Update in the California student data release case
This week a judge ordered that the approximately 10 million records of California students held by the California Department of Education will not be turned entirely over to a group of community nonprofits in the Morgan Hill case. Instead, the judge ordered that several smaller databases may be turned over to the nonprofits, but that the largest and most significant database, CALPADS, will not. The nonprofits and their representatives will instead need to access the CALPADS database in situ within the California Department of Education secure environment, and will need to run queries against the database only.
The decision to run queries against the database versus releasing the CALPADS database with its rich data sets about millions of students is a significant improvement over the judge’s initial order. While the initial order provided for a special set of release protocols, the breach risk presented by the CALPADS dataset is just too great. The CALPADS database contains an extraordinary dataset, everything from medical information to disciplinary information to economic status to ethnicity and immigration status to detailed addressing and other demographic information. In the ruling, the judge also noted the deep flaws with the aged Family Educational Rights and Privacy Act that allowed for unconsented data release via court orders and in this case created a backlash from parents, the media, and privacy experts.
The judge mentioned the copious public response to the court from concerned parents, citing an abundance of petitions for the court to remove their children’s records from the data release. Those petitions, said the judge, will not be filed, but will be securely stored.
WPF is still analyzing the ruling, as well as the contents of the databases that will be turned over in full.
Related Documents:
The February 29 ruling is here: Morgan Hill order after FERPA status conference
For more background about this data release issue, see our original blog post.