Protect North Carolina Students' Privacy

Update: As of 8/01/13 North Carolina has become the 5th state to pull out of inBloom.

The North Carolina Department of Education plans to help corporations profit from schoolchildren’s most sensitive and confidential information without even obtaining parental permission. North Carolina is one of five states committed to planning to share personal student data with inBloom, Inc. a corporation funded by the Gates Foundation. This information—including your child’s name, home address, email address, test scores, racial identity, economic and special education status, and detailed disciplinary and health records—will be stored on a “data cloud” and shared with for-profit companies, without any guarantee that the information will be safeguarded.

The good news is that data sharing is not scheduled to begin until next fall, so there is still time to stop this ill-conceived project. Already four out of the nine states that originally planned to share data with inBloom have pulled out because of privacy concerns and extensive parent protests. And parents in Guilford County—the first district in North Carolina scheduled to share data with inBloom—have already voiced concern, urging their local school board not to proceed or at least require parental consent.

That’s why the North Carolina State Board of Education and Superintendent Atkinson need to hear from you!

What you can do to protect your child:

Click here to send a letter to the North Carolina State Board of Education and Superintendent Atkinson. And spread the word to friends and family. A downloadable flyer is available here. Please print some and take them with you to your child’s school or extracurricular activities. Share this information with other parents. They’ll be grateful you did.

If you would like to do more to stop this dangerous proposal, please get in touch. We will help you strategize about how to organize opposition in your community.

FAQ:

What type of data will be collected, stored, and shared with private companies? inBloom is configured to collect extremely sensitive, personally identifiable student data, including student names, grades, test scores, detailed disciplinary, health and attendance records, race and ethnicity, and economic and disability status. Data fields even include whether a student is pregnant, attends a religiously affiliated school, has refugee status, has been removed from his or her home by Child Protective Services, or been involved with law enforcement for an out-of-school incident.

It is difficult to understand how students would benefit from having such sensitive personal information about them shared with for-profit corporations, but it is clear that such disclosures could harm students. Sensitive information about school employees, including teacher health records and reasons for employment termination, will also be shared with inBloom.

Where is the data being stored? Is it safe? The data is being stored on a “data cloud” owned and operated by Amazon.com. In a recent survey, 86% of technology professionals said they did not trust clouds to hold their “more sensitive” data. Indeed, inBloom Inc.’s own privacy policy acknowledges that it “cannot guarantee the security of the information stored … or that the information will not be intercepted when it is being transmitted.”

With which private companies will inBloom share student data? It has been reported that technology companies eagerly anticipate “huge” profits from access to this data. As of May 2013, the inBloom website lists 22 “providers,” including huge corporations like Amazon and Dell. To date, no inBloom or North Carolina representative has identified what protections are in place to ensure that students’ information will not be shared within these enormous companies, many of which have multiple divisions other than those for whom the information is intended.

Who is paying for inBloom? The Gates Foundation has provided $100 million for the project’s initial development. Beginning in 2015, however, school districts will have to pay between $2 and $5 per student per year to have their students’ data stored on inBloom. Should data leakages, information abuse, or hacking occur, school districts could be liable for compromising their students’ confidential data.

Is this legal? inBloom officials claim that the sharing of data with inBloom and private companies is legal under the Family Educational Rights and Privacy Act (FERPA). But critics charge that the U.S. Department of Education’s 2011 changes to FERPA—which now allows school districts to share sensitive student data with private contractors—violate the original intent of the law. Recently, the Electronic Privacy Information Center filed suit against the U.S. DOE for these changes to FERPA. In addition, there are concerns that sharing of personal information violates the Children’s Online Privacy Protection Rule, which was recently updated by the Federal Trade Commission. The Children’s Online Privacy Protection Act restricts the capture and use of a child’s personally identifiable information in recognition of the huge risks to safety and privacy that occur when commercial entities obtain access to it.

Do schools need parental permission before sharing children’s information with inBloom? Can parents opt out on behalf of their children? No and no. Neither the state nor the district is giving parents the right to opt out or consent before their child’s data is shared with inBloom and other third parties. To protect your child and your community from improper data sharing with private corporations, contact Superintendent Atkinson and the North Carolina State Board of Education to voice your opposition to the wholesale sharing of student data with inBloom.

Issue: