FunnyMonkey


Bill Fitzgerald

Bill Fitzgerald

Portland Public Schools and Privacy Practices of the School Climate Survey

4 min read

UPDATE, February 5, 1015. The privacy policy for this survey has been updated. Details available here. END UPDATE

On January 20th, Portland Public Schools released their School Climate survey. The goals of the survey are great - the district is making a focused effort to reach out to a broad range of parents with kids in Portland Public Schools. However, there are some issues with the survey and the associated privacy policies.

The problems start at the point of account creation. While the registration form states that personal info will not be tied to responses, there is no link to any privacy policy or terms of service.

Additionally, the survey site does not run behind https.

This screencast demonstrates the issues with login and https. Other issues are detailed after the screencast.

Moving on from the issues with login and taking the survey, we can only see the privacy policy when we go to http://oregonskitchentable.org/privacy-policy/

The policy gets off to a bad start when it states that the privacy policy can be changed, at any time, with no notice.

This policy may be updated from time to time without prior notice, so please check back periodically. If you continue to visit our Site and use the services made available to you after such changes have been made, you hereby provide your consent to the changes.

Continuing through the policy, we learn that "consultations are conducted in conjunction with DHM Research, a non-partisan public opinion research firm located in Portland, Oregon. They act as a third party consultant and aggregate all Personal Information to ensure that your responses will be kept confidential and anonymous."

From this, it's unclear who stores the data: the organization behind Oregon's Kitchen Table, or DHM Research. It appears that both Oregon's Kitchen Table and DHM Research can access responses, but unclear who can access lists of respondents.

Continuing on, the privacy policy states that data collected via surveys administered by Oregon's Kitchen Table can be combined with other data from just about any source.

Information obtained in connection with the Site may be intermingled with and used by the National Policy Consensus Center, its partners, or DHM Research in conjunction with information obtained through sources other than the Site, including both offline and online sources.

While I understand that Oregon's Kitchen Table helps facilitate policy research, the terms here are far too broad. They need to be narrowed to respect the privacy of people who are making the time to share information. Ideally, the privacy policies would be tailored to the needs and goals of the surveys.

The policy continues with a "Security" section, which includes this language:

Oregon’s Kitchen Table, The National Policy Consensus Center and our partners are committed to using our best efforts to maintaining the security of your Personal Information. To prevent unauthorized access, maintain data accuracy, and ensure the appropriate use of information, we have put into place physical, electronic, and managerial procedures to help safeguard and secure the information we collect, including an industry-standard firewall security system.

Given the absence of https on login, the claims made here fall pretty flat.

To be clear, there is nothing nefarious going on here. This clearly feels like a situation where policies were crafted to support research needs. However, in the pursuit of supporting the needs of researchers, respondents are left unnecessarily exposed. There are many changes that need to be put in place; the following list would be a decent start. Once the items on this list were in place, a full security audit that examined data collection, storage, data handling, research needs, and policies would be the next priority.

  • Specify what entity has responsibility for storing data collected in a survey;
  • Specify what entities can access survey responses, and what entities can access personal information;
  • Link to a privacy policy that is specific to the survey, and ensure that the privacy policies align with the goals of the survey;
  • For the PPS school climate survey - which appears to have a dual function of gathering information about school climate and supporting future parent outreach - specify that data collected will not be shared outside PPS without explicit opt-in;
  • Remove the language that specifies that privacy policies can be changed without notice, and update it to allow for end users to be notified of changes;
  • Add https to the user registration page.

If I'm missing anything here, or if I've gotten anything wrong, please let me know in the comments or on Twitter.

, ,

0 stars 6 comments

Bill - It was nice to meet you at the town hall, and we appreciate your concern about the privacy of information via PPS' Successful Schools Survey Partner, Oregon's Kitchen Table & the National Policy Consensus Center. We have worked with OKT to make some changes based on your suggestions.

A few details:

-OKT has responded to your concerns about http and purchased an additional SSL security certificate that is now functional and visible on the website. You will now see the security tag during login and account creation.

-The privacy statement has been changed to say that the policy can only be changed “with” notice in response to your request.

-The data belongs to Oregon's Kitchen Table (NPCC/PCI) not DHM Research. OKT does share the data with DHM in order for them to help them analyze the results, which is part of the service PPS has contracted with OKC to provide. But the data belongs to OKT. The data will not be shared with any other entity, including PPS! This is clarified in our intergovernmental agreement with OKC.

-OKC will not sell the data for any purpose nor do they trade it, etc. OKT will, however, contact OKT members for future civic engagement opportunities in their zip code, including PPS surveys. This is one of the important reasons for our partnership with OKC and the National Policy Consensus Center – to enhance PPS’ ability to survey the community on important issues on an ongoing basis. Account holders will be able to choose to participate or not and/or opt out entirely if they would like.

Thanks again for raising these issues. We truly appreciate it. We have over 2,000 responses in less than a week, and we hope to keep up the great momentum with parents and families participating in the Successful School Survey.

Best,

-Jon Isaacs-
.

Jon Isaacs, Chief of Communications & Public Affairs, PPS, Jan 27 2015 on funnymonkey.com

Hello, Jon,

Thanks for reaching out. I appreciate it. Some thoughts and comments inline, below:

-OKT has responded to your concerns about http and purchased an additional SSL security certificate that is now functional and visible on the website. You will now see the security tag during login and account creation.

Yes, I saw that yesterday. Good to see that OKT put the ssl cert in place.

-The privacy statement has been changed to say that the policy can only be changed “with” notice in response to your request.

This is a small step in the right direction, but is still far from adequate. The change here appears to be a one word change - switching "without" to "with" - but it still leaves out some key details. For example, if the terms change, why not run a banner over the top of the site letting people know of the changes? Why not contact people via email and let them know? Why not include a date that indicates when the policy was updated? Why not create blog posts that both announce and summarize the changes?

These are all a pretty low bar, and have been standard practice for a while.

-The data belongs to Oregon's Kitchen Table (NPCC/PCI) not DHM Research. OKT does share the data with DHM in order for them to help them analyze the results, which is part of the service PPS has contracted with OKC to provide. But the data belongs to OKT. The data will not be shared with any other entity, including PPS! This is clarified in our intergovernmental agreement with OKC.

So, for this PPS survey, PPS doesn't own the data that results from this PPS survey? And, more importantly, PPS can't specify how this data gets used over time? For the goals of this survey, that feels very unnecessary. Why didn't PPS advocate for both ownership of the data and for any limits on how it gets redistributed and used?

At this point, it sounds like PPS is saying, "Come take this survey. We're going to give the results to these people, who will then control your information from here on in."

The thing is, I trust PPS. I have a relationship with PPS. PPS has an incredible amount of data on the students and parents within PPS. Why should this survey data be any different?

-OKC will not sell the data for any purpose nor do they trade it, etc. OKT will, however, contact OKT members for future civic engagement opportunities in their zip code, including PPS surveys. This is one of the important reasons for our partnership with OKC and the National Policy Consensus Center – to enhance PPS’ ability to survey the community on important issues on an ongoing basis. Account holders will be able to choose to participate or not and/or opt out entirely if they would like.

What you say here doesn't fully line up with what is currently defined in the privacy policy in OKT, which states: "Information obtained in connection with the Site may be intermingled with and used by the National Policy Consensus Center, its partners, or DHM Research in conjunction with information obtained through sources other than the Site, including both offline and online sources." This line clearly gives the right for OKT to do a couple things:

Give the data to selected partners - in this case, DHM and the National Policy Consensus Center. Neither of these partners have privacy policies, and none of these players - DHM, OKT, or NPCC - have any language that describes what would happen to the dataset collected by PPS should any of these entities get dissolved, or merged with another org.

Combine that data with other sources, both offline and online - data combination (or, taking information collected within one specific context and using it outside that context) allows for complex predictions or generalizations to be made about individuals or groups. For a relatively benign example of generalizations that can be made via data combination, see this zip code profiler. For less benign examples of how data can be used to profile and discriminate, see how big data was used to discriminate in the banking sector.

I appreciate that you state very clearly that OKT will not sell any data they collect - including what parents share during this survey. However, that intent is not stated in their terms. They need to make this clear. If they won't add this in to their general terms, PPS should require that this stipulation be added to their dataset.

Additionally, OKT is very opaque about what partners do what things. They should document the roles of any partners, including DHM, NPCC, and NGPVAN, EveryAction, etc. Remind has a good example of how to do this.

Also, semi-related: the initial launch had a link to NGPVan in the footer of the survey site. That is now removed. Why?

Additionally, as I stated above, the site needs to clearly display links to the privacy policy and terms of service on the user registration page. Looking at the technology here, the site is built using Drupal, and the survey is built using the Webform module. From a technical place, adding in additional information and links is pretty simple, and could be accomplished in under 15 minutes.

Finally, based on this Oregonian piece, it sounds like the survey will be administered to both 5th and 7th graders. Many of these students will be under 13. While I am not a COPPA expert, this feels close to the line of what COPPA allows. As you state earlier, OKT owns and controls the dataset, which effectively means that PPS - in administering the survey to kids - is requiring these kids to hand over their personal info to a third party without parental consent. And, to emphasize: I am NOT a COPPA expert, but this is where the vagueness of the OKT terms, paired with the complete lack of clarity around who can access and reuse data, requires review to make sure that PPS is not exposing itself to risk.

Finally, my intent here is not to tear down the survey, or to stop these efforts. I WANT TO SEE PPS SUCCEED HERE! Using a range of outreach efforts to connect with parents, and truly involve parents in the decision making process, is important - these things matter. Efforts like the school climate survey are important first steps in getting this done. However, because these efforts are important, I really want to see them done right. The current rollout is filled with avoidable issues.

bill, Jan 27 2015 on funnymonkey.com

As far as I can see, my main concern is met with the statement that if take the survey, my answers will not be connected to my name. I guess a fuller statement of how data will be deidentified couldn't hurt. It would be good to know if my "record" i.e. the whole set of my answers will be preserved in relation to one another. I assume so unless told otherwise.

Chris Lowe, Jan 27 2015 on funnymonkey.com

Bill - we are not going to be able to address everyone of your concerns, but we will continue to look at them and do our best. I feel confident stating that parents/guardians can take the Successful Schools Survey and feel assured that their information will be protected or shared with any other partner besides Oregon's Kitchen Table, which is a program of the PSU National Policy Consensus Center. They are one and the same.

I do want to clarify how the student survey is being administered. PPS is administering the student surveys on our own using our internal survey system managed by the PPS System Planning & Performance Department. OKT or any other external partner is not involved in either the student or staff surveys. All information collected for the staff and student surveys are protected under federal and state laws.

Again, I greatly appreciate your feedback and expertise. You have helped improve the survey.

Best,

-Jon-

Jon Isaacs, Jan 27 2015 on funnymonkey.com

No real argument that there isn't anything nefarious going on here. However, given that the exact same outcomes could be achieved with clear policies that addressed these issues, why not do it?

The way the current terms are written, any data collected via the OKT site can be combined and reused with other datasets, for reasons completely unrelated to PPS school climate. Civic engagement shouldn't require a wholesale handoff of personal information.

bill, Jan 27 2015 on funnymonkey.com

It's good to know that the student survey is a different and separate instrument that the parent survey. That information was not clear in either the parent open house (where the focus was on the boundary redraw, not the survey) or in the Oregonian writeup, which reads:

The anonymous survey will be open to all staff, parents and guardians and also will be administered to students in fifth, seventh and 10th grades.

But in any case, I'm glad to hear that the student versions of the survey are not using the OKT instrument, and that the responses to the student survey will not be uploaded outside of PPS hardware and data systems.

bill, Jan 27 2015 on funnymonkey.com