Wednesday, April 20, 2011

Update From Augusta

One of the things that is most gratifying as a legislator is being able to work with constituents to identify and solve problems. I was pleased when an Andover resident and member of the SAD 44 school committee came to me with a concern about a bill that was passed in the last legislature that directed school districts to use student social security numbers to track performance through school and beyond in the workplace, creating what is called a “longitudinal study.” The bill passed without much debate and I voted for the initiative.


The statute contains provisions that seek consent from parents, and ultimately students who have attained maturity while in the system, to collect and use the information. It also gives the authority to the Commissioner of Education to sanction school systems that do not comply by withholding the state subsidy payment -- a pretty large stick to discourage non-compliance by local districts.


It was only after the initiative moved forward to implementation at the local level that issues and concerns began to be raised. While the parental notification / opt in provision seemed to be an adequate protection, this notification coming usually at the beginning of the school year, and often included with other parental notifications and permissions -- often combined to achieve administrative efficiencies -- may blunt the thoughtful consideration of the issue by parents. I live in a household with four public school students -- and I understand the welter of paperwork that faces even the most conscientious parents, so careful consideration of the implications of such requests can be daunting.


In researching this initiative I had the opportunity to have some discussion with people familiar with research methodologies, longitudinal studies and privacy issues before I made the determination to introduce this measure. Those discussions helped me shape a bill and informed my support for this initiative. Here are some of the things I learned from those conversations.


First, the value of this data is questionable, especially if the data sets are not comprehensive. One experienced researcher told me that collection of such longitudinal data sets is valuable only if it is truly comprehensive. In other words, only if we have 100% or close to it participation, could conclusions from the analysis of this data be truly useful. When students / parents choose not to “opt-in” in significant numbers, and especially when entire districts refuse to comply, the data sets become increasingly less comprehensive and therefore less reliable.


When data sets like this are unreliable, other methods -- like random sampling of participants -- become a more reliable means to measure real outcomes for policy formation because you can control variations in the sampling. Working from partial and self-selected data sets such as those produced by an opt in system has limited value. The researcher indicated that the value of the data is better than an internet poll or a call-in poll / vote -- but not that much better without a careful, ongoing and expensive analysis of the underlying data. Random sampling may produce more reliable outcomes and have no greater cost than validating the collected data.


If the value of the underlying data is questionable, what are the potential downsides to collecting this information? It turns out there are many downsides. The most obvious is the potential for compromising people’s personal information -- especially social security numbers. Correlating a social security number with a name and address (which is likely in this data collection scheme) is the foundation for identity theft. This is the information that criminals seeks when they want to steal an identity as part of a larger criminal enterprise.


Collecting this data and building the database means that the state is liable in perpetuity to maintain the integrity and protect the data. I am sure we will receive assurances about the safety of this data -- but we have already seen too much about data systems that are likely more secure than this one will ever be that have been compromised. Is it really worth the risk? Are the rewards great enough to offset that potential downside? My answer is no, and that is why I have proposed this legislation.


There may be clarity about the intent for collecting this data today -- but what about 20 years from now? We don’t have any idea who will be able to access the information or for what reasons. I won’t spell out some of the more chilling implications of that train of thought -- but let’s remember that databases, once built, are enduring structures. If they aren’t built to endure, then they are even more likely to be compromised. If they are built to endure, than the data integrity must be maintained in perpetuity, or at least for the life of the participants. For that 6 year old who goes into the database today, we will need to insure the privacy and safety for at least 90 years or more. Is it worth the expense? Are we getting value for the investment?


In the end -- this is a simple cost benefit analysis. There is no doubt this information may have some value. The value may be limited based on the comprehensiveness of the information. In addition, there are other ways to gather comparable information that may not pose the same risks. It is our duty to protect our citizen’s right to privacy and the safety that comes with having personal information secure. Gathering this information is a big responsibility that will not go away and will become increasingly more difficult and expensive to maintain as people who seek this information for the wrong reasons become more sophisticated and determined. If that is the case, and I believe it is -- is this initiative worth it? Will our research outcomes be worth the investment and the potential risks?


I think not. That was the carefully considered conclusion of the leaders at SAD 44 -- and I agree with them.

No comments:

Post a Comment