InBloom data collection raises serious red flags

I read The News article about New York State supporting inBloom data storage company with much interest, and much concern. The State Education Department is going to require school districts to send students’ information to inBloom sometime after Jan. 1. The data that inBloom collects includes personal information such as names, addresses, medical diagnoses, attendance and suspensions.

There is no reason for data collection by inBloom to include such personally identifying information as names and addresses. The analysis is going to be done per aggregate, not on the level of each individual child. Any novice researcher (and I have taught many in my years of teaching research methods courses) knows the correct procedure is to assign each research subject (each child) a unique research number that is linked to his name by the school. The documentation linking this research number and the personal identifier (name) is stored separate from the research data, in this situation, with the school. That allows the data storage/analysis contractor to provide the analysis of aggregate information, but one cannot individually identify any specific child’s data with his name. The child could only be identified by the unique research number. It also ensures that if there is a breach in security at the contractor (inBloom) level, the data that is compromised is not traceable to the specific child, just to the assigned number. Only the school would have the data linking the child’s name with his unique assigned research number.

This is more work for both the school district and the contractor. Frankly, that extra work is a small price for the extent of very private data schools are expected to relinquish.

Christine Nelson-Tuttle D.N.S., R.N.

Associate Professor

St. John Fisher College