data theft
Just think what educational data thieves could do with individual student information. 

 

On the heels of Fordham’s study showing the lack of student data protection, we are now witnessing the ramifications of the data stealing occurring from the Target breach.  From cbslocal.com and Websites Now Selling Credit, Debit Card Information Stolen In Target Breach:

Hackers stealing millions of debit and credit card accounts from customers at Target has dominated the headlines. But what happens to all that stolen data?

Well, it’s up for sale. And in some cases, banks are the ones paying off the crooks to get the information back.

 Security expert Neal O’Farrell says there are many sites now selling the credit and debit card numbers that were stolen from Target customers.

“Here we have a Discover card. It’s selling for $39,” says O’Farrell.

The banks are buying the information to limit the damage.  It’s a bit of a ransom situation.  Read more here.

 

Who will buy your child’s/family’s data when and if it is compromised from a third party vendor?  Some student data in California was on the verge of being provided for sale to third party vendors.  From sandiegoreader.com and Sweetwater district spent big for Arne Duncan visit:

On July 30, Bleisch (Principal of Castle Ridge school) wrote Alt (district CFO): “We have no choice but to purchase a couple of stages for this event (indoor and outdoor). My ASB can afford $3000 but $17,000 is a little too steep for us. This wouldn’t be something you can help us with is it?”

As days go by, the exhortations for money for the Duncan event turn more worrisome. Data-gathering, which is a nationwide concern now in relation to Common Core Standards — appears to become a bargaining chip for money.

Data-gathering has recently emerged as a primary concern for opponents of Common Core Standards and Common Core assessments. Federal laws governing privacy for student data were weakened in 2011. Across the nation, parents have expressed concern that student data will be shared with third parties.

Castle Park Middle School is a Chula Vista Promise Neighborhood school. Promise Neighborhoods are funded by the Department of Education and claim to offer “cradle to career” services. South Bay Community Services is the organization that oversees and distributes the $60 million government investment in Chula Vista.

On August 2 Principal Bleisch wrote to Alt: “By the way, FYI-SBCS [Promise Neighborhood/South Bay Community Services] is prepared to give my school a good chunk of change (over $100K of PN money allocated last year for staff that was not used.) The catch is that they are kinda using the data-sharing agreement as leverage.) They promised to expedite this money transfer as soon as we deliver on the data agreement.”

Read more here about the emails detailing plans to provide access to student data to third parties.

What happens if individual student data is stolen like data was stolen from Target customers?   Do you have standing to file suit against your school district, your educational state agency, your educational consortia, the state legislature, the governor, the State Board of Education, the Federal Department of Education or the vendor to whom Arne Duncan granted access to individual student information?

Target customers did not agree to provide information to hackers.   Public school customers (taxpayers and parents) have not agreed to provide student information for third parties to access and the potential for hackers to access this personal information.  Is it time for a class action suit so student data is not used for purposes not agreed to by the customers?  Arne Duncan has changed FERPA (a Congressional act) so this data access can occur.  Can Arne Duncan be sued like Target is being sued?

Can the Governor, DESE, and the State Board of Education be held responsible for data breaches as they are the representatives signing onto the MOU agreeing to provide access to student (and teacher) data to Smarter Balanced Assessment Consortia?  You can access this data access agreement here:

MO Smarter Balanced Consortia MOU

The Common Core Initiative is wrapped up in this data gathering and access.  States have to have common data sets to be able to compare students to students.  The comparison includes individualized, personal data that companies like eScholar need to obtain to be able to track students.  Common Core is “the glue that ties everything together”.   What happens when that information gets shared in the cloud?  Will parents and students find out after the fact when their information is used fraudulently (such as stolen identities) like the Target customers?  It’s not so much a matter of “if” it will happen, it’s a matter of “when”.

 

 

 

Gretchen Logue