Personal Privacy in an Information Society. Testing and Data-Assembly Service Organizations

07/12/1997

As the number of persons seeking admission and financial aid began to tax the capabilities of post-secondary educational institutions, they formed coalition organizations such as the College Entrance Examination Board (CEEB) and the Law School Admissions Council to help collect and process the information used to make admissions and financial-aid decisions. Through these coalition organizations, post-secondary institutions have since fostered the growth of other organizations that test and assemble information on applicants. Best known among them are the Educational Testing Service (ETS) and the American College Testing Program (ACT).

Testing and data-assembly service organizations have become a gate through which a student's education records must pass if he is to gain admission to accredited institutions and to qualify for certain types of financial aid. The student must pay fees for taking tests and for having information assembled, stored, and forwarded to the educational institutions he designates. Because testing and data-assembly service organizations provide their services under contract to organizations like the College Entrance Examination Board and the Law School Admissions Council rather than to post-secondary institutions, policy regarding their record-keeping practices is set by the former rather than the latter, and the students they serve have no role whatsoever.

Testing and data-assembly service organizations are highly specialized and rely heavily on information supplied to them by the applicant. Their procedures for collecting, generating, and maintaining information are also highly automated. Their sophistication and technical proficiency make them sensitive to record-keeping issues and they have strong fiscal incentives for efficient and effective information management, and do not often make serious errors, but they sometimes have difficulty detecting the errors they do make.

Testing and data-assembly organizations usually inform an individual about the principal uses they make of the information they collect about him. Moreover, their policies generally limit the uses they make of their records to the purposes communicated to the individual. Testing and data-assembly organizations take special precautions to protect individually identifiable data when their records are used for research. They also have strong confidentiality standards. One such organization has repeatedly gone to court to resist attempts by the Internal Revenue Service to subpoena student financial data.15 Nevertheless, a testing and data-assembly service organization is not in a position to assume total responsibility for record-keeping policies that would operate to safeguard the interests of the individual, since its policies reflect those of its clients, the coalition organizations representing post-secondary institutions. The Commission's hearing record indicates that the oversight post-secondary institutions exercise over the operations of testing and data-assembly service organizations tends to serve their own interests somewhat better than it does the interests of applicants.16 Thus, although such organizations deal directly with individual applicants, and collect and process mountains of information about them, they are less accountable to the individuals on whom they keep records than any other type of record-keeping institution in higher education.