Analysis: Lesson from the state of Louisiana — if your student privacy laws are making kids go hungry, there’s a problem
Paige Kowalski | December 3, 2020
There’s no denying the importance of keeping students’ personal information private and protected. But what if a state’s data privacy laws are so restrictive that they’re literally taking food out of children’s mouths?
This is exactly what’s been happening in Louisiana, which until recently was the only state that had not automatically administered Pandemic Electronic Benefits Transfer funding, which provides help buying groceries to families whose children receive free or reduced-price meals at school. That’s because a student data privacy law passed in 2014, amid a rising tide of fear about data breaches and information misuse, prevents state agencies from connecting data across systems, leaving no way of connecting free and reduced-price lunch data to the systems used to distribute welfare benefits. Because agencies had no idea who was eligible, the state required an application process, meaning families had to learn about the application and take additional steps in order to receive these benefits. Ultimately, Louisiana’s restrictive privacy law kept needed assistance, like meals, from students during a global health emergency.
In late October, more than six months after the pandemic disrupted normal services, the Louisiana legislature passed a bill that would fix the problem, allowing schools to share limited student information with the state Department of Children and Family Services. The state agency will be able to disseminate food benefits to families in need, but it’s only a short-term fix: The law contains a clause that requires it to be repealed in June, leaving families back at square one should essential services again be interrupted for any reason. In a state that has been threatened with numerous hurricanes this season, no less.
It doesn’t have to be this way. It’s possible to build systems that both protect student privacy and enable services for kids and families. The key is governance. Maryland is one state that has done this well, enacting laws that establish a framework for decisionmaking about how to share and use data while keeping student information safe and protected. Maryland legislators were intentional about ensuring privacy and security best practices were a requirement for building that system and an ongoing responsibility for the state’s Governing Board.
Leaders in most states have been thoughtful about privacy, taking it out of a vacuum and being clear about why they are trying to use data in the first place and how it can benefit students. State leaders should consider the ways laws can safeguard student privacy and dignity while ensuring that these efforts enable leaders and educators to do what they need to do, without unintentionally limiting activities that might have unintended consequences — like being unable to automatically administer benefits to students during a crisis.
If a privacy law, like Louisiana’s, is so restrictive that it stops state leaders from being able to serve their people, it has failed. Besides including best practices of data governance, these laws must also spell out clear roles and responsibilities for all state agencies, as well as formal, transparent and policy-focused decisionmaking processes, so leaders can look at new issues from all sides and decide the best way to move forward in a way that safeguards student privacy.
In Georgia, state leaders worked to ensure that their law safeguards students’ information while protecting their privacy — for example, allowing teachers to access data about students’ progress toward meeting learning standards over time. In fact, the law describes how the K-12 state data system will continue to securely provide district leaders, principals, teachers and parents with access to the timely and useful data they need to successfully do their jobs. And because state leaders talked to Georgians while they were making the law, to understand what was already working, local educators still have access to all the information and tools in the state’s K-12 data system.
California is another state that is thinking carefully about how student data is governed and protected. A legislatively mandated working group is wrapping up a year-long, transparent process to ensure that its data system is designed from the ground up to incorporate good governance, strong privacy protections and tools to support students.
We don’t know when life will return to normal after the pandemic recedes, and we don’t know if schooling will ever fully go back to the way it was before, with the rise of online classes and other forms of learning. But we do know that we live in an unpredictable world, where crises like pandemics, hurricanes and wildfires threaten to disrupt lives and routines across the country. States and communities need the flexibility to use data to nimbly solve problems when people are hurting. Poorly designed privacy laws that put data under lock and key and forbid leaders from using it to help people are not serving anyone.
Paige Kowalski is executive vice president of the Data Quality Campaign, a national, nonprofit policy and advocacy organization.