Since the release of a National Council for Education Statistics (NCES) feasibility report in 2005, there has been much debate about creating a nationwide, student-level data network for higher education, one that would integrate cross-agency federal data (e.g., student aid, workforce) with institutional data (e.g., enrollment, persistence). Almost immediately, the discussion fell into two camps:
- Supporters of this idea stressed how this network would enable a more in-depth and complete view into the state of higher education, improving our understanding of the efficacy, impact, and effectiveness of both institutions and federal programs like financial aid.
- Detractors of this idea voiced concerns about student data privacy and security, the possibility of federal “Big Brother” oversight of students, and potential misuse by federal agencies, for example, to punish students for not registering for the draft.
Given the potency of data privacy concerns, especially at a time of heightened distrust about big data and government, it was no surprise that the 2008 reauthorization of the Higher Education Act (HEA) prohibited the development of a federal-level student information database. Since then, however, there have been calls for greater transparency in higher education as evidenced by the College Scorecard, initiatives by the Gates Foundation and the Center for American Progress, and continued support for such a network. Perhaps as a result, Congress introduced two bipartisan Senate and House bills in May 2017—each called “The College Transparency Act”—that propose building a federal student-level data network.
Yet the question of student data privacy and security remains. Each bill provides safeguards to protect the release of personally identifiable information, limiting its use to authorized federal agencies and requiring the network to meet requirements for ensuring authorized access, data security, quality, validity, and reliability in accordance with federal standards. Likewise, some policy groups, such as the Institute of Higher Education Policy (IHEP), have provided frameworks to give the bills more teeth. By arguing for limits on the network’s design, these frameworks support restricting the timing and purpose of any collected data to only that required to meet the educational needs outlined in the bills. They also advocate for adherence to all applicable privacy and security regulations and best practice protocols.
What about sharing with vendors?
There is, however, an area that neither bill, nor any framework, seems to address: data sharing with third-party vendors. This is important, because although both bills limit the kinds of data an institution can request from the network, they do not place limits on who can use that data. For example, is it still okay for an institution to request that an analytics vendor be able use the network’s data to help unearth enrollment patterns or pinpoint problem areas for student success? In addition to considerations for data privacy, shouldn’t these bills also address perceptions around sharing sensitive data with third-parties?
For those who might dismiss this concern, we suggest that you consider the story of inBloom, a K12 educational initiative aimed at unlocking and integrating data from disparate silos at the state and district levels for reports and dashboards. Founded in 2011, launched in 2013, and primarily funded by the Gates Foundation, it offered the promise that stakeholders and applications could use this data to inform personalized instruction and other data-driven decision-making. By 2014, however, inBloom was on its way out, having lost its last client, the New York State Department of Education.
What went wrong?
A primary cause was its inability to address the ubiquitous concern that inBloom would share this data with third-party vendors who would then presumably use it for insidious purposes. Although different from the federal student-level data network—in that inBloom didn’t expressly prohibit the transfer of personally identifiable information to states or districts—inBloom’s downfall essentially began with the perception that any collected data was available to third-party vendors.
To avoid a repeat of the inBloom incident, we recommend that the current bills adopt more stringent guidelines around data sharing between institutions and third-party vendors. These guidelines should include, at a minimum, clear instructions on the reason for sharing the required data, a process for secure deletion by vendors, agreed-upon vendor retention periods, and approved use. These guidelines, whether added to the bills as they progress through their respective committees or to the network design itself, will further address worries around student data privacy and improve the chances of the success for any nationwide, student-level data network.