A pair of lawmakers is asking for information about the privacy practices of the companies behind the two leading U.S. college entrance exams.
Reps. Joe Barton (R-Texas) and Ed Markey (D-Mass.), the co-chairmen of the bipartisan Congressional Privacy Caucus, have jointly sent letters to the nonprofit organizations that own the SAT and the ACT tests seeking answers about what sort of information the groups collect about their test-takers, and how that information is shared.
The letters, delivered to the chief executive officers of College Board, the firm that owns the SAT, and ACT Inc., each contain 12 questions delving into the data-collection practices of the two outfits, as well as asking for answers about their disclosure policies and how much personal information about students they share with outside organizations.
Among other concerns, the congressmen requested answers about what personal information College Board and ACT obtain from students, how and when it is collected, and whether the organizations share their data with third-party groups.
Bad scores on student privacy by SAT administers?
The organizations have come under scrutiny for the information they collect from test-takers when they register for the entrance exams and then sell or rent to colleges for direct-marketing purposes.
The letters continue the inquiry into the information-gathering policies of private-sector firms that Barton and Markey have been conducting, an ongoing fact-finding mission that has sought information from Google, Facebook and numerous other businesses, particularly those that primarily operate on the Web.
Most recently, Barton and Markey have scolded Facebook for what Markey described as "an emerging pattern of privacy and security problems" centering on how the company shares users' personal information with data brokers and other outside firms. Days later, Markey applauded a coalition of consumer groups for filing a complaint with the Federal Trade Commission, asking the agency to investigate the default privacy settings of the social network's new facial recognition feature.
In May, the two lawmakers jointly introduced legislation that would strengthen an existing law restricting the collection of information about children on the Internet, expanding the provisions of the 1998 Children's Online Privacy and Protection Act (COPPA) to require parental consent for companies to compile data on kids and limit what they can collect from teenagers, among other stipulations.
With the testing companies, Barton and Markey are drilling down on the notice the organizations give students about sharing personal data, asking whether test-takers are advised that they have the option not to provide certain information, and if they are made aware that their decision will not influence the college admissions process.
The representatives are also asking about the security and storage practices around the personally identifying information (PII), inquiring whether the data is encrypted, the duration for which information is stored, and whether they have ever been subject to a breach. Additionally, Barton and Markey asked for details surrounding the revenue the testing organizations receive from the outfits with whom they share students' information.
The New York-based College Board and ACT, headquartered in Iowa City, Iowa, did not immediately respond to requests for comment for this story.