The Future of Privacy Forum tracks student privacy news very closely, and shares relevant news stories with our newsletter subscribers.* Approximately every month, we post “The Top 10,” a blog with our top student privacy stories. This blog is cross-posted at www.ferpasherpa.org.
The Top 10
- Cyber Terrorism in Schools: Ransom letters were sent to the Columbia Falls School District in Montana and Johnston Community School District in Iowa, threatening to disclose sensitive student information if their demands were not met. The hackers also had access to school security cameras in Montana. In Iowa, the group “used stolen contact details to send out threatening messages en masse. ‘I’m going to kill some kids at your son’s high school,’ some of the texts said.” The group also posted “Student names, addresses and telephone numbers have been posted on a publicly accessible website.” Montana parents were also extremely concerned (especially since the letter their district received alluded to Sandy Hook), and an expert stated that the reason the district “was chosen had less to do with what type of organization it is, a school, as opposed to the fact it was an easy target.”
- What should schools and ed tech companies do when law enforcement asks them for student information, such as immigration status? This month, FPF released “Law Enforcement Access to Student Records: A Guide for School Administrators & Ed Tech Service Providers.” The Electronic Privacy Information Center (EPIC) has asked the “Senate to Enforce Privacy Safeguards for ‘Dreamers.’” Many news outlets also discussed education and immigration issues, including “The Cruel Irony of the DACA Database;” a 3-part series from The 74 and The Guardian, “‘Sanctuary schools’ across America defy Trump’s immigration crackdown,” “Trump order could give immigration agents a foothold in US schools,” and “Trump’s immigration crackdown is traumatizing a generation of children;” “‘Dreamers’ worry Trump will use their personal data against them;” and “Immigration crackdown taking heavy toll on California students.”
- The FTC and Department of Education are hosting a Workshop on Student Privacy and Ed Tech on December 1st to discuss open questions about how the Rule implementing COPPA applies in the school context and intersects with FERPA. The general public is invited to attend in person or via webcast. They are seeking public comments before the workshop that are due November 17.
- The Data Quality Campaign released their annual report on state legislation on education data, including student privacy. According to DQC, “26 states passed 53 new laws focused on student data during the 2017 legislative session — with most legislative activity focusing on privacy concerns.” Stay tuned for FPF’s upcoming white paper diving in on this year’s new student privacy state legislative trends.
- The Commission on Evidence-Based Policymaking finally released their final report, which has many implications for student data (and many great privacy suggestions). You can read my blog about the report and education here. Speaker Ryan and Senator Murray both expressed in the press conference releasing the report that Congress plans to pass a law adopting many of the report recommendations. However, at least one article said that, at the Congressional hearing on the report, Congress had difficulty understanding that the Commission argued that the data be used for research purposes only, and not to “root out individual cases of waste, fraud, and abuse.” Many organizations, including the Electronic Privacy Information Center, expressed support for the report.
- Common Sense Media has published a list of “Essential Student Privacy and Safety Questions” to ask your child’s school.
- “[Higher Ed] Schools Must Adhere to Cybersecurity Regulations or Risk Losing Title IV Eligibility,” via Duane Morris LLP.
- A new journal article examines “Young people’s uses of wearable healthy lifestyle technologies; surveillance, self-surveillance and resistance.” One finding: “Young people oppose Fitbits in schools.”
- EdSurge published a great article on a recent California panel with two companies that had “high-profile breaches” in 2017, a data privacy expert, and a district representative.
- “Education Data Breaches Double in First Half of 2017,” via Campus Technology.