Dear Representatives:
We are Karen Champagne & Angela Alef of The People, LLC; and, in 2014, we wrote the Student Data Privacy Act that passed unanimously through all committees and both chambers before being signed by the governor. It is the strongest student data privacy law in the nation.
Yesterday, one of your constituents passed on to us what we are told is a pdf that was circulated to you by Rep. Landry regarding HB 568, the bill you will be asked to vote on this morning.
We ask that, prior to your vote, you also consider the information we provide:
Rep. Landry: “NON-identifiable information only (all identifiable information removed)”:
The People: “NON-identifiable information” is “data that do not identify an individual in isolation but may reveal individual identities if combined with additional data points.”
According to one of the most cited studies on this point which was funded by the U.S. Bureau of Census in 2000:
“Here are some surprising results using only three fields of information, even though typical data releases contain many more fields. It was found that 87% (216 million of 248 million) of the population in the United States had reported characteristics that likely made them unique based only on {5-digit ZIP, gender, date of birth}. About half of the U.S. population (132 million of 248 million or 53%) are likely to be uniquely identified by only {place, gender, date of birth}, where place is basically the city, town, or municipality in which the person resides. And even at the county level, {county, gender, date of birth} are likely to uniquely identify 18% of the U.S. population. In general, few characteristics are needed to uniquely identify a person.”
Because of this and in writing the law, we purposely included the following section as part of the definition of Personally Identifiable Information to ensure that three data points belonging to any child would not be shared.
Current LA law:
“B.(1) For purposes of this Section, "personally identifiable information" is defined as information about an individual that can be used on its own or with other information to identify, contact, or locate a single individual, including but not limited to the following:
(c) Two or more pieces of information that separately or when linked together can be used to reasonably ascertain the identity of the person.”
We should now look at the student-level data that LDOE has already agreed to share with CREDO via a current agreement that runs through 2018 and in contravention of ACT 837:
We are Karen Champagne & Angela Alef of The People, LLC; and, in 2014, we wrote the Student Data Privacy Act that passed unanimously through all committees and both chambers before being signed by the governor. It is the strongest student data privacy law in the nation.
Yesterday, one of your constituents passed on to us what we are told is a pdf that was circulated to you by Rep. Landry regarding HB 568, the bill you will be asked to vote on this morning.
We ask that, prior to your vote, you also consider the information we provide:
Rep. Landry: “NON-identifiable information only (all identifiable information removed)”:
The People: “NON-identifiable information” is “data that do not identify an individual in isolation but may reveal individual identities if combined with additional data points.”
According to one of the most cited studies on this point which was funded by the U.S. Bureau of Census in 2000:
“Here are some surprising results using only three fields of information, even though typical data releases contain many more fields. It was found that 87% (216 million of 248 million) of the population in the United States had reported characteristics that likely made them unique based only on {5-digit ZIP, gender, date of birth}. About half of the U.S. population (132 million of 248 million or 53%) are likely to be uniquely identified by only {place, gender, date of birth}, where place is basically the city, town, or municipality in which the person resides. And even at the county level, {county, gender, date of birth} are likely to uniquely identify 18% of the U.S. population. In general, few characteristics are needed to uniquely identify a person.”
Because of this and in writing the law, we purposely included the following section as part of the definition of Personally Identifiable Information to ensure that three data points belonging to any child would not be shared.
Current LA law:
“B.(1) For purposes of this Section, "personally identifiable information" is defined as information about an individual that can be used on its own or with other information to identify, contact, or locate a single individual, including but not limited to the following:
(c) Two or more pieces of information that separately or when linked together can be used to reasonably ascertain the identity of the person.”
We should now look at the student-level data that LDOE has already agreed to share with CREDO via a current agreement that runs through 2018 and in contravention of ACT 837:
This data alone could result in students being re-identified; however, combined with the school-level data that Credo also may receive by virtue of the same agreement, there is no doubt that re-identification is possible.
There is also an agreement for the sharing of the following Personally Identifiable Data with Pearson through 2020. Given that CREDO is partnered with Pearson, we are sad, indeed, for the status of children’s right to privacy in Louisiana:
There is also an agreement for the sharing of the following Personally Identifiable Data with Pearson through 2020. Given that CREDO is partnered with Pearson, we are sad, indeed, for the status of children’s right to privacy in Louisiana:
Please note: these data sharing agreements mention only FERPA restrictions. There is not one mention of our state law which is much more protective of children’s right to privacy.
Rep. Landry: “Under current law in-state postsecondary education institutions are allowed to receive this information.”
The People: You may remember that the law was written in response to the careless behavior of the LDOE in their dealings with InBloom, a private data warehouse and in the releasing of student social security numbers as part of the Course Choice Program.
The intent of the law was to never allow this. If a loophole has been found that allows it, a bill to prevent this from happening is what should be passed.
Rep. Landry: “For academic research only”
“All safeguards remain:
The People: Once the data leaves LDOE, how can any of us know in what ways the data is being used, shared, or sold? No one has access to the records of private companies. The fact remains: as stated in LA law, our right to privacy is fundamental. There is no “only” when it comes to the violation of that right.
Rep. Landry: “Does not…require the use of any academic research in state policy”
The People: In her committee testimony on the bill, Rep. Landry expressed the importance of ensuring CREDO access to our children’s information so that they can provide “academic research that can help us inform our decisions as we move forward in important education policy.”
Regarding the value of research based on de-identified data in shaping state policy, Harvard experts have explained: “More recent research has shown a different, and perhaps more troubling, aspect of de-identification. These studies have shown that the conclusions one can draw from a de-identified data set are significantly different from those that would be drawn when the original data set is used.1 Indeed, it appears that the process of de-identification makes it difficult or impossible to use a de-identified (and therefore easily sharable) version of a data set either to verify conclusions drawn from the original data set or to do new science that will be meaningful. This would seem to put big-data social science in the uncomfortable position of having either to reject notions of privacy or to accept that data cannot be easily shared, neither of which are tenable positions."
In closing and from the same Harvard experts:
“Violations of privacy, like re-identification, generally work by linking data from a de-identified data set with outside data sources. It is often surprising how little information is needed to re-identify a subject.”
Thank you for your time in consideration of our comments.
Angela Alef & Karen Champagne,
The People, LLC
Rep. Landry: “Under current law in-state postsecondary education institutions are allowed to receive this information.”
The People: You may remember that the law was written in response to the careless behavior of the LDOE in their dealings with InBloom, a private data warehouse and in the releasing of student social security numbers as part of the Course Choice Program.
The intent of the law was to never allow this. If a loophole has been found that allows it, a bill to prevent this from happening is what should be passed.
Rep. Landry: “For academic research only”
“All safeguards remain:
- Section E prohibits converting or combining information such that any student can be identified
- Section J prohibits any person with access to the student information from selling, sharing, or using it for any commercial purpose
- Section G provides that violators would be punished by 6 months in jail or a fine of $10,000”
The People: Once the data leaves LDOE, how can any of us know in what ways the data is being used, shared, or sold? No one has access to the records of private companies. The fact remains: as stated in LA law, our right to privacy is fundamental. There is no “only” when it comes to the violation of that right.
Rep. Landry: “Does not…require the use of any academic research in state policy”
The People: In her committee testimony on the bill, Rep. Landry expressed the importance of ensuring CREDO access to our children’s information so that they can provide “academic research that can help us inform our decisions as we move forward in important education policy.”
Regarding the value of research based on de-identified data in shaping state policy, Harvard experts have explained: “More recent research has shown a different, and perhaps more troubling, aspect of de-identification. These studies have shown that the conclusions one can draw from a de-identified data set are significantly different from those that would be drawn when the original data set is used.1 Indeed, it appears that the process of de-identification makes it difficult or impossible to use a de-identified (and therefore easily sharable) version of a data set either to verify conclusions drawn from the original data set or to do new science that will be meaningful. This would seem to put big-data social science in the uncomfortable position of having either to reject notions of privacy or to accept that data cannot be easily shared, neither of which are tenable positions."
In closing and from the same Harvard experts:
“Violations of privacy, like re-identification, generally work by linking data from a de-identified data set with outside data sources. It is often surprising how little information is needed to re-identify a subject.”
Thank you for your time in consideration of our comments.
Angela Alef & Karen Champagne,
The People, LLC