Petition Closed

A Full Independent Investigation Into Pearson's Privacy Violations

This petition had 1,268 supporters


With regard to New Jersey’s implementation of Common Core, and the NJ Department of Education’s directives to NJ school districts:

We, the undersigned, believe that Pearson (and its subsidiaries) are in violation of the NJ Administrative Code, FERPA, and COPPA by breaching privacy rights of parents and students. 

In order for districts to enroll the students for PARCC, they would need to provide all student info to NJSmart (which is a third party).  In order to transmit the student test for grading, a district would need to, according to the PARCC Manual, page 62, "upload PNP file to PearsonAccessNext".  Going to that page and selecting NJ, takes you to host nj.pearsonaccessnext.com (a third party) which has an IP address of 54.236.221.159.  A lookup of the owner of that IP address results in Amazon Web Services, Elastic Compute Cloud, EC2 1200 12th Avenue South.  This demonstrates that the student PNP data record is going to TWO additional third parties - Pearson who owns the system, and host Amazon cloud services.

The PNP file contains (according to a NJ school district administrator) the pre-ID label which includes: Student name, student ID, name of teacher, name of proctor, AND student test data, accessibility features, student accommodations (IEP or 504), etc.  

This is a clear violation of NJ Administrative Code Code as well as FERPA and COPPA (see below).

Additionally, we are highly disturbed by the letter released by Watchung Hills High School Superintendent Jewett regarding Pearson spying on students via social media monitoring.  (See picture below.)  This practice is confirmed by their use of Tracx – a story about which was listed on the company website the morning of 3/14/15, but has since been pulled as of the afternoon of 3/14/2015 – story was titled: Tracx Case Study: Pearson Streamlines Social Media Listening and Monitoring With Tracx.

We, the undersigned, do hereby demand that you cease and desist implementation and/or use of any and all Pearson testing, standards, and all other products and services, and direct all school districts under your jurisdiction to cease transmission of ANY student data by ANY school district until a full independent investigation can be made to determine if Pearson is in violation as outlined above regarding PARCC administration and use of student data, and remedy same.  We demand that the privacy rights of parents and students become your priority and that the State immediately halt use of Pearson products and services until such time as all privacy concerns have been addressed and all remedies have been published to the public.

We further demand that, when such time as privacy compliant state mandated testing resumes, the NJ State BOE inform, in writing, all parents of their right to refuse any/all testing and that the state DOE issue official statements regarding same.  

Your response can be directed to: CitizensInAction@comcast.net

________________________________________________________

FERPA        

Title 34 Education

http://www.ecfr.gov/cgi-bin/text-idx?c=ecfr&sid=11975031b82001bed902b3e73f33e604&rgn=div5&view=text&node=34:1.1.1.1.33&idno=34#sp34.1.99.d         

Subpart D—May an Educational Agency or Institution Disclose Personally Identifiable Information From Education Records?

§99.30   

Under what conditions is prior consent required to disclose information?

(a) The parent or eligible student shall provide a signed and dated written consent before an educational agency or institution discloses personally identifiable information from the student's education records, except as provided in §99.31.

(b) The written consent must:

(1) Specify the records that may be disclosed;

(2) State the purpose of the disclosure; and

(3) Identify the party or class of parties to whom the disclosure may be made.

(Authority: 20 U.S.C. 1232g (b)(1) and (b)(2)(A))

[53 FR 11943, Apr. 11, 1988, as amended at 58 FR 3189, Jan. 7, 1993; 69 FR 21671, Apr. 21, 2004]

  

COPPA        coppa.org

http://www.ecfr.gov/cgi-bin/text-idx?SID=4939e77c77a1a1a08c1cbf905fc4b409&node=16%3A1.0.1.3.36&rgn=div5#se16.1.312_15

Title 16, chapter 1, subchapter C, part 312

312.5 parental consent

Consent required for the collection and disclosure of children’s personal information

§312.5   Parental consent.
(a) General requirements. (1) An operator is required to obtain verifiable parental consent before any collection, use, or disclosure of personal information from children, including consent to any material change in the collection, use, or disclosure practices to which the parent has previously consented.

(2) An operator must give the parent the option to consent to the collection and use of the child's personal information without consenting to disclosure of his or her personal information to third parties.

(b) Methods for verifiable parental consent. (1) An operator must make reasonable efforts to obtain verifiable parental consent, taking into consideration available technology. Any method to obtain verifiable parental consent must be reasonably calculated, in light of available technology, to ensure that the person providing consent is the child's parent. (2) Existing methods to obtain verifiable parental consent that satisfy the requirements of this paragraph include:

(i) Providing a consent form to be signed by the parent and returned to the operator by postal mail, facsimile, or electronic scan;

(ii) Requiring a parent, in connection with a monetary transaction, to use a credit card, debit card, or other online payment system that provides notification of each discrete transaction to the primary account holder;

(iii) Having a parent call a toll-free telephone number staffed by trained personnel;

(iv) Having a parent connect to trained personnel via video-conference;

(v) Verifying a parent's identity by checking a form of government-issued identification against databases of such information, where the parent's identification is deleted by the operator from its records promptly after such verification is complete; or 

NJ Administrative Code 6a:32-7.5 item 13

http://www.state.nj.us/education/code/current/title6a/chap32.pdf

“Organizations, agencies, and persons from outside the school if they have the written consent of the parent or adult student. Organizations, agencies, and persons shall not transfer student record information to a third party without the written consent of the parent or adult student;”



Today: Citizens is counting on you

Citizens In Action needs your help with “NJ DOE Commissioner Hespe: A Full Independent Investigation Into Pearson's Privacy Violations”. Join Citizens and 1,267 supporters today.