Protecting Privacy in a Postsecondary Student Data System

I just joined the Open Technology Institute a few weeks ago
as Education Data and Privacy Fellow, and not a moment too soon, it seems. On
Monday, the Senate introduced the College Transparency Act of 2017.
This bi-partisan bill would allow for the creation of a postsecondary student
data system at the National Center for Education Statistics (NCES) linking
relevant student data across federal agencies, something prohibited since the
2008 Higher Education Opportunity Act.
Privacy concerns over both potential misuses of this data and the harms from a possible
breach will become a main focus of the bill’s debate. 

This integrated system would come with large benefits, making it possible to answer pressing questions
about postsecondary costs and student outcomes at a time of great concern about
debt, income inequality, and the worth of higher education.  Existing systems provide only partial,
incomplete answers, due to various gaps. For example, the Department of Education’s Integrated Postsecondary
Education Data System (IPEDS) includes only first-time, full-time Title IV
students, and thus does not provide an accurate picture of current higher
education enrollment, which has changed significantly in recent years. However, while keeping the value of a new
system in mind, privacy and security need to be should be primary
considerations in its creation.

The bill details some ways the system would balance privacy protection
of the data with goals of greater transparency in higher education. For instance, it stipulates certain necessary
data elements for inclusion, with additional elements to be determined in
consultation with stakeholders, including “individuals with expertise in data
privacy and security”. As a privacy
protection measure, it is vital that the data be strictly limited to only what
is needed for well-defined reporting requirements on student outcomes. If data was never collected in the first place,
it can’t be misused later. Wisely, the
bill already proscribes certain categories of data from being included, such as
health data and disciplinary records. The bill also limits the use of the data, particularly for law
enforcement purposes, further protecting the whole system from abuse. Keeping
the data tightly in scope will allay concerns that comprehensive, problematic files
are being assembled on students.

The system’s links between several agencies (such as the
Treasury Department, to calculate earnings data for particular programs of
study across different institutions of higher education) will be a subject of
concern, and these also should be carefully limited to only what is absolutely necessary. Beyond ensuring that “the linkages are not
always connected, but occur at appropriate intervals” as specified in the bill,
these connections and data feeds will need to be monitored closely to ensure
that they have not been compromised. 

The bill also discloses that the system will provide access
protections, audit capabilities, and meet all other security requirements of
the most recent NIST guidelines. However, with the Office of Personnel Management breach still a fresh
memory, a project creating a new federal database of this size will need to demonstrate
that it is more than simply complying with regulations. Just as the bill suggests that “modern,
relevant technology” be used to enhance and update the capabilities of the
system, the same advice should be followed for privacy and security. Promising
new encryption technology could allow for computations to be performed on the
data while it remains encrypted, providing robust, additional protection if the
system should be compromised. This new
technology, along with other bleeding-edge privacy and security advances,
should be on the table when the details of the system are discussed. The benefits of a data system capable of
providing students and researchers answers about the worth of higher education
would of very high value, but it must be created with a forward-looking stance
towards protecting privacy to the highest degree possible.