Sunday, March 30, 2014

NYC Public School Parents: What does the state budget bill do in regards inBloom and student privacy? Not much.

NYC Public School Parents: What does the state budget bill do in regards inBloom and student privacy? Not much.:



What does the state budget bill do in regards inBloom and student privacy? Not much.




The  budget bill, due to be voted on Monday, deals  with student privacy in an inept and confusing way; the privacy provisions read as though they were written by a 3rd year law student at 1 AM in the morning, who understands nothing about the issue.   We saw the language late last week, and provided lots of suggested improvements, none of which were taken.

Though it seems to ban inBloom, by preventing the state from sharing personal data with any “Shared Learning infrastructure service provider” or “SLISP” –that is, a company which is storing the information for the purpose of providing it to a data dashboard provider, inBloom is not described as such in the state’s service agreement.  The state’s plan to share data with inBloom could presumably survive as long as it purports to be a storage facility for as yet unstated purposes, or to provide data for other specified uses, such as personalized learning tools.  (The full language of the bill is here: just search “"SHARED LEARNING INFRASTRUCTURE SERVICE PROVIDER” to find the privacy section.) The best part is around the strong encryption standards, which are taken straight from the O'Donnell/Robach bill, and are the same as required by HIPAA in handling health care data.

On the other hand, as opposed to that bill, full indemnification for breaches is not required, and instead, the penalties are absurdly weak – for example, the maximum fine for failing to report breaches is $5000, which is pocket money for most vendors, including inBloom, built with $100 million of Gates money.

In addition, much of the language appears to be taken from the ALEC bill on privacy, including a privacy officer who would be appointed by