Keep the Information Flowing
Small contributions go a long way. Your donation to Consumer Action, a 501 (c)(3) nonprofit, nonpartisan organization, can help us cover the cost of research, writing, and translation of our materials. To keep our services free for those who need them. Select an amount to give.
Published: January 2010
Data collection and tracking via student loans is open-ended and overbroad
Coalition: Privacy
Consumer Action signed onto a letter to the Senate that addresses privacy concerns about a recent student loan bill. The bill includes federal funding for state student tracking systems.
Below is an excerpt from the letter:
We write on behalf of the undersigned organizations to express our concerns about H.R. 3221 the “Student Aid and Fiscal Responsibility Act of 2009” (SAFRA) now being considered in the Senate Committee on Health, Education, Labor and Pensions. SAFRA proposes increases in federal funding for state student tracking systems that, once fully implemented, would contain an extraordinary amount of highly sensitive information about children, whom they would continue to track into adulthood over time.
The apparent rationale for the use of federal funds to promote such inter-operable “pre-birth to grave” state data systems is to provide the states and the federal government better information for future policy development. We do not challenge the right of the federal government or the states to collect the data they need to ensure program efficiency and accountability. We are gravely concerned, however, with the open-ended and overbroad scope of the proposed data collection, and are particularly alarmed at states’ failure to adhere to appropriate safeguards for privacy and accuracy.
- When information is transmitted to state data warehouses for evaluation, the states are not currently required to provide notice to families, nor are these warehouses always required to allow parents to review and correct their children’s records.
- The states are not obtaining consent from families for disclosure of information to virtually any state official, because access authorization rules are non-existent.
- The states are not always mandating that contractors working on these complex information technology projects sign a confidentiality agreement, nor are they putting in place restrictions on commercial uses of these data by their contractors.
Existing proposals seem to advocate for a something other than a limited approach, one that collects more information and links it together from birth to college and allows it to be used for any purpose. Such an approach treats American school children as lab rats. It assumes that all data collection is beneficial and ignores the privacy risks associated with current data protection practices.
Any data collection on students should only be undertaken with clear guidance setting strict limits and minimum due process standards. Specifically any database of personal information about students should have policies that govern:
- Notice. Students should know both the information collected about them and how they can opt out.
- Purpose and Use Limitations. There must be a specific purpose governing each piece of information collected and use of the data should be limited to that purpose.
- Retention Limitations. Data should only be held for a limited period of time and then destroyed.
- Access controls. Limit access to databases to just the individuals and agencies meeting the purpose and use limitations defined at the time of collection.
- Outsourcing. Any contracts governing databases outsourced to private companies should contain express language requiring privacy and penalties for non-compliance.
- Audit logs. States must be able to determine who has accessed records so they can police against misconduct.
These principles are the standards by which any fair data protection regime must be judged. The fact that wholesale collection of student information is happening without the protection of these principles puts the privacy of every school child at risk.
Lead Organization
American Civil Liberties Union
Other Organizations
American Association of Collegiate Registrars and Admissions Officers | American Civil Liberties Union | American Library Association | Association of Jesuit Colleges and Universities | Bill of Rights Defense Committee | Consumer Federation of America | Council for Opportunity in Education | Fairfax County Privacy Council | Home School Legal Defense Association | Liberty Coalition | Patient Privacy Rights | Privacy Journal | Privacy Rights Clearinghouse | Privacy Times Remar Sutton, Founder, www.privacyrightsnow.com | US Bill of Rights Foundation | World Privacy Forum
More Information
H.R. 3221 (Student Aid and Fiscal Responsibility Act of 2009)
Download PDF
No Download Available
Quick Menu
Support Consumer Action
Join Our Email List
Consumer Help Desk
- Help Desk
- Submit Your Complaints
- Presente su queja
- Frequently Asked Questions
- Links to Consumer Resources
- Consumer Service Guide (CSG)
- Alerts
- Consumer Booknotes