By Lynda Clancy | Oct 04, 2010
AUGUSTA — The effort to build a data system that includes Social Security numbers of public school students was derailed after a technology director in Gardiner's school district was able to view Social Security numbers of school staff elsewhere in the state.
Maine's Department of Education responded by dumping all Social Security numbers of public high school students collected to date, and announced Tuesday evening, Sept. 28, that it would delay collecting any more until an independent security review of the software is completed and a report is issued.
That could take several weeks, the DOE said.
The state education agency is now providing school districts a software script that allows them to upload student enrollment data without Social Security numbers.
"A software switch was turned on when it should have been off, or off when it should have been on," said David Connerty-Marin, spokesman for the Maine DOE, on Sept. 28.
The collection of Social Security numbers and other private data has met with resistance across the state from school boards, administrators, parents and the Maine Civil Liberties Union, who question the wisdom of posting information about students in a system where data could be stolen.
On Sept. 28, the DOE recognized that concern and said in a press release the delay in Social Security number collection and review of the entire Infinite Campus information system are steps taken "as privacy advocates have expressed concerns about the security of the information and because the department learned in the past few days of an error within a secondary data system not connected to the collection of student information."
The error was fixed immediately, the DOE said.
The data system is part of the education agency's decade-long project to build an information management system that links the DOE with schools around the state. Functions of the online data system include the Longitudinal Data System and the Infinite Campus system, all of which result in producing more aggregate data for federal and state reports.
Goals include assessing the effectiveness of state educational programs with the data and producing reports that comply with the No Child Left Behind Act, as well as other state and national expectations. Producing the data also keeps the state in compliance with the federal government, ensuring the flow of educational funding to Maine. Likewise, the compliance of local school districts with the state's requests for data keeps the money flowing to Maine schools.
Last year, the Legislature passed an "Act To Improve the Ability of the Department of Education To Conduct Longitudinal Data Studies" to help measure the success of students in state educational programs. The act included language allowing the DOE's commissioner to collect Social Security numbers only if federal money was flowing to expand the statewide longitudinal system. The law also required written consent from parents before entering the Social Security numbers into the system.
According to Connerty-Marin, the staff module of the Infinite Campus information system is separate from the student module, still in development, and will not be ready for full use until next fall.
"Only a handful of schools in the state have access to the staff module," he said, adding that after seeing the numbers, the Gardiner district "immediately brought it to our attention."
The student module is well established and has been in use for a couple of years, he said. "We're comfortable with the security of the student system," he said.
The independent review of the system is expected to take several weeks. Connerty-Marin said the contractor has not been hired and there a price tag has yet to be affixed to the review.
The DOE said it was immediately turning off the synchronization function in the Infinite Campus District Edition so no locally entered data can be shared with or viewed by the state or any other user.
"In addition, we will also delete any student Social Security numbers that have been entered or uploaded into the state system as a result of synchronization so far this year," the DOE said.
"We deeply appreciate that this technology director immediately recognized the issue and called the department to inform us of the error and it was resolved immediately," said DOE Commissioner Angela Faherty, in a prepared statement. "The department takes the security of private information seriously, and supports school boards, parents and school officials in their caution with respect to the collection of data."
Connerty-Marin said Sept. 28 that schools should continue to collect Social Security numbers and enter them into their individual data systems. The DOE's system is now set so that it will not accept any numbers until the security review is complete.
"After that time, the districts will be in control of when they decide to upload them," he said.
Districts across the state have been skeptical of the DOE's demands forf student Social Security numbers since last year. Earlier this month, School Administrative District 40 voted to encourage parents not to submit their children's Social Security numbers.
The collection of private data has been a bone of contention between districts and the DOE since 2007 when the state required schools to submit names of suspended students for its developing data system. The MCLU got involved and when the state began requesting submission of Social Security numbers, resistance got louder.
The DOE reasoned that collecting Social Security numbers would provide the state and school districts greater ability to track where students went to college and what work they entered following high school graduation.
In April 2009, the Five Town Community School District School Board, along with school boards from around the state, students from Hampden, educational administrators and the MCLU delivered hours of testimony before the Legislature's Joint Standing Committee on Education and Cultural Affairs concerning the collection of private data.
"Technology has now provided government agencies with unprecedented power to peer into our private lives, to collect information on our finances, employment, health and education," said Shenna Bellows, director of the MCLU, 18 months ago. "The [Maine] Department of Education's longitudinal data system is yet one example in a long list of new government database systems."
The DOE insisted then the system needed disclosure of personally identifiable information in case the U.S. Department of Education found reason to audit Maine's DOE. The DOE's migrant program was audited in 2003, and ran the risk of losing some federal funding.
In April 2009, the education committee did not overturn the DOE's requirement that schools submit names of suspended students, and the longitudinal data system continued in its development. The "Act To Improve the Ability of the Department of Education To Conduct Longitudinal Data Studies" enacted last fall allowed the project to continue, but set parameters on the collection of Social Security numbers.
Last fall and this fall, school districts, including SADs 40 and 28, and the Five Town CSD, informed parents by letter that if they wanted to submit their children's Social Security numbers they could do so by opting in.
For more information, visit maine.gov/education.
No comments:
Post a Comment
Comments?