Tag Archives: Privacy

Parents are asking: Who is protecting student privacy?

Common Core has been the “issue” in education and has been part of the vetting process as we move forward in this presidential election. We’ve posted a link to the candidate’s score on a “report card,” based on where they stand on this issue.

Within that report card, candidates are also graded on how well they’ve addressed other concerns like, student privacy. This is an issue that most of the candidates have not talked about.

Since we have direct access to the candidates, we are encouraging everyone to start questioning the candidates about the student data privacy issue. Ask about closing the loophole now in the FERPA law that allows personal information on your child to be shared without your knowledge or consent. What would they do to re-instate parental rights over their child’s data?

It’s important to note that the U.S. Department of Education is under extreme criticism for their own lack of security on student, parent and family data.

Why aren’t the candidates talking about this? Why aren’t they addressing this important issue? Maybe it’s time to TAKE THIS ISSUE TO THE CANDIDATES.

Read more about that scathing review:

U.S. DEPARTMENT OF EDUCATION: INFORMATION SECURITY REVIEW
TAKEAWAYS:
• The Department of Education (DoEd) has at least 139 million unique social security numbers in its Central Processing System (CPS).
• Reminiscent of OPM’s dangerous behavior, DoEd is not heeding repeat warnings from the Inspector General (IG) that their information systems are vulnerable to security threats.
o In the IG’s latest report, there were 6 repeat findings and 10 repeat recommendations.
o The Department scored NEGATIVE 14% on the OMB CyberSprint for total users using strong authentication
o The Department received an “F” on the FITARA scorecard
• The Department maintains 184 information systems.
o 120 are managed by outside contractors
o 29 are valued by the Office of Management and Budget (OMB) as “high asset”
• The National Student Loan Database (NSLD) houses significant loan borrower information. There are 97,000 accounts/users with access to this significant data yet only 5,000, less than 20%, have undergone a background check to establish security clearance.
o The IG penetrated DoEd systems completely undetected by both the CIO or contractor
• The Department needs significant improvement in four key security areas:
o Continuous monitoring
o Configuration management
o Incident response and reporting
o Remote access management

NH Parents: How Schools Will Share Your Child’s Personal Data

SAU16 students brought home a booklet today. The front page is permission to administer potassium iodide pills. Inside are several pages of policies which all parents should read. Especially the items on page 5, referencing the Federal Education Records Protection Act. Your child’s student education record can be released WITHOUT YOUR CONSENT. Read Number 3 to find out to whom.

SAU16

The loophole is “disclosure to school officials with legitimate educational interests.”

Under the new regulatory interpretation, the U.S. Department of Education (USED) (and in fact state departments of education) may disclose personally identifiable student data to literally anyone in the world, as long as the disclosing agency uses the correct language to justify its action.
http://www.nacua.org/documents/FERPA_AACRAOLetterMay2011.pdf
Under the new regulations that gutted federal student-privacy law, data can now be shared with literally any agency if the correct enabling language is used: the Department of Health and Human Services, Homeland Security . . . the IRS (source: http://truthinamericaneducation.com/privacy-issues-state-longitudinal-data-systems/common-core-data-collection/)

NH PARENTS: File “Right To Know” Request To See Data Collected On Your Children

Parents, now that the schools are collecting all kinds of data on your children, it’s important to find out where it’s going.

We advise filing a “Right To Know” request to obtain information on what’s being collected and where that information is being sent.

Send a 91-A Right to Know request to your local Superintendent and the New Hampshire Department of Education.
It’s important to ask questions like;
1) Provide a list of data that is currently being collected on my children.
2) Provide copies of my child’s school records.
3) Provide information on what data/information has left the school and where it went.
4) What outside vendors are currently collecting data/information on my children ?
5) Is there a privacy policy that you follow that guides who can receive information/data on my child?

Here is a sample you an use when requesting information: http://www.nfoic.org/new-hampshire-sample-foia-request

Check your school’s policy on privacy. If there is no policy or a policy needs to be updated, look for local privacy policies and take that to your School Board. You can ask to be put on the agenda the next public school board meeting and present a sample privacy policy. Ask for that policy to be adopted by the board to ensure they are doing their best to protect their sensitive information.

Additional Info: PARCC and SBAC States Agree to Deliver Student to USDoE

NY Times: Student Data Collection Is Out Of Control

National Science Foundation Awards $4.8 Million to Mine Student Data

Millions of Student Records Sold in Bankruptcy Case

What Data is Collected From Kindergarten Students Without Parental Consent

Protecting Student Privacy Act of 2014 DOES NOT Protect Your Child’s Privacy!

[Saturday, September 6, 2014]
FERPA Alert!

An alert by ANITA HOGE

PROTECTING STUDENT PRIVACY ACT OF 2014
Does Not Protect Your Child’s Privacy!

This Bill Allows President Obama’s Executive Order to Share Data, to Become Law, Allowing Student Personally Identifiable Information to be Given to Outside Third Party Contractors Without Your Consent.

http://www.markey.senate.gov/imo/media/doc/2014-05-12_StudentPrivacy_DiscussionDraft.pdf
Senator Markey, (D)Mass, and Senator Hatch, (R)UT, released a draft bill on July 30th to amend FERPA, Family Education Rights in Privacy Act called Protecting Student Privacy Act of 2014. This bill will put the controversial regulations that President Obama changed in FERPA without Congressional authority, into federal law. So now, Hatch and Markey are trying to sidestep parents and make the outrageous Obama regulation that “unlocked data” that allows outside contractors to access personally identifiable information, into federal law. These Senators are NOT on our side, parents! There are NO protections for our children’s records. They have aligned themselves with the Obama agenda, and Obama wants it ALL…all the personal data on your kids. We say NO!

BEWARE: This draft bill is GARBAGE! This bill will continue to allow personally identifiable information on our children to be given to 3rd party outside contractors by law. Who ARE these groups and people who can have our children’s data for free? Read the list of states below to get the information to request WHO has your child’s data. They DO NOT need parents permission to get the data! They do this behind our backs. We say NO!

Did these Senators help to STOP personally identifiable information so that organizations like the Center for Disease Control could NOT access your child’s DNA without informing the parents? NO! Does this bill allow for that to happen? YES!

This allows Obama to continue his agenda that opened the flood gates of ‘free for all’ data on our children.

We say NO! Withdraw this bill!
Expose this Agenda!
We Want Protections For Our Children!
Call Today!
We Want A Congressional Investigation
Into Data Trafficking!

• Markey’s phone-tel:(202)-224-2742 (617)-565-8519
• Hatch’s phone-tel:(202)-224-5251 (801) 524-4380
http://blogs.edweek.org/edweek/DigitalEducation/2014/07/senators_introduce_new_federal.html?cmp=ENL-DD-NEWS1
Request Your State’s Data Trafficking Agenda!
Below are templates that you can use to request the written agreements in your state so you would know which organizations can access personally identifiable information on your children. We have a list of states that have developed a written agreement template to allow access to your child’s private information, PII. YOU may request the contracts yourself or go through your local state representative. This would expose the Obama/FERPA/Markey/Hatch agenda, in that, they are continuing to block the safety and privacy of our children and our families by allowing personal data to flow to outside contractors. Lets stop this, NOW!

Look at the List Below to find your State that may have a Data Sharing Template or Information so that you may Request the Contracts for Personally Identifiable Information that have been done Without Parents Knowledge and Consent. Let’s Stop the Data Trafficking!
• New Hampshire Privacy Legislation http://legiscan.com/NH/text/HB1587/id/905045

http://nheon.org/oet/readiness/NHPrivacyofStudentRecords-current.pdf

• New Hampshire Data sharing agreement http://www.education.nh.gov/data/documents/sample_memor.doc
• Link to Federal Regulations: http://www2.ed.gov/policy/gen/guid/fpco/pdf/2012-final-regs.pdf
• The definition of Personally Identifiable Information is expanded to a biometric record which includes fingerprints, retina and iris patterns, voiceprints, DNA sequence, facial characteristics, and handwriting.
• Prior consent is NOT required to disclose personal information if a written agreement of the disclosure is to other school officials, including teachers, within the agency or institution whom the agency or institution has determined to have legitimate educational interests (§ 99.31)
• A contractor, consultant, volunteer, or other party to whom an agency or institution has outsourced institutional services or functions may be considered a school official
• Disclosure can be made to organizations conducting studies to: Develop, validate, or administer predictive tests; Administer student aid programs; or Improve instruction. (§ 99.33)
• Personally identifiable information may be disclosed by a state or local educational authority or agency by entering into written agreements with organizations conducting studies
• Organizations are defined as Federal, State, and local agencies, and independent organizations
(Authority: 20 U.S.C. 1232g(b)(1)(C), (b)(3), and (b)(5))

“Biometric record,” as used in the definition of “personally identifiable information,” means a record of one or more measurable biological or behavioral characteristics that can be used for automated recognition of an individual. Examples include fingerprints; retina and iris patterns; voiceprints; DNA sequence; facial characteristics; and handwriting.
(Authority: 20 U.S.C. 1232g(b)(4)(A))

“Personally Identifiable Information”

The term includes, but is not limited to–

(a) The student’s name;

(b) The name of the student’s parent or other family members;

(c) The address of the student or student’s family;

(d) A personal identifier, such as the student’s social security number, student number, or biometric record;

(e) Other indirect identifiers, such as the student’s date of birth, place of birth, and mother’s maiden name;

(f) Other information that, alone or in combination, is linked or linkable to a specific student that would allow a reasonable person in the school community, who does not have personal knowledge of the relevant circumstances, to identify the student with reasonable certainty; or

(g) Information requested by a person who the educational agency or institution reasonably believes knows the identity of the student to whom the education record relates.
Authority: 20 U.S.C. 1232g (b)(1) and (b)(2)(A))
§ 99.31 Under what conditions is prior consent not required to disclose information?

(a) An educational agency or institution may disclose personally identifiable information from an education record of a student without the consent required by § 99.30 if the disclosure meets one or more of the following conditions:

(1)(i)(A) The disclosure is to other school officials, including teachers, within the agency or institution whom the agency or institution has determined to have legitimate educational interests.

(B) A contractor, consultant, volunteer, or other party to whom an agency or institution has outsourced institutional services or functions may be considered a school official under this paragraph provided that the outside party–

(1) Performs an institutional service or function for which the agency or institution would otherwise use employees;

(2) Is under the direct control of the agency or institution with respect to the use and maintenance of education records; and

(3) Is subject to the requirements of

§ 99.33(a) governing the use and redisclosure of personally identifiable information from education records.

(ii) An educational agency or institution must use reasonable methods to ensure that school officials obtain access to only those education records in which they have legitimate educational interests.

An educational agency or institution that does not use physical or technological access controls must ensure that its administrative policy for controlling access to education records is effective and that it remains in compliance with the legitimate educational interest requirement in paragraph (a)(1)(i)(A) of this section.

(2) The disclosure is, subject to the requirements of § 99.34, to officials of another school, school system, or institution of postsecondary education where the student seeks or intends to enroll, or where the student is already enrolled so long as the disclosure is for purposes related to the student’s enrollment or transfer.
(ii) Paragraph (a)(5)(l) of this section does not prevent a State from further limiting the number or type of State or local officials to whom disclosures may be made under that paragraph.

(6)(i) The disclosure is to organizations conducting studies for, or on behalf of, educational agencies or institutions to:

(A) Develop, validate, or administer predictive tests;

(B) Administer student aid programs; or

(C) Improve instruction.

(ii) Nothing in the Act or this part prevents a State or local educational authority or agency headed by an official listed in paragraph (a)(3) of this section from entering into agreements with organizations conducting studies under paragraph (a)(6)(i) of this section and redisclosing personally identifiable information from education records on behalf of educational agencies and institutions that disclosed the information to the State or local educational authority or agency headed by an official listed in paragraph (a)(3) of this section in accordance with the requirements of § 99.33(b).

(iii) An educational agency or institution may disclose personally identifiable information under paragraph (a)(6)(i) of this section, and a State or local educational authority or agency headed by an official listed in paragraph (a)(3) of this section may redisclose personally identifiable information under paragraph (a)(6)(i) and (a)(6)(ii) of this section, only if –

(A) The study is conducted in a manner that does not permit personal identification of parents and students by individuals other than representatives of the organization that have legitimate interests in the information;

(B) The information is destroyed when no longer needed for the purposes for which the study was conducted; and

(C) The educational agency or institution or the State or local educational authority or agency headed by an official listed in paragraph (a)(3) of this section enters into a written agreement with the organization that –

(1) Specifies the purpose, scope, and duration of the study or studies and the information to be disclosed;

(2) Requires the organization to use personally identifiable information from education records only to meet the purpose or purposes of the study as stated in the written agreement;

(3) Requires the organization to conduct the study in a manner that does not permit personal identification of parents and students, as defined in this part, by anyone other than representatives of the organization with legitimate interests; and

(4) Requires the organization to destroy all personally identifiable information when the information is no longer needed for the purposes for which the study was conducted and specifies the time period in which the information must be destroyed.

(iv) An educational agency or institution or State or local educational authority or Federal agency headed by an official listed in paragraph (a)(3) of this section is not required to initiate a study or agree with or endorse the conclusions or results of the study.

(v) For the purposes of paragraph (a)(6) of this section, the term “organization” includes, but is not limited to, Federal, State, and local agencies, and independent organizations.

LISTEN TO ANITA HOGE INTERVIEW:
http://alternatecurrentradio.com/charlottesweb/

PARENTS BE WARNED: School Districts Surveying Your Children in NH

This is a recent e-mail sent to parents in Exeter, NH.  Notice that the common theme in these form letters is that you are supposed to get excited that you were “chosen” to give the Government all kinds of personal information on your child and your family.
NOTICE:
They do NOT provide a copy of the survey
They do NOT ask your permission to survey your child.
They do NOT tell you where this information will go or how it will be used.
They do NOT tell you the privacy policy.
They do NOT tell you if this information will be sold for profit.
But you are to be “excited” about all of this.

From: “Exeter High School” <ExeterHighSchool@sau16.org>
Subject: EHS and UNH Combined Project
Date: February 13, 2015 at 8:51:02 AM EST
To: 

 

Good Morning-
Exeter High School is excited to announce that this semester we are partnering with the University of New Hampshire (UNH) to participate in a project that aims to promote healthy relationships among teens. This study is funded by the Centers for Disease Control and Prevention and involves approximately 30 other schools in New England. We were selected to participate by researchers at UNH given our commitment to promoting healthy relationships amongst our students. As part of this project some students in the school (through Health and Physical Education classes) will participate in educational curriculum on healthy relationships and complete surveys related to peer behavior. Parents of students participating in this project will receive more information about the project with an opportunity to opt out of participation if needed. Faculty and staff will also receive resources and training related to this topic to better support our students. This is a significant opportunity for EHS and we think it will add greatly to all of the important work we are already doing to promote healthy relationships and overall safety throughout our school community.
Stay warm this weekend and help a neighbor in need.
Best,
Jim
James Tremblay
Principal
Exeter High School

After some digging around we did manage to find a copy of the survey so parents will know what kind of information is being collected.

EHS says it’s through UNH psych department and the CDC in Atlanta.  Remember we’ve posted information on the APA’s code of ethics when it comes to conducting these kinds of assessments on children.  Licensed Psychologists follow a strict code of ethics to make sure the individual (in this case, the parent since the children are under 18) is fully informed and consents.

How are parents fully informed if the School Administrator does not include a copy of the survey?  Administrators should do the “ethical” thing and also require parental consent.

This comes from a source who is participating in the distribution of the surveys:
Here is a detailed outline of what the survey questions ask:

-Demographic questions including gender identity, race/ethnicity, income, sexual attraction, and the age at which they first had intercourse.

-Attitude questions, specifically attitudes towards sexual assault and relationship abuse (e.g., do they think these types of behaviors are OK?, not a big deal in their school?)

-Attitudes towards being a positive bystander in situations of relationship abuse and sexual assault

-Personal experiences being a bystander in situations of relationship abuse and sexual assault

-Personal experiences with relationship abuse and sexual assault during the past year (e.g., has a dating partner physically pushed them or have they pushed a dating partner)

-Knowledge about sexual assault and relationship abuse (e.g., do they know how common it is, why it happens)

-Perceptions of other students and teachers attitudes towards teen sexual assault and relationship abuse (since we know that so much of students own attitudes and behaviors are shaped by the adults in their lives)

-Two screening questions for depression and alcohol misuse

Also, not all but some of our questions (demographics, personal experiences with relationship abuse and dating violence, depression and alcohol misuse) come from the CDC YRBS survey, which I believe Exeter High School participates in. Here is the link to that survey and you can actually download those surveys:http://www.cdc.gov/healthyyouth/yrbs/questionnaire_rationale.htm

 All of the surveys are completely anonymous meaning we have no way to link specific answers to a specific person.

Now here is the reality that the people arranging the surveys continue to ignore:
In Bedford:

  1. Some parents received a notification, some did not.
  2. Some had no idea how bad the survey was until after they found out their kids had taken it.
  3. Parents didn’t have access to the actual survey to examine but a SAMPLE that didn’t contain the controversial questions on sex, drugs, etc.  They also had to look at it at the school.
  4. Students did put their names on it even though it says not to do so.
  5. Students thought it was a test and thought they had to take it.
  6. Kids put their unique pupil identifier number on the survey.
  7. When parents called in anger after they found out about the survey, they requested that their child’s survey be retrieved and destroyed.  School officials did that upon request proving the surveys were not anonymous.

Hearing on “How Data Mining Threatens Student Privacy” June 25, 2014

Hearing on “How Data Mining Threatens Student Privacy” June 25, 2014

Committee on Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies and Committee on Education and the Workforce Subcommittee on Early Childhood, Elementary and Secondary Education

Statement of Joel R. Reidenberg Stanley D. and Nikki Waxberg Chair and Professor of Law Founding Academic Director, Center on Law and Information Policy Fordham University New York, NY

http://edworkforce.house.gov/uploadedfiles/reidenberg_testimony_final.pdf

URGENT CALL TO ACTION: Privacy under threat for NH students!

Calls needed to senators’ offices!

See the message below from a leading student-privacy warrior in NY.
The Capitol phone number is 202.224.3121

From: Leonie Haimson
Date: Sun, Sep 14, 2014 at 12:18 PM
Subject: Action alert! for student privacy

We just heard that RIGHT NOW, the Senate HELP (Health Education Labor and Pensions committee) is negotiating over the re-authorization of the Education Sciences Reform Act.  We were told that there are Democrats on the committee who are pushing for relaxing limits on access to personal student data, and are saying that researchers should be able to obtain open-ended access to complete student data sets– and that they shouldn’t have to even specify which specific student level data they want for what purposes.

We are urging all parents/advocates to call their Senators in DC ASAP and if possible on Monday morning ESPECIALLY if your Senator is on the HELP committee (listed with links to their contact info below) and especially the Democrats, and ask to speak to their education staffers with the following message:

As regards the Education Sciences Reform Act, student data used by researchers should be de-identified and anonymized to the extent possible.  In NO case should any researcher obtain open-ended access to personally identifiable student data without parental consent.  There must be strict oversight and protocols, and the researcher must explain exactly what type of personal data they need for what particular purpose and why it is absolutely necessary to complete their analysis and why this could not be achieved with anonymized data.

If you have more time to talk, you can point out that there have been more than 700 reported breaches of personal data from educational institutions since 2005 according to  http://www.privacyrights.org/data-breach

You can also point out that the NCES has said that Fair Information Practices require that only personal information that is directly relevant and necessary for the specified purpose should be collected and/or shared…

Please email us if you have any questions.

It is especially important that parents/advocates who live in the states represented by Dems below call on Monday.

Thanks Leonie and Rachael
Co-chairs, Parent Coalition for Student Privacy

Senate HELP Committee

Democrats by Rank

Tom Harkin (IA)
Barbara A. Mikulski (MD)
Patty Murray (WA)
Bernard Sanders (I) (VT)
Robert P. Casey, Jr. (PA)
Kay R. Hagan (NC)
Al Franken (MN)
Michael F. Bennet (CO)
Sheldon Whitehouse (RI)
Tammy Baldwin (WI)
Christopher S. Murphy (CT)
Elizabeth Warren (MA)

Republicans by Rank

Lamar Alexander (TN)
Michael B. Enzi (WY)
Richard Burr (NC)
Johnny Isakson (GA)
Rand Paul (KY)
Orrin G. Hatch (UT)
Pat Roberts (KS)
Lisa Murkowski (AK)
Mark Kirk (IL)
Tim Scott (SC)

Fair Information Practices: http://nces.ed.gov/pubs2011/2011601.pdf