Below are just my bullet point notes from the meeting. What follows are the questions I still want the district to address. If audio or a written version of the presentation and questions is ever made available, I will revise the items below if necessary.
Sachem BOE Meeting Wed Dec 18, 2013
4th item on agenda under presentations: “Data shared with the state”, Chris Clayton (attorney who represents the district)
These are paraphrased comments from Mr. Clayton
- Let me make this clear, Sachem does not have a contract with inBloom. The state does.
- The use and transmission of data is behind all of the current state education initiatives.
- The district has, for perhaps the last 10 years or more, always sent student level data to the state.
- He provided an overview of Race to the Top and what NY did to obtain the $700 million of federal money. Sachem only received roughly $87,000 spread out over 3 years with funding running out at the end of this year.
- Sachem can’t direct the state where to store or how to use the data.
- RttT requires, at minimum, the following data be sent: student demographic, enrollment, absenteeism, suspension, parent contact, and more. Those were only the ones mentioned I could hear. He only referred to a few.
- There was a mention that report card data was sent to the state. (I would like more clarification on that.)
- Sachem’s obligation under RttT was to select a portal (data dashboard) and make it available to parents. (Superintendent Nolan spoke up only once to say, “We are not using the dashboard.”)
- The district can terminate the MOU with the state for RttT.
- Doing so would possibly relieve the district of “the burden of participation in data dashboard.”
- The district will still have to send data to the state even if we withdraw from RttT.
- FERPA was revised recently to permit more sharing of data from the state level.
-One BOE member read from a local district withdrawal letter some of the key reasons for opting out of RttT.
BOE Questions that I could hear:
1. Does the state generally honor the district letter to withdraw from RttT? Answer: Appears so, but not really clear on what that means.
2. Would we be relieved of other RttT responsibilities? Answer: It sounded like a “Not sure”, but I can’t be certain of that.
3. By opting out, is state still able to send data through to inBloom and then over to 3rd party? Answer: Appears so. State will still use inBloom, but not sure how Sachem will then see that data or how parents will if they ask.
4. Where does state put the data if we opt out? Answer: Unsure
5. Are we aware of the state contract with inBloom? What that looks like? Answer: Yes, but … contracts can change.
Conclusion: The BOE decides they will discuss this (not sure what this is whether it is withdrawal from RttT or the data sharing issue) further with Mr. Clayton in executive session.
My conclusion: There wasn’t much new that came out of this presentation. Many parents have already emailed their concerns to the BOE members and plenty of information to review. While it appeared that perhaps 3 BOE members who spoke had “concerns”, it wasn’t really clear if the concerns were directed towards the implications of withdrawing from RttT or from the data sharing. The data sharing capabilities and possibilities really wasn’t discussed in depth. I am not sure the BOE understands the vastness of it and what the state actually plans to do with Sachem data. That’s where we need answers from NYSED. I think more time was spent discussing possible withdrawal from RttT than the topics of “data shared with the state.”
RttT funding is scheduled to run out at the end of the school year. It is my understanding if we don’t apply for it again we don’t have to abide by the obligations of the program. So table that discussion until the spring and focus specifically on the data collection, sharing, mining. As of this January, NYSED officials are on the record as saying, they will be requesting data that is, for the first time, attached to student personally identifiable info. Up until now, according to the same NYSED officials, it wasn’t. Why wasn’t it up to now and why, going forward in January, will they need to connect it?
Glaring questions that not only were not asked by BOE members, but information not provided by Mr. Clayton in the presentation (the question list below was revised on Dec 19 and items #16 and 17 were added and emailed to the BOE):
1. Who is liable for a data breach of district information stored with inBloom, or used by a third party vendor through inBloom? My understanding, after researching this, is that the local district is liable for the breach and the consequences, even though we don’t technologically control the data once it passes up to the state.
2. With whom does the state share Sachem data? With what state agencies? With what third party vendors now and in the future? How will that be tracked and how will parents be notified? What is the educational purpose of sharing the data with other state agencies, if that is taking place, and with various third party vendors? Who approves those contracts? Do the Sachem attorneys get to review those contracts?
3. How long does the state plan to hold data on Sachem students? Until graduation? Through college? For life? What happens to the data of a student who leaves the district? Of a family who leaves the district?
4. Did Sachem offer up to NYSED the ability to voluntarily share student data with vendors necessary for state use of the data, but not necessarily district use?
5. What specific data does Sachem send to NYSED and how is it transmitted? Literally spell out the fields for everyone to see (much like is now law in Oklahoma.) That should be easy to do since a student, teacher, principal record can easily be extracted to see fields and personally identifiable information (Pii) stripped from the records. This would be any and all data sent under various portals, systems, spreadsheets, and reporting mechanisms. I understand the amount of data the state wants is “breath-taking”, according to an unnamed district source.
6. What new data fields is Sachem required to send this year and next? What new data elements is the state collecting specifically as a result of using inBloom or because of the technological capability that inBloom provides? What about in the future?
7. If we did opt out of RttT, and one of the requirements of RttT was to send parent contact info, is that data still sent to NYSED and if so, for what purpose? This is just one example of the various data fields that are sent along without a clear educational purpose. It was stated in tonight’s meeting that the parent contact info is needed in order to provide the data dashboard to parents. If we don’t plan to provide the dashboard, why send the data?
8. There is a provision in the state’s contract with inBloom that clearly states that it is up to the district to participate in the inBloom initiative AND the district can withdraw from inBloom and request that data be removed. That’s the loophole used by Southold, Comsewogue, and others. What is our attorney’s view of that loophole or wording in the state’s contract with inBloom?
9. inBloom Inc. states that it “cannot guarantee the security of the information stored, or that the information will not be intercepted when it is being transmitted.” Please detail any communication between representatives from inBloom, the New York State Education Department, and Sachem BOE members or administration regarding this statement.
10. Please cite the specific wording and definitions in both federal and state law that requires data collection. Please also cite the specific pieces of data these laws are requiring Sachem to collect and send to the state.
11. What happens if a student transfers from one district to another within the state? What data is sent electronically to the new district without parent consent? What about medical records associated with special needs students? What happens if the student transfers out of state, to a non-inBloom state?
12. Why does all the state data collected about students need to be personally identifiable to each individual student? Please provide evidence and educational rationales that support that decision.
13. Please explain how the new inBloom database/system fits into New York’s larger plans for a statewide P-20 Longitudinal Database System. What is the educational value of the statewide longitudinal databases? Where has one been setup, tested, and used for an extended length of time (a decade or more) and found to be a valuable tool in making statewide decisions? What is the direct educational benefit of a P-20 system to the Sachem community?
14. Is the state held Sachem student data held within systems that are maintained within the United States or is the data stored on servers outside of America? What specific laws govern the storage, transmission, use, and maintenance of the data stored overseas, if it is? If a data breach happens, that involves Sachem data, on a system stored overseas what legal implications does that present to the district? (This hints at the fact that inBloom is contracted with Amazon Web Services for data hosting and could potentially be storing data on American school kids on systems outside of America. Funny enough, but FERPA was changed recently to permit this exact scenario.)
15. When the inBloom initiative began last spring, there were 9 states committed to some part of the process. Not even a year later and there are only 2 standing: Illinois which only has 35 districts that might participate under a pilot program WITH district opt out and no medical information being sent and the Chicago Public School system that has withdrawn – and New York which is literally all in. No wavering. No concerns. No problem. So this begs the simple question: What do these 7 others states know that we don’t? Why have they withdrawn?
16. Who verifys that the state remains in compliance with all data privacy protection laws and the inBloom contract/agreement?
17. How is the inBloom and data dashboard project funded in the short term and what are plans for long term costs and funding? What will this cost Sachem because it appears that even if we withdraw from RttT and choose not to use the dashboard, we still have to pay the state for the data storage at up to possibly $3-5 per student. In essence, we are paying the state to see the data we sent them.