There is real, growing concern about the way sensitive personal data is being collected and stored on government computer systems. Already in the new Kentucky legislative session, House Bill 5 has been introduced to tighten rules for collection and security of personal data across all state agencies. This bill includes collection of personal data on students, as well.
The attention comes none too soon, as a recent article in Education Week (Danger Posed by Student-Data Breaches Prompts Action) shows.
“Privacy advocates say the increased collection, storage, and sharing of educational data pose real threats to children and families, from identify theft to nuisance advertising, misguided profiling to increased surveillance of everyday activities.”
The article talks about a case in Arizona where schools released personal student data to a group of private dentists who then performed unnecessary dental work on those students to collect Medicaid funds.
Data breaches mentioned by EdWeek include:
• A report about a New York City cloud services provider that “inadvertently uploaded and left unprotected some schools’ emergency evacuation plans, as well as “directory information” that included students’ names, addresses, telephone numbers, dates and places of birth, course schedules, and attendance histories.”
• A report from Chicago “that 2,000 students participating in a free vision-examination program offered by the city had their names, dates of birth, gender, and ID numbers, as well as information from their exams, accidentally posted online.”
• A report from Florida that “roughly 47,000 participants in state teacher-preparation programs had their personal information—including names and in some cases Social Security numbers—posted on the Internet for two weeks last spring.”
• A hack into the Sachem Central School District, which “suffered three data-security breaches in recent months, including one in which the names, ID numbers, and designations for free-lunch programs of 15,000 former students were posted online.”
There have been some security issues in Kentucky, as well.
We reported on one breach in “Infinite Campus Student Software Security Issue?” back in 2009.
Only a few months ago, there were reports of more attempts to penetrate or at least disrupt Kentucky’s Infinite Campus student data system.
The Kentucky Department of Education says it fended off those attacks, but it can be difficult to know about such things with certainty, as the delayed bad news about millions of credit card data hacks at Target and Neiman-Marcus stores during the Christmas season attest.
There are also issues about parent ability to avoid disclosure of sensitive data to their local school and to prevent that data from straying further afield to computers beyond the control of the local school. You can learn more about that by clicking the “Read more” link below.
In any event, student data collected in Kentucky becomes a juicier target for thieves over time as more and more information is collected. So, at the very least, it is well past time for the legislature to at least look at the options to tighten up the ship of state data to improve personal privacy and security.