Controversy over New York Student Database

March 17, 2014

students-taking-testThe state of New York is attempting to develop a comprehensive database containing information associated with every student in its public school system.  A group of parents opposed the database on the basis of security concerns.  The New York Supreme Court recently approved development of the database.  This controversy highlights important information security and privacy issues now being faced by many different organizations.

The New York State Department of Education, working with the company inBloom, obtained a grant from the U.S. government to develop the database.  The project goal is to establish a comprehensive database containing personal and performance data associated with all of the students enrolled in the News York public school system.

The project is part of an effort to improve both the quality and efficiency of education.  The intent is to facilitate development of educational databases that can help to enhance student educational performance while also enabling more effective use of state educational funds.  The parties involved hope to make the New York database a useful model appropriate for other jurisdictions, as well.

A group of parents in New York expressed concern about the database.  One of their primary concerns was the security of the information to be stored in the database.  As the database would retain personal information regarding their children, they were concerned as to what parties would have access to the information and what uses of the information would be permissible.

The parents took the issue to court in New York.  After review of their concerns the New York court concluded that it was appropriate for the state to create the database.  In response to the concerns expressed by the parents, New York state legislators and the New York State Department of Education are collaborating on measures to manage the database content securely.

The case highlights two levels of information privacy concern relevant to all collections of personal information.  One set of concerns involves security of the information against unauthorized access to and use of the information.  The other set of concerns is associated with inappropriate authorization of access and use.

All agree that collections of personal information must be secured effectively against access by unauthorized users, such as criminals and others with malicious intent.  Data security also involves, however, effective management of access by authorized users, such as commercial companies and governments.

All databases that contain personal information must be secure against the threats posed by parties acting illegally.  The databases must also be secured against inappropriate authorization of specific users and specific uses.  In some ways, the challenge of protecting data against inappropriate authorized users and uses may be more difficult than protecting the material from illegal access.