
ready" ratings system that gauges the quality of preschools in Texas.
The UT-developed ratings system hopes to judge public and private
preschool classrooms by how children fare on reading and behavior tests
that they take as kindergarteners the following school year.
A new state law requires school districts to report the kindergarten
reading scores to UT. But it doesn't require the behavior test or the
reporting of a child's personal information.
TEA officials said Social Security numbers help UT researchers track
children from preschool, when they're too young to have a
state-assigned school identification number. "We have a
great deal of experience in keeping that information secure," said Gina
Day, deputy associate commissioner at TEA. Dr. Landry
said elementary school teachers are not required to enter student
Social Security numbers into the OZ database. But some school officials
dispute that. "It won't let you do anything until you put
the Social Security number in," said Mark Lukert, principal of Lakeside
Elementary School in Coppell. Social Security numbers and
dates of birth are key ingredients for cooking up a fake identity, said
Mr. Holtzman, the privacy expert. "Just think about when
you have to identify yourself to a credit card company," he said.
"These are the questions they ask." In recent years,
government agencies have moved away from using Social Security numbers
to identify people and now use random numbers instead.
Pearson Educational Measurement officials, who develop or administer
standardized tests in Texas and 22 other states, say they use ID
numbers to link students to their test data. "I don't
think in the testing side of it that we ever encounter Social Security
numbers," said David Hakensen, vice president of public relations.
Last month, TEA told elementary school principals in a letter that they
have until Feb. 22 to enter the student records in the OZ database.
Some educators said they didn't question the database security because
they believed the information goes to TEA and not a private vendor.
"As adults you don't even put your Social Security card in your
wallet," said Mr. Lukert, an officer with the Texas Elementary
Principals and Supervisors Association. "And yet here we are required
to give that information out. It doesn't make sense." TEA
officials said OZ Systems' contract requires the company to comply with
the Family Educational Rights and Privacy Act, or FERPA, a federal law
that protects student educational records. OZ Systems executives compare their security levels to that of a bank.
Steve Montgomery, the company's vice president of operations, said
software hasn't fallen prey to hackers in OZ Systems' 22-year history. The company also has a proven track record in Texas and worldwide, Mr. Montgomery said.
Parents "have nothing to worry about," he said. "If you think about the
state maintaining the information, your best and brightest in
technology don't work for state departments. They're in the private
sector." Laura Jordan isn't convinced. The Richardson
mother of three doesn't like putting her own Social Security number on
secure Web sites, let alone her children's. "I don't feel
comfortable with my son's Social Security number being out there," said
Mrs. Jordan, whose son is a kindergartener at Yale Elementary School.
"Certainly, I would like to be asked for permission."
Mari McGowan, a McKinney attorney who represents Dallas-area school
districts, said releasing student Social Security numbers to OZ
probably doesn't break federal privacy laws that require parent
consent. One exemption to FERPA appears to allow schools
to send private student information to organizations working on behalf
of state education agencies. Kyle Ward, a Texas Parent
Teacher Association spokesman, says he trusts UT and TEA officials to
safeguard children's identities as closely as they safeguard them in
the classroom. "We have no reason to believe there is a problem," Mr. Ward said. But problems have cropped up in the past.
Personal data for millions of U.S. veterans fell into the hands of
thieves who stole a laptop computer from a Department of Veterans
Affairs computer analyst in 2006. "People have a hard
time getting worked up because they don't see the cause and effect,"
Mr. Holtzman said. "You've got to stop it when they're collecting it
because by the time they've lost it, it's too late."
08:28 AM CST on Saturday, January 12, 2008
Comments