CHICAGO – It’s precisely why privacy advocates don’t like government bureaucrats having access to highly sensitive personal information.
Administrators with Chicago Public Schools “mistakenly” gave personal data – names, home addresses, phone numbers, disability status and more – to five vendors who had no business relationship with the district.
They say the breach involving 4,000 students was “unusual” and that employees would undergo “training” to ensure it wouldn’t happen again.
“All [of the companies] have confirmed that they have responsibly destroyed the information,” Chief Accountability Officer John Barker wrote in a letter to parents last month, Catalyst Chicago reports.
Student Privacy Matters founder Leonie Haimson notes such breaches have increased “in part because of increased federal requirements for data collection.”
“Data should be encrypted. There needs to be better training, security audits and indemnification,” she says.
“There’s been this huge push by the federal government to create the conditions under which the schools and districts have to collect more and more information and keep it in digital form […] But as we’re moving into a digital universe, the security and privacy protections have not kept up.”
The adoption of a universal data collection system stems from a requirement to be eligible for stimulus money in 2009.
The Heartland Institute reported last fall:
Knowing much of the data collected will be completely unrelated to education, in 2012, a combination of 24 states and territories struck a deal to implement data mining to receive federal grants. “Personally Identifiable Information” was allowed to be extracted from each student. Examples below are some of the more extreme examples of data mining, causing reasonable people to question why the government would venture into such an invasion of our privacy.
According to the Chicago-based group, such items of data schools will be collecting include:
1. Political affiliations or beliefs of the student or parent;
2. Mental and psychological problems of the student or the student’s family;
3. Sex behavior or attitudes;
4. Illegal, anti-social, self-incriminating, and demeaning behavior,
5. Critical appraisals of other individuals with whom respondents have close family relationships;
6. Legally recognized privileged or analogous relationships, such as those of lawyers, physicians, and ministers;
7. Religious practices, affiliations, or beliefs of the student or the student’s parent; and
8. Details of Income.
Heartland claims the information would be sent to federal agencies that were put in place once the States accepted Common Core, a set of national standards related to math and reading and writing.
For now, all Chicago school administrators can do is apologize.
“CPS takes student privacy very seriously and we deeply regret these circumstances,” officials say, according to Catalyst Chicago. “To prevent future unauthorized disclosures, the District is training staff members on student information safeguards and the importance of maintaining student privacy.”
It’s not the first time Chicago school administrators have released students’ personal information.
In 2013, medical information of about 2,000 students was posted on a district website accessible by the public.
The data, which included the student’s name, date of birth, gender, identification number, vision exam date, diagnosis and school name, was uploaded to the city’s computer system in June 2013. On Oct. 7 of that year, a city resident alerted officials that the information was online.
“Upon learning of the misconfiguration, corrective steps were immediately taken to mitigate the problem and remove this information and all cached and archived versions of the data from the Internet,” a district spokesman said. “The glitch was isolated to the vision program and did not impact any other city programs.”