Study: Student Data Not Safe in the Cloud

The Citizen's Guide to the Future
Dec. 16 2013 12:03 PM

Study: Student Data Not Safe in the Cloud

A student reads a book in Chinese at a Los Angeles public school.

Photo by ROBYN BECK/AFP/Getty Images

It used to be that failing a math test in the fourth grade wouldn’t haunt you long after you graduated (even if it might get you grounded). No longer.  

American schools are migrating online, providing parents with real-time academic results. The cloud services that remotely host this information about educational achievement are also increasingly being used to store sensitive student details like names, religion, and health status. But according to a new study from the Center on Law and Information Policy at Fordham Law School, schools are failing to read the terms and conditions and providing troves of student data to third-party vendors without sufficient safeguards or adequate parental consent.


The report looked at Web service contracts in small, medium, and large school districts. Of the 54 school districts examined, almost 95 percent used cloud services, but many failed to inform parents of the full breadth of information being outsourced. Furthermore, very few of the schools’ contracts explicitly restricted the marketing of student information. This despite using third parties to store potentially delicate information, such as which students qualify for free lunch.

The school districts also seemed clueless as to the details of the contracts they’d signed. The Fordham researchers had considerable difficultly tracking down school personnel who were familiar with the district’s outsourcing policy, documentation was poorly maintained, and less than half of districts contacted complied with the open public record request in the time period required by law.

In response, the Software and Information Industry Association said in a statement that the report failed to account that the law had created strong business practices to keep students data safe: “School service providers know that if they do not protect student information entrusted to them, they will lose their customers and face legal repercussions.”

But according to the Fordham study, many of the agreements failed to meet a number of Federal privacy benchmarks. One-third of data analytics contracts did not comply with the Family Educational Rights and Privacy Act’s requirement that data be deleted after it is no longer needed for the purposes for which it was provided. Few agreements specified a level of encryption, and even fewer required the vendor to tell the schools if there was a data breach.

Khaliah Barnes of the Electronic Privacy Information Center told me that although FERPA provided a number of privacy protections for students online, subsequent regulations from the U.S. Department of Education in 2008 and 2011 had weakened the act.

Barnes added that Fordham’s findings confirmed what EPIC has been hearing from parents and students—they feel like they’re losing control. “We’ve seen an increase in student information collection and dissemination, but a decrease in privacy protection,” she said.

The report comes amid a parent-led backlash against the use of third-party vendors for storing student information. In November, the Chicago school system, the nation’s third largest, rejected the controversial student data management nonprofit, InBloom, deciding instead to build its own platform. According to Education Week, InBloom began promisingly, with million-dollar grants from the Carnegie Corporation of New York and the Bill and Melinda Gates Foundation. But after parents became concerned by plans to compile students' information into one huge database for school-related businesses, InBloom has been dropped by numerous states. In New York, a law suit has been launched to prevent the New York State Education Department from partnering with the service.

Karen Sprowal, one of the plaintiffs in the New York case, said in a statement: "Ever since I've heard about InBloom Inc. I've been unable to rest easy. … Any information that is let loose on the Internet can never be retrieved, and any breach or misuse of this data could harm [my child's] prospects for life, by impairing his ability to be admitted to college or get a good job."

Future Tense is a partnership of SlateNew America, and Arizona State University.



The World’s Politest Protesters

The Occupy Central demonstrators are courteous. That’s actually what makes them so dangerous.

The Religious Right Is Not Happy With Republicans  

The XX Factor
Oct. 1 2014 4:58 PM The Religious Right Is Not Happy With Republicans  

The Feds Have Declared War on Encryption—and the New Privacy Measures From Apple and Google

You Might Not Be Crazy if You Think You Can Hear the Earth Humming

These “Dark” Lego Masterpieces Are Delightful and Evocative


Operation Backbone

How White Boy Rick, a legendary Detroit cocaine dealer, helped the FBI uncover brazen police corruption.


Talking White

Black people’s disdain for “proper English” and academic achievement is a myth.

Activists Are Trying to Save an Iranian Woman Sentenced to Death for Killing Her Alleged Rapist

Piper Kerman on Why She Dressed Like a Hitchcock Heroine for Her Prison Sentencing

  News & Politics
Oct. 1 2014 7:26 PM Talking White Black people’s disdain for “proper English” and academic achievement is a myth.
Oct. 1 2014 2:16 PM Wall Street Tackles Chat Services, Shies Away From Diversity Issues 
Oct. 1 2014 6:02 PM Facebook Relaxes Its “Real Name” Policy; Drag Queens Celebrate
  Double X
The XX Factor
Oct. 1 2014 5:11 PM Celebrity Feminist Identification Has Reached Peak Meaninglessness
  Slate Plus
Behind the Scenes
Oct. 1 2014 3:24 PM Revelry (and Business) at Mohonk Photos and highlights from Slate’s annual retreat.
Brow Beat
Oct. 1 2014 9:39 PM Tom Cruise Dies Over and Over Again in This Edge of Tomorrow Supercut
Future Tense
Oct. 1 2014 6:59 PM EU’s Next Digital Commissioner Thinks Keeping Nude Celeb Photos in the Cloud Is “Stupid”
  Health & Science
Oct. 1 2014 4:03 PM Does the Earth Really Have a “Hum”? Yes, but probably not the one you’re thinking.
Sports Nut
Oct. 1 2014 5:19 PM Bunt-a-Palooza! How bad was the Kansas City Royals’ bunt-all-the-time strategy in the American League wild-card game?