Call to Order and Roll Call
The meeting of the Education Assessment and Accountability Review Subcommittee was held on Wednesday, December 12, 2012, at 1:00 PM, in Room 169 of the Capitol Annex. Senator Jack Westwood, Chair, called the meeting to order, and the secretary called the roll.
Guests: Robyn Oatley and Cindy Heine, Prichard Committee; Erin Klarer, Kentucky Higher Education Assistance Authority and Kentucky Higher Education Student Loan Corporation; Beth Roberts, Committee for Mathematics Achievement; Clyde Caudill, Jefferson County Public Schools and Kentucky Association of School Administrators; Jim Thompson, Education and Workforce Development Cabinet, and Marty White, CLC.
Adopt Minutes of October 29, 2012 Meeting
Representative Belcher moved to accept the minutes, and Representative Winters seconded the motion. The motion carried by voice vote.
Unbridled Learning Accountability Model: First Year Results
Dr. Terry Holliday, Commissioner, Kentucky Department of Education (KDE), said as required in Kentucky legislation, in the 2011-2012 school year, the Commonwealth began a new assessment and accountability model entitled Unbridled Learning: College/Career Readiness for All. The Kentucky Board of Education (KBE) has developed an accountability model that is balanced. It incorporates all aspects of school and district work and is organized around the KBE’s four strategic priorities: next-generation learners, next-generation professionals, next-generation support systems, and next-generation schools and districts. In the first year of reporting, next-generation learners is the basis of the new model; other components are scheduled to enter the model in future years. He said all data for the assessment and accountability system are located within the new School Report Card on the KDE website.
Dr. Holliday said that in February 2012, the United States Department of Education granted Kentucky flexibility under the No Child Left Behind (NCLB) Act. He said this flexibility allows Kentucky to use the Unbridled Learning model to report both state and federal level accountability measures.
Dr. Holliday said in the spring of 2012, Kentucky public schools completed tests collectively named the Kentucky Performance Rate for Educational Progress (K-PREP) in five content areas: reading, mathematics, science, social studies, and writing. KDE is still working on developing the standards for science and social studies to meet the requirements in Senate Bill 1 (2009 RS). The final draft of the science standards is expected in January 2013. By 2014-2015, Senate Bill 1 should be fully implemented. It is four years late, but KDE made the changes with a very low budget.
Mr. Ken Draut, Associate Commissioner, Office of Assessment and Accountability, said the next-generation Unbridled Learning accountability model includes student achievement growth measures, emphasis on college and career readiness, high school graduation rates, student achievement in the five content areas, and increased focus on the lowest-performing schools. Additionally, the new accountability model holds all schools and districts accountable for improving student performance and creates three performance classifications that determine consequences and guide interventions and supports.
Mr. Draut said school and district classifications for 2011-2012 are based on: (1) achievement, including the content areas of reading, mathematics, science, social studies, and writing; 2) gap, the percentage of proficient and distinguished for the non-duplicated gap group for all five content areas; 3) growth in reading and mathematics, including the percentage of students at typical or higher levels of growth; 4) college readiness, as measured by the percentage of students meeting benchmarks in three content areas on EXPLORE at middle school and by ACT benchmarks, college placement tests, and career measures at high school; and 5) graduation rate, as based on the Averaged Freshman Graduation Rate (AFGR).
Mr. Draut explained the state profile 2012 overall and component scores for the Kentucky elementary, middle, and high schools. Students’ reading and math scores were lower which was expected as the new standards are just recently implemented. The same drop should occur with science and social studies as they are aligned in the future. Specific tables for each category identified above are located in the meeting materials in the Legislative Research Commission (LRC) library.
Dr. Holliday said school district information can be found via the School Report Card located on the KDE website. The data is transparent and easy to access. Kentucky is making progress toward meeting the goals of Senate Bill 1. He said 47 percent of 2012 high school students graduated college and career ready. Kentucky is above national norms in every category. The National Assessment of Educational Progress (NAEP) reports were positive, except for weak scores in sixth grade language mechanics. Other states are interested in looking at Kentucky’s School Report Card and adopting common core assessments.
Responding to a question from Senator Westwood, Dr. Holliday said this is a baseline year for language arts and mathematics scores. However, it cannot be considered baseline for science and social studies as the standards are not yet aligned.
Responding to a question from Representative Farmer, Mr. Draut said the test vendors who provide the test scores account for the majority of the data sources in the School Report Card. However, schools must input the data on attendance and graduation rates. There are processes to double check their entries if they are out of line with past trends, and KDE will perform audits as necessary.
Responding to Representative Belcher, Mr. Draut said the special education students’ math and reading scores triggered the majority of the focus schools that will receive assistance to increase student achievement with this group of students. Dr. Holliday said the KDE added the growth component so that low scoring students can contribute points to the accountability index by showing growth from year to year without the students having to reach “proficient.” He said the use of readers by special needs students during assessments will still be allowed for those deemed appropriate.
Office of Education Accountability’s Proposed 2013 Study Agenda
Ms. Marcia Ford Seiler, Director, Office of Education Accountability (OEA), said OEA began a study of virtual learning in 2012. After losing two research staff this year, OEA was unable to complete the study. The topic of digital and blended learning has been combined with the issue of performance-based credits for a more comprehensive study. The three topics for the 2013 are superintendent hiring, termination, and contracts; performance based credits; and standardized assessments.
Ms. Seiler said the study regarding standardized assessment results may require presentation in 2014, depending upon the availability of data. OEA staff will keep EAARS co-chairs apprised on the availability of data and when the report will be ready.
Ms. Seiler said in addition to the three studies, OEA will also prepare the annual District Data Profiles and the bi-annual Compendium of State Education Rankings.
Senator Winters moved to accept the 2013 OEA study topics, and Representative Belcher seconded the motion. The motion carried by voice vote.
Office of Education Accountability’s Report
“Governance of Education Data Security in Kentucky”
Ms. Brenda Landy, Research Analyst, OEA, said the study compared the protections in place to ensure education data security in the Commonwealth to those recommended by recognized data security authorities. The study found that while many important data security provisions are in place, the Commonwealth lacks the comprehensive approach to data security necessary to prevent and respond to breaches. This concern is not unique to the Commonwealth. Despite their essential roles, sensitive contents, and financial value, state education databases across the nation have weak security and privacy protections, according to a Fordham University study. In general, more value is placed on the acquisition and use of technology and education data than on protections necessary to ensure security.
Ms. Landy said data security protections can reduce affordability and usability. As with any area of risk management, the potential threats must be weighed against the cost of risk reduction. While the ideal level of data security is unclear, it is important that the General Assembly and the public be aware of potential risks and the steps necessary to reduce them.
Ms. Landy said ensuring the privacy of education data has long been a concern, but protections are more important than ever because of the proliferation of data collected and the variety of ways data are now stored, transmitted, and used. The Commonwealth has pursued an aggressive agenda to ensure that public education in Kentucky is supported by a broad and complex education technology infrastructure. The Commonwealth is a recognized leader in adopting new technologies for education. While these technologies offer exciting potential for educators, students, and parents, they complicate data security challenges. Data systems are becoming more accessible and less centrally controlled, and data may be stored out-of-state or even out of the country, on computers shared by many other clients, with internet access from anywhere in the world. She said at least half a dozen outside contractors access or store Kentucky’s education information.
Ms. Landy said education data systems are not commonly perceived as potential targets; the KDE reports that is has not detected a significant, system-wide security breach in at least the past 20 years. However, there have been smaller incidents to occur such as students changing grades and attendance data, or those due to human error like mailings that include students’ social security numbers, EXPLORE scores mailed to wrong families, and contractor website data and backups erased. The personal information in education systems is worth more than people realize. Research suggests that personal data in Kentucky’s student information system could be sold on the underground market for an estimated $1 million. Young students’ social security numbers are valuable because it takes years to catch the identification theft.
Ms. Landy said the report identifies specific data security concerns such as weak passwords, storage of personal data on mobile devices, and a large contract in which data ownership issues were not clarified. While these issues can each be addressed individually, they point to a broader need for a comprehensive approach to education data security in the Commonwealth. The accountability and authority for ensuring education data security are currently diffused among several entities at the state level. The General Assembly has given the Commonwealth Office of Technology (COT) statutory authority to oversee governance and implementation of technology, including data security, for state agencies. However, in practice, Kentucky’s P-12 data systems are located and managed independently of COT.
Ms. Landy said as for systems managed by school districts, the KDE has taken the lead in advising and assisting districts in all matters related to education technology, including data security. However, there is no clear statutory authority to ensure that district-level data security plans are developed, implemented, audited, and enforced.
Ms. Landy read the six recommendations provided by the OEA. Mr. David Couch, Office of Knowledge, Information, and Data Services, KDE, presented the KDE’s responses to the recommendations. A memorandum with the responses from Mr. Kevin Brown, Associate Commissioner and General Counsel, was distributed to members. The recommendations and response are located in the meeting materials in the LRC library.
Mr. Couch said the KDE generally agrees with the recommendations provided in the study, and believe they are widely applicable. KDE agrees that data security is of unique importance in the educational setting and that the department should continue to place a high priority on measures to enhance data security. Further, the KDE appreciated the report’s recognition of the potential fiscal impact on local school districts and the department.
Mr. Couch said KDE strongly disagrees with the tenor of the report, which lacks context in some areas, and emphasizes issues not addressed in the report’s recommendations. KDE’s current efforts address the vast majority of the security issues present, and that the core security issues are not technical, but remain primarily behavioral, such as end users not protecting passwords. KDE disagrees with the report’s assertion that cloud-based computing is inherently less secure than on-site computing. KDE also disagrees with the assertions regarding the relationship to and services obtained from the COT.
Responding to a question from Senator Westwood, Mr. Couch said cloud-based computing is the future and COT should examine its benefits.
Responding to a question from Representative Graham regarding the disposal of student records by retiring teachers, Mr. Couch said electronic files were not as much of a concern as paper files. Ms. Seiler said the Department of Library and Archives has a document shredder for that purpose. Representative Graham said school districts should address the issue of discarding confidential student information with retiring teachers.
Responding to Representative Farmer, Mr. Couch said it is important for security to remove email accounts as soon as people leave their jobs. This prevents lurking and viewing private information after an employee is gone. Ms. Seiler said it is important to change computer passwords at work every three months.
Responding to Senator Westwood, Ms. Landy said no serious system wide breach has been detected. Since Kentucky does not have system wide reporting, it’s not certain there has not been a breach. She said there are many kinds of cyber-criminals. They are constantly working on malware and malicious software that can turn computers into zombies and remotely use them without the person ever knowing. Senator Westwood appreciated that OEA’s recommendations were cost conscious.
Responding to questions from Senator McGaha, Mr. Couch said security audits are valuable but probably not needed every year. The Municipal Uniform Information System (MUNIS) is audited every year, but it is very expensive. Ms. Seiler noted one of the OEA’s recommendations was to look at the costs incurred of annual security audits.
Mr. Couch said KDE is supportive of the breach law. KDE uses the term should instead of shall because it does not have the authority of law. He said determining cap limits on notifications is a common problem for states as well as how to notify people that a breach has occurred. Senator McGaha encouraged KDE to report to the EAARS next year on the subject and try to get the proposal enacted into law. It was noted that Senator Mike Wilson will be the EAARS co-chair.
Responding to a question from Senator Westwood, Ms. Landy said three years is the amount of time to keep documents after a student has left school. Documents can be shredded and computer files erased after an audit. Teachers need to be aware of the timeframe.
Responding to a question from Representative Farmer, Ms. Landy said she does not know of a person responsible for purging or eliminating data to ensure the data is in fact gone. She noted the Kentucky Higher Education Assistance Authority (KHEAA) has a system component that can flag the user if a student social security number is included in a document to be dispersed. Mr. Couch said to never store medical or top secret information on mobile phone or individual computers. Personal and confidential data should always be uploaded to a centralized server.
Senator McGaha moved to accept the OEA report, and Representative Farmer seconded the motion. The motion carried, and the report was accepted by voice vote.
With no further business before the committee, the meeting adjourned at 2:45 PM.