Protecting Privacy in a Postsecondary Student Data System
May 16, 2017
I just joined the Open Technology Institute a few weeks ago as Education Data and Privacy Fellow, and not a moment too soon, it seems. On Monday, the Senate introduced the College Transparency Act of 2017. This bi-partisan bill would allow for the creation of a postsecondary student data system at the National Center for Education Statistics (NCES) linking relevant student data across federal agencies, something prohibited since the 2008 Higher Education Opportunity Act. Privacy concerns over both potential misuses of this data and the harms from a possible breach will become a main focus of the bill’s debate.
This integrated system would come with large benefits, making it possible to answer pressing questions about postsecondary costs and student outcomes at a time of great concern about debt, income inequality, and the worth of higher education. Existing systems provide only partial, incomplete answers, due to various gaps. For example, the Department of Education’s Integrated Postsecondary Education Data System (IPEDS) includes only first-time, full-time Title IV students, and thus does not provide an accurate picture of current higher education enrollment, which has changed significantly in recent years. However, while keeping the value of a new system in mind, privacy and security need to be should be primary considerations in its creation.
The bill details some ways the system would balance privacy protection of the data with goals of greater transparency in higher education. For instance, it stipulates certain necessary data elements for inclusion, with additional elements to be determined in consultation with stakeholders, including “individuals with expertise in data privacy and security”. As a privacy protection measure, it is vital that the data be strictly limited to only what is needed for well-defined reporting requirements on student outcomes. If data was never collected in the first place, it can’t be misused later. Wisely, the bill already proscribes certain categories of data from being included, such as health data and disciplinary records. The bill also limits the use of the data, particularly for law enforcement purposes, further protecting the whole system from abuse. Keeping the data tightly in scope will allay concerns that comprehensive, problematic files are being assembled on students.
The system’s links between several agencies (such as the Treasury Department, to calculate earnings data for particular programs of study across different institutions of higher education) will be a subject of concern, and these also should be carefully limited to only what is absolutely necessary. Beyond ensuring that “the linkages are not always connected, but occur at appropriate intervals” as specified in the bill, these connections and data feeds will need to be monitored closely to ensure that they have not been compromised.
The bill also discloses that the system will provide access protections, audit capabilities, and meet all other security requirements of the most recent NIST guidelines. However, with the Office of Personnel Management breach still a fresh memory, a project creating a new federal database of this size will need to demonstrate that it is more than simply complying with regulations. Just as the bill suggests that “modern, relevant technology” be used to enhance and update the capabilities of the system, the same advice should be followed for privacy and security. Promising new encryption technology could allow for computations to be performed on the data while it remains encrypted, providing robust, additional protection if the system should be compromised. This new technology, along with other bleeding-edge privacy and security advances, should be on the table when the details of the system are discussed. The benefits of a data system capable of providing students and researchers answers about the worth of higher education would of very high value, but it must be created with a forward-looking stance towards protecting privacy to the highest degree possible.