Home Divisionsbreadcrumb separatorPublic Policy & Advocacy Servicesbreadcrumb separatorPrioritiesbreadcrumb separatorEducation Policybreadcrumb separatorPosition Statement: Data Minimization / Deletion

Position Statement: Data Minimization / Deletion

Limiting the collection of personal information to that which is relevant and necessary, and disposing of unnecessary personal information are both critical elements of good data stewardship.  This is particularly true for student data.  

However, these decisions vary from one situation to another for a variety of governance, regulatory, compliance, and personal reasons, making a one-size-fits-all approach to data minimization impractical.  Arbitrary minimization and destruction of student information through one-size mandatory regulations on schools and their service providers presents an enormous risk to realizing the benefits of data-driven innovation (DDI) in education. 

Mandatory minimization or destruction requirements hinder schools and state educational institutions because they are not sufficiently flexible to recognize the variance in situations and governance of certain student information. Individual student records are often needed on an ongoing basis for districts and states to meet legal accountability and data retention requirements. Students also need their information maintained for future transcript and degree verification requests from employers and postsecondary institutions. This need for maintenance of, and access to, individual student records is not new. Schools have done this for decades through reams of paper in basements and warehouses – an inefficient and insecure manner – which has recently been shifting to digital databases.

Additionally, there are many times in which students use third-party school services to create or maintain information not contained in an education record, such as essays, art, or other school related work, and want to maintain such information for use in college or graduate school applications, work portfolios, or simply for personal reasons many years after leaving an institution. The destruction of this personal “information” which may seem like innocuous information has serious negative effects on students.

The shift of record storage from basements to databases has ushered in the possibility of data-driven innovation in education where experts and researchers have previously been operating in a “data desert.” DDI has been a standard practice in other industries for decades. In medicine, DDI has led to major improvements in patient care. It has also helped to shed light on inequities in many industries and society such as discriminatory practices in law enforcement, finance, and government agencies. DDI in education has already led to many critical discoveries of inequities and causal effects in learning that are changing pedagogy, student outcomes, and policymaking. 

Contemporary approaches to DDI require the use of many different data points to identify connections between them that, while sometimes are straightforward and provide evidence for decision-making, are many times unique and lead to important shifts in institutional thinking, practices and drive positive student outcomes. The power in DDI comes from identifying these novel relationships in a wide range of seemingly unrelated data.  

Example: The Maine legislature directed a study to examine what factors in K-12 schools correlate with better student performance. An analysis of many data points collected over time found that while school size and per-pupil expenditures played a role, a larger factor was the predominant income level of the student body. Correlated to this, the study found that those schools with higher concentrations of low-income students had higher numbers of teachers with less experience than in schools with wealthier students. This study is now being used to inform policy decisions. (Source: Future of Privacy Forum)

In many cases, it is valuable to store data for extended periods of time beyond its initial use, typically as aggregate or de-identified data without personally identifiable information, in order to identify trends over time, both positive and negative, and use the information to improve practices and outcomes.

Districts often require student performance data for longitudinal studies, whether about the efficacy of a third party learning intervention, their own practice, or the interaction of both. Mandatory requirements that data be deleted—for instance upon an account expiration or at the end of the school year—would prevent these important connections. Many times schools allow a software license to lapse unintentionally, only to re-subscribe a few months later. Requirements for immediate data destruction would cause teachers and schools to start from scratch and prevent longitudinal benefits. 

Minimization or destruction mandates on student data established through legislation or regulation undermine effective determinations of which data is useful to retain and that which is not. The opportunity costs from not fully harnessing the full educational value of student data is enormous.

Example: After studying the academic performance of nearly 49,000 using student information over a period of 14 years, the University of Michigan’s Department of Physics was able to identify what actions correspond with student success. Using this information, they have developed an automated learning coach that provides students with personalized advice for prioritization of content and activities, alternative study methods, and additional resources based on a student’s interactions with online coursework and other resources. Students who use the system have outperformed comparable non-users and had a 99 percent completion rate. (Source: Future of Privacy Forum)

Examples of customized, DDI in education, such as this one, are revolutionizing the learning process and improving student outcomes. Importantly, these connections between data points are often made through the use of aggregated and de-identified student information collected over a long period of time. Destruction of such data would undermine the accuracy of such tools like early warning indicator systems, and they would continue to leave students without the critical interventions and resources necessary to succeed.

Mandatory data minimization or destruction requirements would harm the educational institutions and the students who it is trying to protect.  These requirements prohibit schools from developing data-driven educational tools to help guide students through their academic and professional careers.  They also prevent students from taking ownership of their personal data stream as they strive to be self-directed learners.  These are all very real unintended downstream effects of data minimization and destruction.

SIIA strongly supports good data stewardship.  We therefore promote data minimization practices at the institutional level – between schools and their service providers – as a critical element of the privacy-by-design processes—this approach is sufficiently flexible to apply on a case-by-case basis. However, we urge policymakers to oppose legislation or regulations that establish one-size–fits-all data minimization standards as a mandatory practice.