ETHICS -- There isn't a single school district with a K-12 CPO. In fact, it is still extremely rare for districts to hire even one full-time employee dedicated to privacy.
Student Privacy Bill Protection : No Parental Consent Needed for Data Mining
Anyone who tells you they don't need privacy because they "have nothing to hide" is a sheep that will enable a total surveillance state. Just don't do it. Privacies protect our basic human rights.
What are the sources of big data?
The sources and formats of data continue to grow in variety and complexity. A partial list of sources includes the public web; social media; mobile applications; federal, state and local records and databases; commercial databases that aggregate individual data from a spectrum of commercial transactions and public records; geospatial data; surveys; and traditional offline documents scanned by optical character recognition into electronic form. The advent of the more Internet-enabled devices and sensors expands the capacity to collect data from physical entities, including sensors and radio-frequency identification (RFID) chips. Personal location data can come from GPS chips, cell-tower triangulation of mobile devices, mapping of wireless networks, and in-person payments.
Latanya Sweeney, a Professor of Government and Technology in Residence at Harvard University, has studied information flows in the health care industry. A graphical map of data flows that depicts information flows outside entities regulated by HIPAA can be found at www.thedatamap.org
THERE ARE NO
CHIEF PRIVACY OFFICERS
IN K-12 EDUCATION
A multibillion dollar market
3/19/19 N.J. data broker tried to sell
personal info on a million kids but didn't tell state officials
ALC Inc., a Princeton-based company, failed to acknowledge the possession of data on minors as required to comply with a Vermont law, the first of its kind in the country.and advertised a mailing list of more than a million high school students for sale on its website. The law requires data brokers to disclose whether they knowingly possess data on people under age 18. The company explicitly offered to sell data on 1.2 million students aged 14 to 17, including their names, addresses, high schools, and hobbies, according to an advertisement on its website. The firm also offered parents' names, household incomes, and ethnicity, among other information. The starting price for the data was $100 per thousand records. ALC, formerly known as American List Counsel, is headquartered in Princeton and has offices in New York, Minnesota, Texas and California, according to the company's website. Founded in 1978, the firm bills itself as the “leading privately held direct and digital data marketing services provider.” Clients include American Express, Gannett, MetLife, and Neiman Marcus, according to ALC. Donn Rappaport is the company's chairman and Susan Rappaport is president, according to ALC's website, which says the firm first opened its doors in the Rappaports' basement. The firm offers much more than data on high school students. It sells data on pregnant women, grandparents with disposable incomes, and consumers who seek cheap prescription drugs, according to its website. The company's slogan is “Make it personal.” “This core student data is obtained via a multitude of different sources, including public profiles from social media sites, local news publications and websites, high school sports websites, and membership sites,” the ad said. “It is then linked to postal addresses utilizing top national consumer data and linkage powered in part by LexisNexis.” The firm pitched the list of 14- to 17-year-olds to marketers as a “uniquely sourced data set [that] has never been available before” that “covers a traditionally hard-to-find marketplace.
Public school districts large systems that serve close to or more than 100,000 students.
WHY STUDENT DATA IS COMPROMISED
- CHIEF PRIVACY OFFICER / Student Data Privacy Officer
- Federal privacy laws (FERPA, COPPA, CIPA) compliance
- where is your state "STUDENT DATA TRANSPARENCY AND SECURITY ACT".
- “Data Protection Addendum,” a document that each district requires its vendors to sign
- policies and procedures for vendor relationships
- what data to share and when to destroy it
- how the district would move data in and out of its system
- Data Sharing Agreement STUDENT DATA PRIVACY REQUIREMENTS
- Consortium for School Networking (CoSN). seal, indicates that a district has a strong, clear commitment to student data privacy. (only 17 districts 2019)
Who is senior-level official who is responsible for the organization's privacy policies and data governance in your school district?
Colorado was one of the first states, along with California and Connecticut, to pass a sweeping student privacy law, Westerman says. The law focuses on three main areas: data use and data use restrictions for third parties; data destruction, which is required at the end of a contract term or vendor relationship; and transparency, so the public can know which vendors each district does business with.
EVERY STUDENT SUCCEED ACT ESSA
Just because a state hasn't reported the information on its report card doesn't mean it isn't publicly posted somewhere else -- BUT CITIZENS WILL NEVER FIND IT.
Says State Report Cards Must Track How Many Students in Foster Care Are Passing Their Reading
Math Tests and Graduating High School. Only 16 Do 2019
all states are required to report how well students in foster care are performing on state tests and how many are graduating from high school. These data points are supposed to be shared publicly on states' annual report cards. But right now, only 16 states are sharing both of these data points. ESSA accountability rules required states to report these data points by the end of 2018. But in 2017, Congress eliminated these regulations, meaning that states simply have to report that information on their annual report cards sometime. ESSA doesn't specify how states should find out which students are in foster care, but most are trying to create a data-sharing agreement with their state's child welfare agency to determine which students are in foster care at any given time. But protecting student privacy while sharing data is difficult on both the technical and legal sides.
“It should not take a degree in statistics or 45 clicks in pursuing an Excel chart to find the answers,” said Phillip Lovell, the vice president of policy development and government relations at the Alliance for Excellent Education. “If it's hard to find … then we're really doing a disservice to parents and the public by not providing them the information that federal law is intending for them to have.”
Many states turning to fancy, redesigned report card websites that may look user-friendly but don't contain the more complex information they are required to present, such as a detailed list of the performance of student subgroups. Instead, they are buried in attached spreadsheets, obscuring the outcomes of students who need the most attention.
Just because a state hasn't reported the information on its report card doesn't mean it isn't publicly posted somewhere else. For example, Colorado hasn't yet reported on the graduation rates of students in foster care, but it has conducted multiple years of research and released legislative reports on graduation rates for these students.
Protecting Children's Privacy in the Era of Big Data Children today are among the first
to grow up playing with digital devices. The Federal Trade Commission has already begun working to frame
the policy questions raised by the Internet of Things, building on their long history of protecting
consumers as new technologies come online.
Ensure Data Collected on Students in School is Used for Educational Purposes. The federal government must ensure that privacy regulations protect students against having their data being shared or used inappropriately, especially when the data is gathered in an educational context.
- Deven McGraw, Center for Democracy & Technology
- Lee Tien, Electronic Frontier Foundation
- Deven McGraw, Center for Democracy & Technology
Privacy Officers: The Unicorns of K-12 Education By Emily Tate Feb 25, 2019
Center for Democracy and Technology (CDT) published a report arguing schools and districts should go the way of other industries and hire a Chief Privacy Officer to oversee their organization's privacy policies and practices. The report explains what a CPO is, why the role is necessary and even provides a two-page sample job description districts can use to begin the hiring process for a CPO. Data can also be misused, abused, exposed and manipulated, it must be protected. Thus, the need for a Chief Privacy Officer—someone who can establish and enforce privacy policies, train staff on privacy procedures and ensure that all data is collected and shared safely.
The Journal Report: Parents Mostly Clueless About Student Data Privacy Laws
Nearly every parent (94 percent) said they should be informed when their child's record was being shared so they'd know with whom it was being shared and why. Parents were less comfortable giving access to the federal government, in general (51 percent), other school districts (46 percent), ed tech companies (43 percent) and nonprofit organizations (31 percent). In the area of laws regulating the use of student data, parents are still mostly clueless, and they don't buy into the idea that more laws will somehow provide the answers they want. Only one in five parents knew that there were federal laws restricting what companies can do with information collected from children online. Another 24 percent knew there were laws but didn't know the details. The remainder knew nothing about federal laws in particular. And this year, the number of parents who see new laws as the answer dropped from 57 percent last year to 44 percent.
CA Student Online Personal Information Protection Act (SOPIPA) new laws in 2016.
The Federal Role in Safeguarding Student Data offers recommendations for areas for federal action from a coalition of 18 national organizations and context to frame the discussion about what the federal government can do to support the education field in safeguarding student data.
The big biz of spying on little kids
SELLING STUDENT INFORMATION and THEY DO NOT protect their rights to privacy !!
2015 State Legislative Session: Education Data Privacy Laws and Bills
Will FCC, FTC, care that GOOGLE continues to break its student privacy pledge per EFF
Internet Companies: Confusing Consumers for Profit Google's Apps for Education contracts with schools suffer from gaping student privacy protection loopholes. School Administrators signed a contract that does NOT protect their students from data collection for the ultimate purposes of monetization as Google represents. Student Privacy Pledge requires Google to not collect and use student information for profit. However, most people don't know that Google's Apps for Education's contracts only agree to not advertise to students on Google's “core” education products like Gmail, Docs, Drive, etc., but the contracts exclude many Google student-popular products like YouTube, Maps, Android, Play, Google+, Chrome, etc. that students clearly could need or demand in their Google Apps for Education experience. This is a classic case of deceptive exceptions becoming the real rule.
big biz of spying on little kids
Intimate information about school children is in the hands of private companies — where it is highly vulnerable to being shared, sold or mined for profit.
The amount of data being collected is staggering. Ed tech companies of all sizes, from basement startups to global conglomerates, have jumped into the game. The most adept are scooping up as many as 10 million unique data points on each child, each day. That's orders of magnitude more data than Netflix or Facebook or even Google collect on their users. Both Republicans and Democrats have embraced the practice. And the Obama administration has encouraged it, even relaxing federal privacy law to allow school districts to share student data more widely. A report by McKinsey & Co. last year found that expanding the use of data in K-12 schools and colleges could drive at least $300 billion a year in added economic growth in the U.S. by improving instruction and making education more efficient.
“When students become patients, privacy suffers” FERPA University students have less privacy for their campus health records than they would have if they sought care off campus. Schools say they are trying to seek the right balance between privacy and safety.
Student Data Privacy Bill won't protect children. CONSUMER
Privacy advocates, have expressed concerns that the pledge contains too many loopholes to be useful. Among their objections: The pledge doesn't require companies to get parental consent - or even to give parents advance notice - before collecting intimate information on their children's academic progress and learning styles. It also explicitly allows companies to build personal profiles of children to help them develop or improve ed-tech products. They can't sell those profiles, but some parents are uncomfortable with any use of student data for commercial gain. A refresher on the pledge: http://politico.pro/192EYsW”
Teachers and School Districts MUST follow the law and protect children's privacy!!!
What Parents Need To Know About Big Data And Student Privacy April 28, 2014 student data have largely moved online in just the past few years. Information is being collected and distributed at unprecedented scale, from the time that toddlers enter preschool all the way into the workforce.
In March, New York became the first state to make it someone's job to oversee this vital issue, creating
position called chief privacy officer in the Education Department. The job description? "Establishing
standards for educational agency data security and privacy policies." Translation: providing the
state's 698 school districts and over 500 colleges and universities, as well as state agencies, with
approaches to managing — and protecting — student data such as test scores, transcripts, health
even dates of birth, racial or ethnic standing and Social Security numbers.
n 2005, things changed. The federal government began awarding grants for the creation of Statewide Longitudinal Data Systems, or SLDS.
That marked the entrance of big data into education, enabled by the leaps forward in the ability to store and process information on remote servers "in the cloud." States and schools for the first time could centralize, organize, search and analyze information on millions of students, in the ways that corporations have been doing for decades. And many for-profit companies, like Google, have rushed in to help them do this, providing software to collect and crunch this information.
In some states these systems are being extended and shared across state lines, to private and for-profit colleges, and with employers. They're also being used in at least 17 states to track teachers from their grades in teachers' college, to their students' performance in the classroom.
K12 Education SPYS
High-Stakes Testing Requires High Levels of Surveillance. Pearson & (SBAC)
Stakes Testing Makes Surveillance Necessary
Anthony Cody:Testing corporations are expecting teachers and administrators to help them spy on students' social media. Apparently Pearson (and not Pearson alone) has a means of monitoring millions of students' postings on Twitter, Facebook, and elsewhere, using key words as alerts. Pearson was also featured as a “case study” by one of the services they use, a company called TRACX.
Personal profiles of children can be sold as a product to the highest bidder on the open market.
5/14/14 The Education Department has been a major proponent of big data. It has used policy and financial incentives, including more than $500 million in direct grants, to prod states to build longitudinal databases that will track students' progress from pre-K through high school and in some cases, into college and the workforce. States will mine the data to spot patterns; they might, for instance, be able to identify behaviors in 6-year-olds that indicate the child has an elevated risk of dropping out of high school a decade later. The department has also relaxed privacy rules to make it easier for school districts to share student records with state and federal officials, as well as with private companies, without parental consent. Privacy advocates sued to block some of those changes, but lost in court.
FYI: The DOE has no authority to levy fines on companies that violate FERPA. It can withhold federal funding from the district, but that's considered such a drastic step, it's never once been taken.
File a Complaint If you feel yours or your child's rights have been violated under FERPA, fill out form please review the steps below to review the Family Policy Compliance Office's Complaint Process. FERPA.Complaints@ed.gov
Protection of Pupil Rights Amendment, or PPRA, schools must obtain parental consent before requiring students to fill out surveys that ask about sensitive issues such as political affiliation, income or sexual behavior.
“Our objective is to produce succinct yet informative summaries that can be included in browser plug-ins or interactively conveyed to users by privacy assistants that inform users about salient privacy practices,” said Norman Sadeh, the lead principal investigator of the study. The results currently presented on this site were obtained using annotations crowdsourced from law students.
SOCIAL INTELLIGENCE Facebook artificial intelligence chief developed SURVEILLANCE systems Social media tech guru helped to devise techniques which could allow computers to spy on humans more effectively
Why Privacy Matters Glenn Greenwald was one of the first reporters to see — and write about — the Edward Snowden files, with their revelations about the United States' extensive surveillance of private citizens. In this searing talk, Greenwald makes the case for why you need to care about privacy, even if you're “not doing anything you need to hide."
THE U.S. Department of Education ANSWERS
questions about student privacy.
Are student files private? The answer is no because of the Loopholes! The "educational record" isn't the same as "metadata". Meta data is whatever the kid is doing online.
Schools can disclose “directory information” without parental consent, including a child's name, address, phone number, birth date, awards received and student ID number. Schools must notify parents once a year of the general categories of information that might be released and give them a chance to opt out. And finally, the third big exception: Schools can also release student records, without written consent, to other “school officials with a legitimate educational interest.”
In 2008, the Education Department expanded the definition of “school officials” to include for-profit companies. Student information that has been properly de-identified or that is shared under the “directory information” exception, is not protected by FERPA, and thus is not subject to FERPA's use and re-disclosure limitations.
Privacy and Encryption companies gather and sell K12 student information.Check to see whether your school district has a policy about disclosing student information.
School Districts and Companies are Data mining your children
Doug Levin, Executive Director
of the State Educational Technology Directors Association (SETDA), the principal membership association representing U.S. state and territorial educational technology leaders.
No one is protecting student privacy.
5/15/14 POLITICO examination of hundreds of pages of privacy policies, terms of service and district contracts — as well as interviews with dozens of industry and legal experts — finds gaping holes in the protection of children's privacy. Students are tracked as they play games, watch videos, read books and take quizzes. The data revolution has also put heaps of intimate information about school children in the hands of private companies where it is highly vulnerable to being shared, sold or mined for profit. The most adept are scooping up as many as 10 million unique data points on each child, each day. That's orders of magnitude more data than Netflix or Facebook or even Google collect on their users.
Ed tech insiders will not name bad actors in their industry. But they will say this: It's quite possible to exploit student data.Web sites receive huge amounts of student information directly from schools or districts. They hand over children's data because they wrongfully assume it would be aggregated and anonymized even though the contracts makes no mention of that or they don't realize just how much date is actually turned over.
The data management site
- Matthew Rubinstein, the founder and CEO of LiveSchool, markets software that helps schools track
behavior. Children's personal information is splintering across the Internet “Anonymity is going to be
more valuable than gold in the near future.”
- LearnBoost, a startup backed by prominent venture capital firms a for-profit startup is holding student records and making it easy for teachers to send them zipping around the Internet without supervision from the district.
- LearnSprout, stores information such as attendance records, which can be granular to the point of noting head lice, a cold, a doctor's appointment or bereavement to name just a few of the categories.
- Interactive Health Technologies stores multi-year fitness records on students, based on data from heart monitors they wear in P.E., and integrates them with “unlimited data points” from the classroom, including behavioral and nutrition records.
- Panorama Education, a data analytics platform used by thousands of schools is backed by investors including Facebook's Mark Zuckerberg and actor Ashton Kutcher does not have a blanket policy to share with the public.
- code.org - donors /sponsors Facebook's Zuckerberg and Microsoft's Bill Gates.
Cameron Wilson Chief Operating Officer requires that its partner schools turn over up to a dozen years of academic records, including test scores, on every participating student, according to a model contract The policy goes on to say it may provide personal information to “schools, teachers and affiliated organizations.” It explicitly states that Code.org does not control how that information “is later used by them or shared with others.” The policy doesn't define “affiliated organizations” or explain how access is determined. Nor does it explain what Code.org does with its voluminous student files or how it protects them.
Users do pay a price: In effect, they trade their data for the tutoring. “Data is the real asset,” founder Sal Khan told an academic conference last fall. The site tracks the academic progress of students 13 and older as they work through online lessons in math, science and other subjects. It also logs their location when they sign in and monitors their Web browsing habits. And it reserves the right to seek out personal details about users from other sources, as well, potentially building rich profiles of their interests and connections. It allows third parties, such as YouTube and Google, to place the tiny text files known as “cookies” on students' computers to collect and store information about their Web usage. It can share personal information with app developers and other external partners, with students' consent.
Districts could write privacy protections into their contracts with ed tech companies. But few do. A recent national study found that just 7% of the contracts between districts and tech companies handling student data barred the companies from selling it for profit. Few contracts required the companies to delete sensitive data when they were done with it. And just one in four clearly explained why the company needed personal student information in the first place, according to the study, conducted by the Center on Law and Information Policy at Fordham University. “We don't know what these companies are doing with our children's data,” said Joel Reidenberg, the Fordham law professor who conducted the study.
A report by McKinsey & Co. last year found that expanding the use of data in K-12 schools and colleges could drive at least $300 billion a year in added economic growth in the U.S. by improving instruction and making education more efficient.
The NSA has nothing on the ed tech startup known as Knewton. The data analytics firm has peered into the
brains of more than 4 million students across the country. By monitoring every mouse click, every
every split-second hesitation as children work through digital textbooks, Knewton is able to find out not
just what individual kids know, but how they think. Private-sector data mining has galloped forward —
perhaps nowhere faster than in education. Both Republicans and Democrats have embraced the practice. And
Obama administration has encouraged it, even relaxing federal privacy law to allow school districts to
student data more widely.
Parents AND School administrators are often in the dark, too. They don't know which digital tools individual teachers are using in the classroom. And when they try to ask pointed questions of the ed tech companies they work with directly, they don't always get clear answers. LOOPHOLE
LOOPHOLES IN AN OLD LAW
The U.S. Department of Education has called safeguarding children's privacy a priority. “That has to be first, that has to be foremost, that's absolutely paramount,” Education Secretary Arne Duncan said in a recent video chat posted by the department. Yet the Family Educational Rights and Privacy Act, written when the floppy disk was just coming into vogue, offers only limited protections. The 1974 law, known as FERPA, explicitly gives school districts the right to share students' personal information with private companies to further educational goals. Companies are supposed to keep standardized test scores, disciplinary history and other official student records confidential — and not use it for their own purposes. But the law did not anticipate the explosion in online learning. Students shed streams of data about their academic progress, work habits, learning styles and personal interests as they navigate educational websites. All that data has potential commercial value: It could be used to target ads to the kids and their families, or to build profiles on them that might be of interest to employers, military recruiters or college admissions officers. The law is silent on who owns that data. But Kathleen Styles, the Education Department's chief privacy officer, acknowledged in an interview that much of it is likely not protected by FERPA — and thus can be commercialized by the companies that hold it.
10/1/14 ComputerCop dangerous internet safety software given away by hundreds of police agencies, does NOT protect your child online. ComputerCOP is actually just spyware, generally bought in bulk from a New York company that appears to do nothing but market this software to local government agencies. The way ComputerCOP works is neither safe nor secure. It isn't particularly effective either, except for generating positive PR for the law enforcement agencies distributing it. As security software goes, we observed a product with a keystroke-capturing function, also called a “keylogger,” that could place a family's personal information at extreme risk by transmitting what a user types over the Internet to third-party servers without encryption. That means many versions of ComputerCOP leave children (and their parents, guests, friends, and anyone using the affected computer) exposed to the same predators, identity thieves, and bullies that police claim the software protects against. Furthermore, by providing a free keylogging program—especially one that operates without even the most basic security safeguards—law enforcement agencies are passing around what amounts to a spying tool that could easily be abused by people who want to snoop on spouses, roommates, or co-workers.
Online privacy regulations for kids take effect 7/1/13
The Children's Online Privacy Protection Act (COPPA) of 1998 restricts websites from knowingly collecting personal information from children younger than 13 years of age. The FTC voted last year to expand the regulations to cover games, apps and ad networks. The new rules also expand the definition of personal information to cover photos, videos, audio recordings and location data. The rules apply to sites and apps directed at children, such as a Disney princess website, as well as sites where children disclose their age, such as Facebook.
Digital Literacy and Citizenship Classroom Curriculum by commonsensemedia.org
The U.S. DOESN'T have a Privacy Commissioner and the U.S. Department of Education remains disturbingly placid about all the breaches in the education sector.
- Privacy Online
To amend title 18, United States Code, to specify the circumstances in which a person may acquire geolocation information and for other purposes. 3/13 -- H. R. 1312
- Big Data
If you thought that the NSA wanted too much personal information, just wait a few months. The EFF is reporting that the FBI's new facial recognition database, containing data for almost a third of the US population, will be ready to launch this summer. Codenamed NGI, the system combines the bureau's 100 million-strong fingerprint database with palm prints, iris scans and mugshots. Naturally, this has alarmed privacy advocates, since it's not just felons whose images are added, but anyone who has supplied a photo ID for a government job or background check. According to the EFF's documents, the system will be capable of adding 55,000 images per day, and could have the facial data for anything up to 52 million people by next year. Let's just hope that no-one tells the Feds about Facebook, or we're all in serious trouble.
2013 Supreme Court says Police can collect your DNA, from anyone arrested and without a
search warrant. the FBI's Combined DNA Index System or CODIS - a coordinated system of federal, state and
local databases of DNA profiles - already contains more than 10 million criminal profiles and 1.1 million
profiles of those arrested. U.S. Supreme Court Associate Justice Anthony Kennedy wrote in the court's
opinion: "When officers make an arrest supported by probable cause to hold for a serious offense and
bring the suspect to the station to be detained in custody, taking and analyzing a cheek swab of the
arrestee's DNA is, like fingerprinting and photographing, a legitimate police booking procedure that is
reasonable under the Fourth Amendment."
U.S. Supreme Court Chief Justice John Roberts, along with associate justices Samuel Alito, Clarence Thomas, and Stephen Breyer went along with the ruling; while associate justices Antonin Scalia, Ruth Bader Ginsburg, Sonia Sotomayor and and Elena Kagen dissented. Make no mistake anyone arrested for any reason will lose their privacy. The gov't is building the national database with your DNA.
A previously reported breach that affected students at the Ramstein Intermediate School also affected students and sponsors at three other schools under the U.S. Department of Defense Education Activity- Europe (DoDDS-Europe). Until now, I didn't know which other schools were involved, until a small item on Military.com provided their names.
Stars and Stripes: Jennifer H. Svan reports: The theft of five thumb drives from an
unlocked vehicle may have compromised the personal information of hundreds of pupils, their parents and
staff members at a Defense Department school in Germany, school officials said Wednesday. Parents of more
than 900 students at Ramstein Intermediate School were notified of the possible data breach Tuesday night,
more than three weeks after the information disappeared. The thumb drives were stolen overnight Oct. 26
the unlocked vehicle of an American living in Landstuhl, according to German police. The data sticks
belonged to an intermediate school employee, said Department of Defense Dependents Schools-Europe
Bob Purtiman. [...]
Purtiman said officials were trying to determine whether the data on the thumb drives was protected by encryption, and whether the devices were personal or government-owned.
One may contact us with questions and concerns by sending an e-mail to Privacy.Office@eu.dodea.edu or addressing a letter to our APO address:
ATTN: Privacy Officer
Unit 29649, Box 7000
APO, AE 09002
The U.S. Department of Education established the Privacy Technical Assistance Center (PTAC) as a “one-stop” resource for education stakeholders to learn about data privacy, confidentiality, and security practices related to student-level longitudinal data systems.
The mission of the Family Policy Compliance Office (FPCO) is to meet the needs of the Department's primary customers--learners of all ages--by effectively implementing two laws that seek to ensure student and parental rights in education: the Family Educational Rights and Privacy Act (FERPA) and the Protection of Pupil Rights Amendment (PPRA).
Parents and eligible students who need assistance or who wish to file a complaint under FERPA or PPRA should do so in writing to the Family Policy Compliance Office, sending pertinent information through the mail, concerning any allegations to the following address:
Family Policy Compliance Office
U.S. Department of Education
400 Maryland Avenue, SW
Washington, D.C. 20202-5920
Phone: 1-800-USA-LEARN (1-800-872-5327)
Final FERPA regulatory changes Published in Federal Register on December 2, 2011 Effective January 3, 2012
States collect far more information than parents expect, and it can be shared with more than just a
student's teacher or principal. Parents and students have very little access to that data. Data Quality Campaign, their idiot Directors and for profit business
partners who support deforming education into a data-driven enterprise and advocate for
expanded data use. All 50 states and Washington, D.C. collect long term, individualized data on students
performance, but just eight states allow parents to access their child's permanent record. Forty allow
principals to access the data and 28 provide student-level info to teachers. "When you have a system
that's secret [from parents] and you can put whatever you want into it, you can have things going in
be very damaging," says Lillie Coney, associate director of the Electronic Privacy Information
"When you put something into digital form, you can't control where that'll end up." Some states
store student's social security numbers, family financial information, and student pregnancy data. Nearly
half of states track students' mental health issues, illnesses, and jail sentences. Without access to
child's data, parents have no way of knowing what teachers and others are learning about them. The Family
Educational Rights and Privacy Act gives parents "certain rights with regard to their children's
education records, such as the right to inspect and review [their] child's education records." But it
also allows student information to be shared without parental consent. "Your child's information may
disclosed to another school in which your child is enrolling, or to local emergency responders in
with a health or safety emergency," it says.
Teachers: Does your district have a policy regarding students privacy?
Parents: Check to see whether your school district has a policy about disclosing student information.
The Secretary amends our regulations implementing the Family Educational Rights and Privacy Act (FERPA), which is section 444 of the General Education Provisions Act. These amendments are needed to implement a provision of the USA Patriot Act and the Campus Sex Crimes Prevention Act, which added new exceptions permitting the disclosure of personally identifiable information from education records without consent. The amendments also implement two U.S. Supreme Court decisions interpreting FERPA, and make necessary changes identified as a result of the Department's experience administering FERPA and the current regulations.
These changes clarify permissible disclosures to parents of eligible students and conditions that apply to disclosures in health and safety emergencies; clarify permissible disclosures of student identifiers as directory information; allow disclosures to contractors and other outside parties in connection with the outsourcing of institutional services and functions; revise the definitions of attendance, disclosure, education records, personally identifiable information, and other key terms; clarify permissible redisclosures by State and Federal officials; and update investigation and enforcement provisions.
When it comes to your student's personal information, who's in
K12 Administrators: The Children's Online Privacy Protection Act, enforced by the Federal Trade Commission, requires commercial website operators to get parental consent before collecting any personal information from kids under 13. COPPA allows teachers to act on behalf of a parent during school activities online, but does not require them to do so. That is, the law does not require teachers to make decisions about the collection of their students' personal information.
The No Child Left Behind Act includes a provision that requires high schools to turn over personal information on students to military recruiters. In addition, the Pentagon now maintains a database of some 30 million 16- to 25-year-olds, including their names, ethnicities, addresses, cell phone numbers, family information, extracurricular activities, and areas of study.
Citizens have lost Control over their children's information.
Privacy Concerns arise over Student Data.
Thanks to the 1974 federal Family Educational Rights and Privacy Act schools are allowed to sell (designate as public record) as much student data as they want to directories, yearbooks. Outside groups get it through public record. Debate prods some schools to alter policies of selling contact information. K-12 School Districts and Colleges are allowed to share and sell student contact information with outside sources. They sell names, ages, phone numbers and home addresses of students.
TAKE BACK CONTROL: WHAT PARENTS CAN DO
- Parents should demand tha the school board decide to stop giving out students' phone numbers, home and email addresses.
- Parents should form group to oppose a school policy to share its student list. Parents can request their information be taken off the list.
- Sue the School District to make them stop.
- College students may restrict what information is made available.
DO YOU KNOW WHAT YOUR STATE IS COLLECTING ABOUT YOUR CHILD?
Shawn Bay, the founder and chief executive of eScholar, a software company has helped build successful student data warehouses in 20 states. State Education Technology Directors Association also build the database. Examples:
- California spent $60 million since 1997 to develop an "electronic statewide school information system."
- Maine spent five years building the Maine Education Data Management System, $5 million, and are still working kinks out of it.
- North Dakota spent $2.4 million on a system.
- Idaho's 114 school districts in a system spent 21 million and will cost 180 million to complete.
- North Carolin spent 110 million and needs 140 million to complete.
- NY 31 million.
WHOA - Cyberstalking - a volunteer organization founded in 1997 to fight online harassment through education of the general public, education of law enforcement personnel, and empowerment of victims. We've also formulated voluntary policies which we encourage online communities to adopt in order to create safe and welcoming environments for all internet users. Online Harrassment Stats
DEPT. OF EDUCATION PROPOSES EXPANDING IPEDS Inside Higher Ed, 1 December
The U.S. Education Department has proposed significantly expanding the Integrated Postsecondary Education Data System (IPEDS), creating what it calls Huge IPEDS. In March 2005, the department proposed creating a unit-record database that would track students much more closely than current reporting does, allowing more accurate statistics for graduation and transfer rates among U.S. college students. Many in the higher education community resisted the unit-record database, saying it represents an invasion of student privacy, not to mention increasing the administrative workload. Some of the most vocal opponents of the unit-record database now see Huge IPEDS as a government tactic to move forward with the database by proposing another that is even more unpalatable. One official from a higher education association who asked not to be identified said, "It seems like a lever for the department to make an even stronger case why unit records make more sense." Mark Schneider, commissioner for education statistics at the Department of Education, declined to answer whether the new proposal is a decoy but did say that "people want and need more data, and were going to get it one way or the other."
Statewide data systems that could be linked.
2010 An infrastructure will make it possible for dozens of states to share data about the students in their K-12 and postsecondary education systems, creating the equivalent of a national system of data on students' educational progress. Once the "model common data standards" are developed, the State Higher Education Executive Officers and the Council of Chief State School Officers will -- using grants from the Bill and Melinda Gates Foundation -- build understanding of and support for the standards among their respective members, SHEEO announced last week.
Many policymakers say the ability to gather and analyze such information is essential to reaching the goal of getting more Americans into and out of higher education. After Congressional Republicans quashed the Bush administration's proposal for a truly federal "unit record" database as part of its existing Integrated Postsecondary Education Data System, a coalition of foundations, research groups, and now, the Obama administration are looking to develop statewide data systems that could be linked. "There are a very small number of data elements that are really central to educational progress and achievement, and sometimes separate standards [and definitions] for K-12 and higher education," explained Paul Lingenfelter, president of the State Higher Education Executive Officers. "Where there needs to be communication between the two, like in terms of students' academic preparation and academic success, this would create consistent standards so that communication could take place." Some fear, however, that a massive receptacle of data on students would inevitably impinge on individual privacy. The Lumina report, by Peter Ewell and Marianne Boeke of the National Center for Higher Education Management Systems, follows a similar 2003 review of the status of state systems that track data at the student level, which found that 39 states had such databases for all or parts of their public higher education systems and that it would be feasible to link those databases into a comprehensive network.
School Districts' Staff installing spyware / adware on district-owned workstations.School District's staff seems to download and install all types of garbageware: Example: Hotbar, Webshots, Bonzi Buddy, Shopping Buddy, Comet Cursor, etc. with little regard or thought as to what these "programs" do in the background (advertising banners, stealing information from forms).
Should the district care if staff wants to personalize their workstation? Most of these kinds of programs have become very, very intrusive and invasive. Ad components don't uninstall, browser security settings are abruptly changed, ads added to personal email, etc. What is the district policy if secretaries & custodians who have installed "Hotbar" (which puts pieces into IE and Outlook) and who now cannot fill out district browser-based database forms, and other staff members who now have lost their default browser homepage settings to Webshots or related garbage (and, oddly enough, Win2000 Group Policies isn't preventing it or fixing it). Some staff members get popup windows with advertising as soon as they start their browsers to view the district private internal webserver. Garbageware is starting to prevent people from completing their job duties.
- Do any districts have policies in place regarding staff installing software from the Internet (as compared to purchased CD-based software)?
- Staff installing software from the InternetIs this allowed freely?In your policies, do you address
issues of whether these garbageware titles are violating federal laws regarding privacy of student
Some transmit the contents of whatever form you're filling out back to the ad company. 10/02 Example: imagine if every piece of information you filled out in a PowerSchool form was sent back to CometCursor or Bonzi Buddy for evaluation (they're doing) Do you use firewall-based or content-filtering tools to block such invisible network communications between ad client and ad company?
- Is removing this garbage going to be a big focus for your school district?
SCHOOL PUBLIC ACCESS SYSTEMS -
prevent students from installing or deleting software on our public access systems.
ARMED FORCES COLLECT CHILDREN'S INFORMATION
Mining for kids: Children can't opt out of Pentagon recruitment
By Kathryn Casa | Vermont Guardian
Parents cannot remove their children's names from a Pentagon database that includes highly personal information used to attract military recruits, the Vermont Guardian has learned.
The Pentagon has spent more than $70.5 million on market research, national advertising, website development, and management of the Joint Advertising Market Research and Studies (JAMRS) database a storehouse of questionable legality that includes the names and personal details of more than 30 million U.S. children and young people between the ages of 16 and 23.
The database is separate from information collected from schools that receive federal education money. The No Child Left Behind Act requires schools to report the names, addresses, and phone numbers of secondary school students to recruiters, but the law also specifies
that parents or guardians may write a letter to the school asking that their children's names not be released.
However, many parents have reported being surprised that their children are contacted anyway, according to a San Francisco-based coalition called Leave My Child Alone (LMCA).
"We hear from a lot of parents who have often felt quite isolated about it all and haven't been aware that this is happening all over the country," said the group's spokeswoman, Felicity Crush.
Parents must contact the Pentagon directly to ask that their children's information not be released to recruiters, but the data is not removed from the JAMRS database, according to Lt. Col. Ellen Krenke, a Pentagon spokeswoman.
Instead, the information is moved to a suppression file, where it is continuously updated with new data from private and government sources and still made available to recruiters, Krenke said. It's necessary to keep the information in the suppression file so the Pentagon can make sure it's not being released, she said.
Krenke said the database is compiled using information from state motor vehicles departments, the Selective Service, and data-mining firms that collect and organize information from private companies.
In addition to names, addresses, Social Security numbers, and phone numbers, the database may include cell phone numbers, e-mail addresses, grade-point averages, ethnicity, and subjects of interest.
S.F. SCHOOL BOARD SET TO PULL TRIGGER ON JROTC
A majority of the San Francisco Board of Education is poised to end the district's 90-year relationship with the U.S. military and its widely popular Junior Reserve Officers' Training Corps, with a vote expected next week. Four board members oppose the program on two grounds: the military's stance on gays and the desire to keep the armed forces out of public schools. "I don't think the military should be involved in civilian life," said board member Dan Kelly, a self-described pacifist who served two years in prison for resisting the Vietnam draft. "I know that children, the students, like the program," Kelly said. "I know they enjoy it. That doesn't necessarily mean it's doing a good thing for them." The program costs nearly $1.6 million per year, reports Jill Tucker. The military pays $586,000, or half the salaries of 15 instructors -- all of whom are retired military personnel rather than certified teachers. The district pays the other half of salaries and $394,000 in benefits. Most critics acknowledge that the JROTC helps reduce dropouts. Students learn leadership and problem-solving skills, first aid, money management, geography, civics and how to be a team player, among other topics -- some of which they learn in other required classes. Opponents say all that can be done without the military.
How to Protect Kids' Privacy from the Government
k16 to 25? Pentagon Has Your Number, and More By DAMIEN CAVE June 24, 2005
The Defense Department and a private contractor have been building an extensive database of 30 million 16-to-25-year-olds, combining names with Social Security numbers, grade-point averages, e-mail addresses and phone numbers.
The department began building the database three years ago, but military officials filed a notice announcing plans for it only last month. That is apparently a violation of the federal Privacy Act, which requires that government agencies accept public comment before new records systems are created.
David S. C. Chu, the under secretary of defense for personnel and readiness, acknowledged yesterday that the database had been in the works since 2002. Pentagon officials said they discovered in May 2004 that no Privacy Act notice had been filed. The filing last month was an effort to correct that, officials said.
Mr. Chu said the database was just a tool to send out general material from the Pentagon to those most likely to enlist.
"Congress wants to ensure the success of the volunteer force," he said at a reporters' roundtable in Washington. "Congress does not want conscription, the country does not want conscription. If we don't want conscription, you have to give the Department of Defense, the military services, an avenue to contact young people to tell them what is being offered. It would be na12ve to believe that in any enterprise, that you are going to do well just by waiting for people to call you."
On Wednesday, The Washington Post reported that the notification in The Federal Register had drawn criticism from a coalition of eight privacy groups that filed a brief opposing the database's creation. Yesterday, many of those privacy advocates, learning that the database had been under development for three years, called its existence an egregious violation of the Privacy Act's rules and intent.
ARMED FORCES RECRUITER ACCESS TO SECONDARY SCHOOL STUDENTS
Did you know that NCLB Title IX, Section 9528 requires school districts that receive NCLB assistance to share student information such as names and addresses of students to military recruiters? Another provision in Section 9528 allows parents and students to protect this information by requesting that it not be released. Schools must notify parents of their right to request that personal student information not be released, but many do not do so. NCLB requires school districts to provide military recruiters the "same access to secondary school students as is provided generally to postsecondary education institutions or prospective employers." Many states and school districts also have policies that regulate the privacy of student information, in addition to the NCLB requirements. With their parents written consent to the school district, a student may request that their name, address and telephone not be released to military recruiters, institutions of higher education or both. At the link below are sample forms that can be submitted to school districts to request privacy protection of student information.
Student Marketing Group
Deceived students into providing personal information. The company encouraged teachers to collect the data from students, which was then sold to marketers to pitch the students for items such as magazines, clothes, and credit cards. Suit
American Student List, LLC
New York: (888) 462-5600 • Florida: (888) 550-8548
American Student List then sells student names and other information to companies that solicit students for a wide array of goods and services. ASL provides the largest, most authentic lists of students available. They target children for promotions by zip, county, sectional center and state, gender, age and class year. Many lists also include telephone numbers. All lists are available on magnetic tape, tape cartridge, diskette, pressure-sensitive or cheshire labels, or through electronic delivery: modem to modem.
School students are entitled fo First Ammendment Protection.
American Student List pays for the information by helping to fund the National Research survey. Companies that buy student names from American Student List include shaving giant Gillette Co.; credit-card purveyors American Express Co. and Capital One Financial Corp.; Kaplan Inc., the Washington Post Co. unit that is the largest admissions test-coaching chain; Primedia Inc.'s Seventeen Magazine; and Columbia House Record Club, which is owned by AOL Time Warner Inc. and Sony Corp.
- 3 million students Segmented by juniors and seniors on this list
A gold mine of marketing potential and valued property of ASL since 1972.
- Over 2 million email addresses from teens, from 16 to 25.
- 12 million names of children ranging in age from 2 to 13 years, representing Pre-K through 8th grade. All names are selectable by age, birthdate, and head of household.
- 25 million names of children ages birth through 17, by age, birth date, head of household, income and geography.
- 9 million names segmented from grades 9 through 12 contain the student's full name and home address
- 4 million names of individuals, aged 14 to 19, from Sports Activities, Scholastic Activities, Career Interests, Computer Users, categories.
- 5 million names, home and school addresses and phone numbers of students attending 1,100 colleges and universities.
- full names of people between the ages of 18 and 36
- 3 million questionnaire respondents from a particular ethnic group.
- 8 million questionnaire respondents belong to a religious group.
College-Survey Firm Quietly Peddles Student Information to Big Marketer
[source] Each year, more than one million U.S. high-school students take time out of
their school day to fill out a survey asking their names, addresses, grade-point averages, races,
and social views. The organization that sponsors the survey, the National Research Center for College and University Admissions, tells
the schools it will broaden students' higher-education options by distributing their names and
to hundreds of colleges and universities across the country.
But colleges aren't the only recipients of the survey results. Generally unknown to high schools, colleges, students and their parents, National Research for at least a decade has also sold the personal information it gathers to the country's leading supplier of young people's names to commercial marketers, American Student List LLC.
2007 The ruling says the student had "legitimate, objectively reasonable privacy expectations" concerning the data on his computer even though he had connected it to the university network. University policies, no matter what they say, "do not eliminate [the student's] expectation of privacy in his computer," the decision said. Read the text of the decision, , written by the U.S. Court of Appeals for the Ninth Circuit. http://www.ca9.uscourts.gov/opinions/
How They Manage
The University of Texas at Austin manages student data confidentiality and disclosure in accordance with FERPA, the Federal Educational Rights and Privacy Act of 1974 (aka the Buckley Amendment) and the Texas Public Information Act. Under FERPA, universities designate certain formation as "directory information" that may be disclosed without the student's explicit permission (although students may elect to make directory information confidential, most students do not). Under the Public Information ("Open Records") Act, "it is the policy of this state that each person is entitled, unless otherwise expressly provided by law, at all times to complete information about the affairs of government ...." including student directory information. Texas Public Info Act: UT Austin's FERPA policies
2000 Privacy Law Forcing Changes to Children's Sites
WASHINGTON -- The first federal law governing privacy in cyberspace takes effect on Friday, when Web sites that gather personal data will be required to start getting parental permission before requesting personal information from children under 13.
Lawmakers, regulators, privacy advocates, Web companies and Internet users alike will be closely watching the introduction of the Children's Online Privacy Protection Act to see if it is effective, how it changes the online experience of young Web surfers and whether similar rules should be expanded to cover teenagers or even adults.
The Federal Trade Commission, which wrote the rules for the new law and which will be responsible for enforcing it, has launched a media blitz both on- and off-line to educate parents, children and Web site operators about the new law.
The law that takes effect Friday was passed two years ago after an FTC survey found that the state of online privacy protections was generally dismal. It requires all Web sites that gather personal information from children under 13 to have clearly posted privacy policies stating how that data is used. And they must gain "verifiable" parental consent before gathering any information.
Web Sites Related to This Article:
Center for Democracy and Technology
Federal Trade Commission: Privacy Initiatives, with links to information about the Children's Online Privacy Protection Act
Immunity provisions of the federal Communications Decency Act (CDA).
Legal Liability for Internet Service Providers Under the Communications Decency Act By Edmund B. (Peter) Burke
A Win for a Public Library
In this article we will examine some recent cases that throw light on the interpretation of the immunity provisions of the federal Communications Decency Act (CDA). The decisions generally involve the interpretation of Section 230(c)(1) of the CDA, which states: "No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider."
The leading case on this rule of federal immunity is, no doubt, Zeran v. America Online Inc., a 1997 case from the U.S. Court of Appeals for the Fourth Circuit. In Zeran, the court found that Congress made a deliberate policy choice to immunize those persons providing Internet access from tort liability. According to the Fourth Circuit's decision:
Congress recognized the threat that tort-based lawsuits pose to freedom of speech in the new and burgeoning Internet medium.... Section 230 was enacted, in part, to maintain the robust nature of Internet communication and, accordingly, keep government interference in the medium to a minimum.