Respect For Students!

Home | Big Picture | Technology | Surviving Reform | Petitions | Scorecard | Executive Summary | Why? | Contact

NEWLY UPDATED for February 2014! MORE TO COME!

EXCLUSIVE! Times Argus interview with "anonymous" student privacy advocate.

EAST MONTPELIER UPDATE! Although the school privacy resolution is not on the East Montpelier town meeting agenda, some concerned voters are responding to recent press coverage by meeting with East Montpelier school board members on Saturday, March 1, at 9:30 am in the U-32 Cafeteria.

Take Action!

Join us in safeguarding our children from growing assaults on their privacy and basic rights. Voters in Berlin, Calais, Middlesex, and Worcester have successfully established student privacy rights on their Town Meeting agendas for March 2014.

Should our children's personal information be kept safely here in our local school district? Or should school officials be free to transfer it wherever, whenever, and to whomever they want?

Right now, our district schools store almost all personal information about our children on a computer in Minnesota, including

Our school boards need to adopt policies that keep our data at home! If you are a registered voter, then please attend Town Meeting to speak and vote IN FAVOR of the student privacy resolution. Ask your friends and neighbors to do the same!

Frequently Asked Questions

  1. What local schools are co-opting and exporting student data?

    U-32 Middle and High School, Berlin Elementary, Calais Elementary, East Montpelier Elementary, Middlesex (Rumney) Elementary, and Worcester (Doty) Elementary have all unilaterally seized control of student data and transferred it to a vendor in Minnesota.

  2. What policy do we need?

    This simple, binding policy:

    All information about individual students shall be stored only on local school or district premises and shall not be shared outside school or district staff except
    1. by specific vote of the local board for each release, or
    2. to the least degree strictly necessary to comply with law, or
    3. with the prior written consent of the student/parent/guardian.

  3. When did this start?

    On 28 March, 2012, the executive committee for the Washington Central Supervisory Union voted to purchase new computer software for managing student records. The selected software was from a vendor in Minnesota called Infinite Campus. At the same time, the executive committee also quietly decided to claim ownership of all student data and transfer it to Minnesota for storage under vendor control. This assault on basic student rights was not generally known until the next school year. The executive committee is not elected by the voters; its members are appointed by the local school boards.

  4. Who owns student data?

    Our students! Our local school policy (F-5) states that

    The information contained in students' education records belongs primarily to the students and/or their parent(s), or guardians.
    Federal law echos this principle. The school principal acts as "custodian" of student information because, with good reason, we don't generally put students in charge of their own grades. But the student is the owner, and ownership entails certain rights. Your ownership of your car means that other people can't drive it around or move it to somebody else's garage without your permission. But, while a stolen car can be recovered or replaced, loss of personal information is deeply intimate, damaging, and forever.

  5. Why do we need a policy?

    We need a strong local policy to secure our children's basic rights in the face of lost Federal protections, the whims of local school administrators, and the laziness of our local school boards. The federal Family Educational Rights and Privacy Act (FERPA) strongly protected student privacy from 1974 to 2008. However, in December 2008, the outgoing administration gutted FERPA protections by issuing new regulations that totally redefine the law's most crucial terms. For example, now almost anybody, anywhere can be designated to receive student information without student consent or without any of the traditional protections afforded by FERPA. In 2012, our local school leadership exploited this regulatory weakness to augment their own power and convenience at the expense of our students' basic rights. Our local school boards have been largely complicit. By their words and deeds, many board members have shown themselves stronger advocates for the school administration than for our students or the voters. We need a strong policy to remind our school leaders continuously that, regarding basic rights and privacy, the people of this community stand with our students.

  6. Why is this topic on the Town Meeting agenda instead of the School Meeting agenda?

    Vermont statutes provide no explicit, certain path for voters to place a topic on the School Meeting agenda.

  7. Isn't the student data stored in Minnesota completely anonymous, identified only by random numbers?

    No. The data stored in Minnesota is all of the real, live student data that is used daily by our local teachers and school staff. It includes the student's full name, mailing address, date of birth, gender, his/her parents' names, their marital status, photographs, class schedule --- basically, everything!

    Even if the exported data was "sanitized" by replacing student names with random identifiers, it would definitely not be anonymous. Widely-reported (e.g., Anderson, Schoen, Tanner) scholarly research demonstrated that individual Americans can be identified with 87 percent accuracy using just a birthdate, gender, and zip code. Here in rural Vermont, that percentage is almost certainly higher. For students, birthdate is readily approximated by grade level, gender by given name, zip code by school district or building.

  8. Will bringing the data back home block my online "portal" access to my child's information?

    No. Local storage of student records need not disrupt portal access. After all, because the "portal" is just a website --- not some high-tech miracle --- providing it here at home is certainly feasible and probably doesn't even require additional facilities.

  9. Is bringing the data back home technically feasible?

    Yes. For many years prior to 2012, most student data was stored on computers here in the district. Accordingly, the district technology director unsurprisingly reported to the U-32 board that local data storage is indeed feasible. Why would anyone, knowing this history, spread fear and doubt by suggesting otherwise?

  10. Will our student data be secure here at home?

    Yes. Student data will be at least as secure at home and probably more so. By using software that is similar or even identical to that used in Minnesota, our student records will be equally well protected from remote network attacks. Indeed, records stored in Minnesota are probably much more at risk, because they are pooled with 6.5 million others and pose a much more attractive target for cyber-criminals or government spies.

    In the unlikely event that there is a security breach here at home, you will probably hear about it. Do you think you will hear about any breaches all the way from Minnesota? Whatever else it accomplished, stealing the data away to Minnesota certainly eliminated any accountability for our local school officials and staff.

  11. How much will it cost?

    If the school chooses to continue with the software currently in use, then the vendor will impose an additional annual payment of $6000-7000 for bringing the data home -- ostensibly for providing computer hardware on which their software would execute locally. This amount is approximately one half of one tenth of one percent (0.0005) of the U-32 budget. Currently, the school district pays this vendor annually and divides the cost of the software among all five towns. The vendor agreement may be terminated with 30 days notice.

    Alternatively, the strongest and cheapest strategy for securing our students' rights would be to deploy a student information system based on transparent, easily modified, open-source software and school-owned, locally-resident, off-the-shelf computer hardware. Such a strategy requires thought and planning but better protects our children and does not bind our community to any vendor's political agenda.

  12. What is Infinite Campus?

    Infinite Campus is a privately-held company that markets computer software for student information systems (SIS). The company was founded in 1993 and is headquartered in Minnesota. After marketing its software for some years, the company began a sideline business of collecting and storing large numbers of student records. However, in recent months, the company's marketing message has de-emphasized its database hosting activity, and it has now all but disappeared from the corporate website. Consistent with public statements of the Infinite Campus CEO, the Fordham Center on Law and Information Policy concluded that Infinite Campus "is actively striving to link state databases together to form a national database of children or regional databases of children." Further, "the program advertising makes no mention of privacy protections, a silence that reflects at least inadequate transparency and at worst the absence of any adequate protections." No company's merits as a software supplier justify stealing and surrendering our children's data to them.

  13. What is meant by "information about individual students"? Your use of plain English has confused my local school board member.

    Laws that protect medical or educational privacy frequently refer to personally indentifable information, or PII, which is defined for Federal agencies in NIST Publication SP800-122:

    PII is any information about an individual maintained by an agency, including (1) any information that can be used to distinguish or trace an individual‘s identity, such as name, social security number, date and place of birth, mother‘s maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information.

    You may also refer your confused school board member to the Family Educational Rights and Privacy Act (FERPA), 20 USC 1232g(a)(4)(A), which defines "education records" in very common-sense language:

    those records, files, documents, and other materials which (i) contain information directly related to a student; and (ii) are maintained by an educational agency or institution or by a person acting for such agency or institution.

  14. Does this policy mean that the school board would have to vote every time a teacher creates or uses an external web site?

    No. A vote would be required only if that website is used to store information about individual students without their consent.

  15. Does this policy prevent student use of Naviance or GoogleDocs websites?

    No. As long as student use of such external websites is voluntary, their consent is implied. If deemed necessary, parents can provide written consent. In contrast, a student's official school record is not voluntary.

    (However, websites like GoogleDocs have other issues not addressed by this policy).

  16. Will a strong student privacy policy prevent implementation of the "Common Core" standards?

    No. The "Common Core" standards are a set of national learning goals that have been accepted by Vermont educators. While these standards are controversial in some respects, they have no direct bearing upon how individual student information is collected, stored, or shared.

  17. Will a strong student privacy policy prevent use of standardized tests such as the Smarter Balanced Assessment (SBAC)?

    Probably not. Under exeception (1) in the proposed policy, the local school board could vote to release individual student test responses to the testing consortium. Such votes would likely be annual (before each testing cycle) and specify the specific use, retention period, or any other conditions for which the release is authorized. Alternatively, the school could administer standardized tests locally without using remote computers or third-party storage of individual test results. Because exporting individual student test responses to outside parties is not a strict requirement of the relevant federal law, exporting individual student data would require either board approval or student/parent consent.

  18. Will a strong student privacy policy prevent collection and permanent storage of individual student data in a state longitudinal database (SLD)?

    Probably not by itself. The proposed policy should be adopted because it keeps student information under the control of locally elected officials who are locally accountable to local voters --- not unelected bureaucrats. Indeed, even our own superintendent is a long-time active proponent of collecting personal information from students and storing it in huge databases.

    However, fully protecting our children's privacy requires action by the Vermont legislature. Although the Vermont Department of Education claims that surrendering our children's detailed personal information to a state-wide database is mandatory, the Governor's agreement with the U.S. Department of Education explicitly permits and encourages our legislature to limit any disclosure or use of student data in the statewide database (USC 20 9871 (e)(2)(C)(i)(II) and (III), page 1664). Some states have already outlawed any Federal access to their database; some restrict any disclosure of collected data to summary form only; some delegate individual data disclosures to local schools. Tell our state legislators that Vermont should follow other states in enacting strict limitations on state collection and disclosure of individual student data.

    Because local school officials shouldn't violate the law, the proposed local policy permits student records to be released "to the least degree strictly necessary to comply with law." That's why our students need protection at the state level, too.

  19. Why does the policy allow release of individual student information "by specific vote of the local board for each release"?

    Under normal circumstances, no individual student information should be released without student/parent consent or a clear legal requirement. But sometimes exceptional circumstances arise. At such times, decisions about student privacy should be made publically by elected officials rather than unaccountable administrators. For example, a researcher might ask to test a statistical hypothesis about the impact of school attendance on graduation rate. The local school board might decide to release narrow slices of individual student data on condition that it later be destroyed, or they might insist that the statistical test be computed internally so that the research question is answered without any disclosure of individual data at all.

  20. Why did this happen?

    Who really knows? The WCSU executive committee chose to seize and surrender student data to vendor control during what was perhaps a confusing transitional period between two district superintendents. Whether or not the implications were fully understood is unclear. Materials reviewed by the committee focus on the software purchase and do not emphasize student rights, surrendering the data, or security. One reason our student data was stolen away is that no policy was in place to protect our students.

    Over a year later, however, elected school board members have had ample opportunity to adopt policies that secure our students' basic rights and privacy. School officials hate giving up power, and political gridlock has prevented meaningful progress. Some board members even believe they were elected to protect and "defer" to school administrators; other members believe that they are elected to defend the interests of voters, students, and parents. Are our elected officials are more often conspiring with unelected administrators rather than standing up for us and our children? A vote for securing student privacy rights might also be a vote for returning control of our schools to the voters.