Kansas Makes Promise on Security of Digital Student Data

Public backlash recently arose over plans by education commissioners in a number of states to share student data with inBloom, a company funded by the Gates Foundation. Critics immediately raised privacy concerns and demanded assurances that the shared information was securely stored and wasn’t going to be used to marketing purposes. Now Diane DeBacker, the Kansas State Commissioner of Education, has had to reassure the state’s families that digitally stored data wasn’t going to cause any harm.

The Topeka Capital-Journal reports that as part of the decision to turn over the data, the Kansas State Department of Education specified that only persons designated directly by the DoE would have access to the information. Those who are able to view and analyze the information will have a treasure trove at their fingertips. A recent investigation by The Washington Post and Reuters found that in addition to students’ biographical information, the data contains disciplinary records, disability classifications, social security numbers and other sensitive details.

Separately, Kansas critics of the Common Core have expressed concern that student data could be shared with outside organizations in a scenario like this.

State Education Commissioner Diane DeBacker said Monday Kansas doesn’t use inBloom’s service and only uses one vendor to store individual student data — the Center for Educational Testing and Evaluation at The University of Kansas. The education department doesn’t pass any individually identifiable student data to the federal government, companies, nonprofits or individual people, she said.

While inBloom stores and collects tons of data, DeBacker was quick to reassure that Kansas is not using inBloom for its data, contracting instead with a local company that collects and stores data related to the annual standardized tests given to students enrolled in the state’s schools. The information collected in the database is limited only to students’ names, test answers and final results.

According to Kingston, only a few employees at KU — about two or three — have regular access to the database, and must first undergo ethics training and sign confidentiality agreements. Though the data are stored at Cosentry, staff there don’t have access, he said. The reason for storing the data in Kansas City, he said, is that the Cosentry center has emergency power sources, routers, servers and other equipment to keep the data secure and accessible in case of an outage or other failure. Kingston said his center’s data security had been internally audited at KU but not externally audited, and that there was no evidence that there have ever been breaches of the system.