A LETTER TO PARENTSOpt-Out 2014: Protect Children| Date Captured | Tuesday August 12, 2014 06:10 PM | |
| National Opt-Out Campaign Informs Parents How to Protect the Privacy of their Children's School Records| Date Captured | Tuesday September 20, 2011 04:53 PM | | Parents have rights under the Family Educational Rights Privacy Act (FERPA) to restrict access to their children's personal information. |
| ACLUACLU: Social Networking, your privacy rights explained| Date Captured | Thursday March 08, 2012 09:05 AM | | The vast majority of young people living in the United States go online daily and use social networking sites like Twitter, Facebook and YouTube. With all this information-sharing, many questions about ownership of personal information and possible discipline for postings arise. This guide will answer some of those questions so that you can better understand the rights you have when using social networking both in and out of school. |
| Digital Due Process| Date Captured | Wednesday March 31, 2010 04:23 PM | | [A powerful collection of organizations has formed a new coalition to push for an update to the Electronic Communications Privacy Act (ECPA). Members of the coalition include Google, Microsoft, AT&T, AOL, Intel, the ACLU and the Electronic Frontier Foundation. The guidance from the coalition would enshrine principles for “digital due process,” online privacy and data protection in the age of cloud computing within an updated ECPA.]
|
| Authentication Happy Birthday, Internet| Date Captured | Friday October 30, 2009 08:22 PM | | NPR interview -- authentication and privacy concerns mentioned.
October 30, 2009
[On Oct. 29, 1969, around 10:30 P.M., a message from one computer was sent over a modified phone line to another computer hundreds of miles away. Some say the Internet was born that day. UCLA computer scientist Leonard Kleinrock, who was there, gives his account.]
IMPORTANT EXCERPT:
[Dr. KLEINROCK: Yes. In fact, in those early days, the culture of the Internet was one of trust, openness, shared ideas. You know, I knew everybody on the Internet in those days and I trusted them all. And everybody behaved well, so we had a very easy, open access. We did not introduce any limitations nor did we introduce what we should have, which was the ability to do strong user authentication and strong file authentication. So I know that if you are communicating with me, it's you, Ira Flatow, and not someone else. And if you send me a file, I receive the file you intended me to receive.
We should've installed that in the architecture in the early days. And the first thing we should've done with it is turn it off, because we needed this open, trusted, available, shared environment, which was the culture, the ethics of the early Internet. And then when we approach the late 1980s and the early 1990s and spam, and viruses, and pornography and eventually the identity theft and the fraud, and the botnets and the denial of service we see today, as that began to emerge, we should then slowly have turned on that authentication process, which is part of what your other caller referred to is this IPV6 is an attempt to bring on and patch on some of this authentication capability. But it's very hard now that it's not built deep into the architecture of the Internet.]
|
| Big Data"Big Data and the Future of Privacy" | Date Captured | Monday April 07, 2014 11:09 AM | | EPIC comments to the White House on topic. |
| BlogsMISSOURI EDUCATION WATCHDOG| Date Captured | Thursday February 02, 2012 11:25 AM | |
| BMI: Body Mass Index Applications for New Awards; Carol M. White Physical Education Program| Date Captured | Wednesday March 21, 2012 04:55 PM | | Federal Register/Vol. 76, No. 60/Tuesday, March 29, 2011/Notices |
| BreachesOne in four data breaches involves schools| Date Captured | Thursday March 12, 2009 03:02 PM | | Wednesday, May 14, 2008 --Meris Stansbury, Assistant Editor, eSchool News writes -
[One in four data breaches involves schools
'You're losing the cyber security battle,' experts warn during a higher-education computer-security conference near Washington, D.C.]
|
| Campus LifeBalancing Student Privacy and School Safety: A Guide to the Family Educational Rights and Privacy Act for Elementary and Secondary Schools| Date Captured | Monday July 25, 2011 01:51 PM | | Many school districts employ security staff to monitor safety and security in and around schools. Some schools employ off-duty police officers as school security officers, while others designate a particular school official to be responsible for referring potential or alleged violations of law to local police authorities. Under FERPA, investigative reports and other records created and maintained by these "law enforcement units" are not considered "education records" subject to FERPA. Accordingly, schools may disclose information from law enforcement unit records to anyone, including outside law enforcement authorities, without parental consent. See 34 CFR § 99.8.
While a school has flexibility in deciding how to carry out safety functions, it must also indicate to parents in its school policy or information provided to parents which office or school official serves as the school's "law enforcement unit." (The school's notification to parents of their rights under FERPA can include this designation. As an example, the U.S. Department of Education has posted a model notification on the Web at: http://www.ed.gov /policy/gen/guid/fpco/ferpa/lea-officials.html.)
Law enforcement unit officials who are employed by the school should be designated in its FERPA notification as "school officials" with a "legitimate educational interest." As such, they may be given access to personally identifiable information from students' education records. The school's law enforcement unit officials must protect the privacy of education records it receives and may disclose them only in compliance with FERPA. For that reason, it is advisable that law enforcement unit records be maintained separately from education records. |
| Addressing Emergencies on Campus June 2011 | Date Captured | Tuesday June 28, 2011 06:32 PM | | United States Department of Education (USED) : Summary of two
applicable Federal education laws administered by the Department of Education (Department):
the Family Educational Rights and Privacy Act (FERPA) and the Higher Education Act of 1965
(HEA), as amended. This Federal component is only one piece of what is necessary to consider
in ensuring the safety of our Nation’s students, faculty, and school staff. A comprehensive and
effective campus policy must incorporate all Federal and State policies regarding health and
safety emergencies, education, student privacy, civil rights, and law enforcement, as well as
specific local community needs.
|
| CDTRefocusing the FTC’s Role in Privacy Protection | Date Captured | Monday December 14, 2009 05:31 PM | | Comments of the Center for Democracy & Technology (CDT) in regards to the FTC Consumer Privacy Roundtable. |
| Child identity theftA Better Start: Clearing Up Credit Records for California Foster Children | Date Captured | Tuesday September 13, 2011 01:16 PM | | This report
summarizes the result of the project team’s work on behalf of over 2,110 foster children
in Los Angeles County, and it also recommends new procedures for use in helping this
vulnerable population statewide.
Key Findings of the Pilot Project
• The project team successfully cleared all negative items from the credit reports of
104 foster children.
• These 104 children (5% of the pilot project sample) had 247 separate accounts
reported in their names, as the result of errors or identity theft.
• The average account balance was $1,811, with the largest being a home loan of
over $200,000.
• The accounts found were two to three years old, opened when the child was 14
years old on average.
• 12% of the children had records loosely linked to them by Social Security number
only, which while not affecting their credit ratings could nevertheless pose
problems for them in the future. |
| Civil LibertiesCoalition pushes ECPA update for online privacy in cloud computing age| Date Captured | Wednesday March 31, 2010 04:46 PM | | [A powerful collection of organizations has formed a new coalition to push for an update to the Electronic Communications Privacy Act (ECPA). Members of the coalition include Google, Microsoft, AT&T, AOL, Intel, the ACLU and the Electronic Frontier Foundation. The guidance from the coalition would enshrine principles for “digital due process,” online privacy and data protection in the age of cloud computing within an updated ECPA.]
|
| Digital Due Process| Date Captured | Wednesday March 31, 2010 04:23 PM | | [A powerful collection of organizations has formed a new coalition to push for an update to the Electronic Communications Privacy Act (ECPA). Members of the coalition include Google, Microsoft, AT&T, AOL, Intel, the ACLU and the Electronic Frontier Foundation. The guidance from the coalition would enshrine principles for “digital due process,” online privacy and data protection in the age of cloud computing within an updated ECPA.]
|
| Civil RightsRevealing New Truths About Our Nation's Schools| Date Captured | Tuesday March 06, 2012 05:54 PM | | CRDC makes public long-hidden data about which students are suspended, expelled, and arrested in school. |
| CleryAddressing Emergencies on Campus June 2011 | Date Captured | Tuesday June 28, 2011 06:32 PM | | United States Department of Education (USED) : Summary of two
applicable Federal education laws administered by the Department of Education (Department):
the Family Educational Rights and Privacy Act (FERPA) and the Higher Education Act of 1965
(HEA), as amended. This Federal component is only one piece of what is necessary to consider
in ensuring the safety of our Nation’s students, faculty, and school staff. A comprehensive and
effective campus policy must incorporate all Federal and State policies regarding health and
safety emergencies, education, student privacy, civil rights, and law enforcement, as well as
specific local community needs.
|
| The Handbook for Campus Safety and Security Reporting| Date Captured | Friday March 11, 2011 07:35 PM | | FERPA does not preclude an institution’s compliance
with the timely warning provision of the campus security
regulations. FERPA recognizes that information can, in case of
an emergency, be released without consent when needed to
protect the health and safety of others. In addition, if
institutions utilize information from the records of a campus
law enforcement unit to issue a timely warning, FERPA is not
implicated as those records are not protected by FERPA. U.S. Department of
Education, Office of Postsecondary Education, The Handbook for Campus Safety and Security Reporting,
Washington, D.C., 2011.
|
| Cloud ComputingIN THE CLOUD| Date Captured | Wednesday February 06, 2013 02:14 PM | | News & policy about the CLOUD. Check paper archives. Updated regularly. |
| SPOTLIGHT ON CLOUD COMPUTING: IF IN THE CLOUD, GET IT ON PAPER: CLOUD COMPUTING CONTRACT ISSUES| Date Captured | Friday February 01, 2013 11:30 PM | | SPOTLIGHT ON CLOUD COMPUTING: IF IT'S IN THE CLOUD, GET IT EDUCAUSE WEBINAR ON CLOUD COMPUTING CONTRACT ISSUES
Friday, December 10, 2010
Author(s) Thomas Trappler (UCLA)
Source(s) EDUCAUSE Live! Webinars, Webinars |
| FERPA and the Cloud: Why FERPA Desperately Needs Reform| Date Captured | Tuesday December 11, 2012 06:51 AM | | SOLOVE: Parents should lobby Congress and their state legislatures to pass laws providing better protections of their children’s data. This is an issue that should be of great concern to parents since educational institutions possess a staggering amount of personal data about students, and this data can currently be outsourced to nearly any company anywhere – even to a cloud computing provider in the most totalitarian country in the world! |
| Frequently Asked Questions—Cloud Computing| Date Captured | Monday September 24, 2012 10:25 AM | | FERPA
does
not
prohibit
the
use
of
cloud
computing
solutions
for
the
purpose
of
hosting
education
records;
rather,
FERPA
requires
States
to
use
reasonable
methods
to
ensure
the
security
of
their
information
technology
(IT)
solutions. |
| Guidelines on Security and Privacy in Public Cloud Computing | Date Captured | Friday February 04, 2011 03:36 PM | | Cloud computing can and does mean different things to different people. The common
characteristics most share are on-demand scalability of highly available and reliable pooled
computing resources, secure access to metered services from nearly anywhere, and dislocation of
data from inside to outside the organization. While aspects of these characteristics have been
realized to a certain extent, cloud computing remains a work in progress. This publication
provides an overview of the security and privacy challenges pertinent to public cloud computing
and points out considerations organizations should take when outsourcing data, applications, and
infrastructure to a public cloud environment. Draft Special Publication 800-144
|
| REPORT: FUTURE OF THE INTERNET, CLOUD COMPUTING - The future of cloud computing| Date Captured | Tuesday June 15, 2010 10:50 PM | | [The future of cloud computing
Technology experts and stakeholders say they expect they will ‘live mostly
in the cloud’ in 2020 and not on the desktop, working mostly through
cyberspace-based applications accessed through networked devices. This
will substantially advance mobile connectivity through smartphones and
other internet appliances. Many say there will be a cloud-desktop hybrid.
Still, cloud computing has many difficult hurdles to overcome, including
concerns tied to the availability of broadband spectrum, the ability of
diverse systems to work together, security, privacy, and quality of service. ]
Janna Quitney Anderson, Elon University;
Lee Rainie, Pew Research Center’s Internet & American Life Project
|
| Coalition pushes ECPA update for online privacy in cloud computing age| Date Captured | Wednesday March 31, 2010 04:46 PM | | [A powerful collection of organizations has formed a new coalition to push for an update to the Electronic Communications Privacy Act (ECPA). Members of the coalition include Google, Microsoft, AT&T, AOL, Intel, the ACLU and the Electronic Frontier Foundation. The guidance from the coalition would enshrine principles for “digital due process,” online privacy and data protection in the age of cloud computing within an updated ECPA.]
|
| Sunguard| Date Captured | Saturday November 21, 2009 01:02 PM | | [Student Information Management -- eSchoolPLUS is a student management system that helps educators and parents by providing them direct, real-time access to the most relevant student information available. Teachers and administrators can easily manage day-to-day student information and data such as demographics, scheduling, attendance, discipline, standardized tests, report cards and transcripts. With eSchoolPLUS, parents gain the ability to be more informed as to their child’s grades, attendance, assignments and discipline information. Superintendents, principals and other district administrators and school board members can track daily school status, student performance and progress.] |
| Common CoreRace to the Top Reform Flow Chart| Date Captured | Saturday September 29, 2012 10:04 AM | |
| CED Family Elements| Date Captured | Wednesday May 02, 2012 08:28 PM | | Family income & source |
| CEDS Elements Screen Shot| Date Captured | Wednesday May 02, 2012 08:19 PM | | Weeks of gestation, birthweight |
| SLC, Common Core, LRMI NYSED| Date Captured | Sunday April 29, 2012 05:45 PM | | Common Core & metatags |
| Cómo proteger la información personal de su hijo en la escuelaFTC Alerta para Consumidores: Cómo proteger la información personal de su hijo en la escuela | Date Captured | Sunday September 11, 2011 07:37 PM | | Pregunte en la escuela de su hijo cuál es la política aplicable al directorio de información de los estudiantes. En el directorio de
información de los estudiantes se pueden listar el nombre, domicilio, fecha de nacimiento, número de teléfono, domicilio de email y foto de
su hijo. La ley FERPA establece que las escuelas deben notificar a los padres y tutores sus respectivas políticas aplicables al directorio de
información de los estudiantes, y darle el derecho de optar por que no se suministre esa información a terceros. Es mejor que presente su
solicitud por escrito y que guarde una copia para sus archivos. Si usted no ejerce su derecho de optar por que no se comparta la
información de su hijo, los datos listados en el directorio de la escuela pueden estar a disposición no sólo de los compañeros de clase y
personal de la escuela de su hijo, sino también del público en general. |
| ConfidentialityGuide to Protecting the Confidentiality of Personally Identifiable Information (PII) | Date Captured | Monday May 03, 2010 11:04 AM | | Recommendations of the National Institute of Standards and Technology - [The escalation of security breaches involving personally identifiable information (PII) has contributed to
the loss of millions of records over the past few years. Breaches involving PII are hazardous to both
individuals and organizations. Individual harms may include identity theft, embarrassment, or blackmail.
Organizational harms may include a loss of public trust, legal liability, or remediation costs. To
appropriately protect the confidentiality of PII, organizations should use a risk-based approach; as
McGeorge Bundy once stated, "If we guard our toothbrushes and diamonds with equal zeal, we will lose
fewer toothbrushes and more diamonds." This document provides guidelines for a risk-based approach to protecting the confidentiality of PII. The recommendations in this document are intended primarily for
U.S. Federal government agencies and those who conduct business on behalf of the agencies, but other
organizations may find portions of the publication useful. Each organization may be subject to a different
combination of laws, regulations, and other mandates related to protecting PII, so an organization‘s legal
counsel and privacy officer should be consulted to determine the current obligations for PII protection.
For example, the Office of Management and Budget (OMB) has issued several memoranda with
requirements for how Federal agencies must handle and protect PII. To effectively protect PII,
organizations should implement the following recommendations.]
|
| Consumer PrivacyDirectory Information Part 1 (WAV file, no text -- it's audio) | Date Captured | Sunday December 26, 2010 05:36 PM | | EDNY comments on Data Quality Campaign webcast with US ED response. See Part 2 for continuation of conversation. |
| Directory Information Part 2 (This file is an audio 'wav' file) | Date Captured | Sunday December 26, 2010 05:23 PM | | Part 2 of EDNY comments on Data Quality Campaign webcast with US ED response. |
| COMMERCIAL DATA PRIVACY AND INNOVATION IN THE INTERNET ECONOMY: A DYNAMIC POLICY FRAMEWORK | Date Captured | Thursday December 16, 2010 01:16 PM | | US DEPT OF COMMERCE REPORT says the principles "should promote increased transparency through simple notices, clearly articulated purposes for data collection, commitments to limit data uses to fulfill these purposes, and expanded use of robust audit systems to bolster accountability." NO RECOMMENDATIONS REGARDING EDUCATION AND FERPA DIRECTORY INFORMATION. |
| Letter to: Chairman Boucher and Ranking Member Stearns| Date Captured | Monday June 07, 2010 06:26 PM | | Mike Sachoff -- [In response to a discussion draft of a new privacy bill now under consideration by the House Subcommittee on Communications, Technology and the Internet, ten privacy and consumer groups today called for stronger measures to protect consumer privacy both online and off.
The organizations including the Consumer Federation of America, Electronic Frontier Foundation, Consumer Watchdog, World Privacy Forum, Consumer Action, USPIRG, Privacy Rights Clearinghouse, Privacy Times, Privacy Lives, and the Center for Digital Democracy, raised their concerns in a letter to Subcommittee Chairman Rick Boucher and Ranking Member Cliff Stearns.
The groups recommended the following:
*The bill should incorporate the Fair Information Practice Principles that have long served as the bedrock of consumer privacy protection in the U.S., including the principle of not collecting more data than is necessary for the stated purposes, limits on how long data should be retained, and a right to access and correct one's data.
*The bill's definitions of what constitutes "sensitive information" need to be expanded; for instance, to include health-related information beyond just "medical records."
*The bill should require strict "opt-in" procedures for the collection and use of covered data and should prohibit the collection and use of any sensitive information except for the transactions for which consumers provided it.]
|
| FACEBOOK - Complaint, Request for Investigation, Injunction, and Other Relief | Date Captured | Monday May 10, 2010 09:54 AM | | [This complaint concerns material changes to privacy settings made by Facebook, the
largest social network service in the United States, that adversely impact the users of
the service. Facebook now discloses personal information to the public that Facebook
users previously restricted. Facebook now discloses personal information to third
parties that Facebook users previously did not make available. These changes violate
user expectations, diminish user privacy, and contradict Facebook’s own
representations. These business practices are Unfair and Deceptive Trade Practices,
subject to review by the Federal Trade Commission (the “Commission”) under
section 5 of the Federal Trade Commission Act.]
|
| DRAFT - Boucher bill| Date Captured | Thursday May 06, 2010 08:34 AM | | A BILL : To require notice to and consent of an individual prior to
the collection and disclosure of certain personal informa-
tion relating to that individual.
|
| Proposed Privacy Legislation Wins Few Fans| Date Captured | Thursday May 06, 2010 08:24 AM | | WSJ : [ The goal for the legislation is to set a standard for consumer privacy protections and also provide consumers with more transparency and control regarding the collection, use and sharing of their information, said Rep. Rick Boucher (D., Va.). Mr. Boucher released a draft of the bill for discussion on Tuesday along with Rep. Cliff Stearns (R., Fla.).
The bill stipulates that as a general rule companies can collect information about consumers unless a person opts out of that data collection — a point of contention among privacy advocates.
The regulation also specifies standards for the collection and use of personally identifiable information. Companies must disclose to consumers if they are collecting personally identifiable information and how they are using that data. Consumers must give a company permission to share that personally identifiable information with outside companies. ] |
| THE FAILURE OF FAIR INFORMATION PRACTICE PRINCIPLES forthcoming in Consumer Protection in the Age of the ‘Information Economy’ | Date Captured | Sunday January 31, 2010 10:03 PM | | Fred H. Cate - [The key is refocusing FIPPS on substantive tools for protecting privacy,
and away from notice and consent; leveling the playing field between information processors and
data subjects; and created sufficient, but limited, liability so that data processors will have
meaningful incentives, rather than bureaucratic regulations, to motivate appropriate behavior, and
that individuals will be compensated when processing results in serious harm. This is only a first
step. These proposed Consumer Privacy Protection Principles are undoubtedly incomplete and
imperfect, but they are an effort to return to a more meaningful dialogue about the legal regulation
of privacy and the value of information flows in the face of explosive growth in technological
capabilities in an increasingly global society.]
|
| Comments of the World Privacy Forum to FTC, Nov. 6, 2009| Date Captured | Thursday December 17, 2009 10:58 PM | | Pam Dixon Executive Director, World Privacy Forum -- Re: Privacy Roundtables – Comment, Project No. P095416 -
[The World Privacy Forum understands that businesses have a right to exist and to make money,
and that advertising and marketing is part of the marketplace. But we also believe that there is
not a reasonable balance right now between what data is being collected and used, and what
consumers can do to manage that data and their privacy. There are no perfect solutions, but we
think that a rights-based framework based on approaches contained in the Fair Credit Reporting
Act and on Fair Information Practices will address many of the problems and help create
solutions that are equitable for all stakeholders.]
|
| Refocusing the FTC’s Role in Privacy Protection | Date Captured | Monday December 14, 2009 05:31 PM | | Comments of the Center for Democracy & Technology (CDT) in regards to the FTC Consumer Privacy Roundtable. |
| DOD nixes vendor of online monitoring software over privacy concerns| Date Captured | Monday December 07, 2009 08:53 PM | | Jaikumar Vijayan writes [In September, EPIC, a Washington-based privacy advocacy group, filed a complaint against EchoMetrix with the Federal Trade Commission. EPIC claimed that EchoMetrix was violating the provisions of the Children's Online Privacy Protection Act (COPPA) by collecting personally identifiable information about children and their browsing habits and online chats.
EPIC claimed that EchoMetrix used the information to deliver targeted advertising to children and also sold that information to third-party marketers. In its complaint, EPIC pointed to a separate service offered by EchoMetrix called Pulse, which analyzes data gathered from multiple sources including instant messages, blogs and chat rooms. The information is sold as market research intelligence to marketing companies, the EPIC complaint said.]
[ |
| Ad Industry Works on Ads About Ads | Date Captured | Tuesday November 24, 2009 03:07 PM | | Wall Street Journal Emily Steel writes -- [At issue is the practice of tracking consumers’ Web activities — from the searches they make to the sites they visit and the products they buy — for the purpose of targeting ads.
The efforts follow calls from the FTC earlier this year for Web advertisers and Internet companies to do a better job explaining how they track and use information about consumers’ Web activities and creating a simple way consumers can opt out of being tracked.] |
| Lawmakers probe deeper into privacy | Date Captured | Saturday November 21, 2009 01:16 PM | | By Kim Hart - 11/19/09 04:00 PM ET - [Jennifer Barrett, an executive with Acxiom, a marketing company, said the firm could collect 1,500 possible data points about individual consumers, such as age, hobbies, address, occupation and recent purchases. Acxiom typically maintains 20-40 data points on the average person. Acxiom receives that information from public records, surveys consumers fill out voluntarily (such as warranty cards) and information from other companies.
In response to questions from Rep. Mike Doyle (D-Penn.), Barrett said consumers can see what data has been stored about them and can change or delete information used for marketing purposes. But consumers cannot find out who else has bought their data from Axciom.] |
| Federal data breach notification standard must pre-empt state laws| Date Captured | Monday November 16, 2009 08:33 PM | | Nextgov Jill R. Aitoro writes -- [The Data Breach Notification Act, introduced in January by Sen. Dianne Feinstein, D-Calif., would authorize the attorney general to bring civil actions against firms that failed to notify people whose personal information had been compromised in a breach and would extend notification requirements to government agencies. The Personal Data Privacy and Security Act, introduced in July by Sen. Patrick Leahy, D-Vt., also would set notification requirements and tighter criminal penalties for identity theft and willful concealment of a breach, and would require businesses to implement preventive security standards to guard against threats to their databases.]
[Two states are credited for having breach notification laws with the most teeth, said Peter McLaughlin, senior counsel with Foley & Lardner LLP and a member of the law firm's privacy, security and information management practice. Foley & Lardner released a report on Monday that provides in-depth coverage of all major aspects of U.S. and international security breach laws.] |
| Refocusing the FTC’s Role in Privacy Protection| Date Captured | Tuesday November 10, 2009 03:33 PM | | Center for Technology in Government (CDT) Policy Post 15.17, November 10, 2009. [
A Briefing On Public Policy Issues Affecting Civil Liberties Online from The Center For Democracy and Technology
Refocusing the FTC’s Role in Privacy Protection
1) CDT Submits Comments in regards to the FTC Consumer Privacy Roundtable
2) The Significance of a Comprehensive Set of Fair Information Practice Principles
3) Examining FIPs at Work: Recent FTC Enforcement Actions Demonstrate a Path Forward
4) CDT Recommendations for Future FTC Action
|
| PUBLIC Law, Chapter 230 LD 1183, item 1, 124th Maine State Legislature | Date Captured | Sunday November 08, 2009 10:35 PM | | SP0431, LR 597, item 1, Signed on 2009-06-02 00:00:00.0 - First Regular Session - 124th Maine Legislature, page 1 -
2. Marketing purposes. "Marketing purposes," with respect to the use of health-related
information or personal information, means the purposes of marketing or advertising products, goods or
services to individuals.
3. Person. "Person" includes an individual, firm, partnership, corporation, association, syndicate,
organization, society, business trust, attorney-in-fact and every natural or artificial legal entity.
4. Personal information. "Personal information" means individually identifiable information,
including:
A. An individual's first name, or first initial, and last name;
B. A home or other physical address;
C. A social security number;
D. A driver's license number or state identification card number; and
E. Information concerning a minor that is collected in combination with an identifier described in
this subsection.
5. Verifiable parental consent. "Verifiable parental consent" means any reasonable effort,
taking into consideration available technology, including a request for authorization for future collection,
use and disclosure described in the notice, to ensure that a parent of a minor receives notice of the
PUBLIC Law, Chapter 230 LD 1183, item 1, 124th Maine State Legislature
An Act To Prevent Predatory Marketing Practices against Minors
collection of personal information, use and disclosure practices and authorizes the collection, use and
disclosure, as applicable, of personal information and the subsequent use of that information before that
information is collected from that minor.
§ 9552. Unlawful collection and use of data from minors |
| 201 CMR 17.00: STANDARDS FOR THE PROTECTION OF PERSONAL INFORMATION OF RESIDENTS OF THE COMMONWEALTH| Date Captured | Saturday November 07, 2009 04:49 PM | | (1) Purpose
This regulation implements the provisions of M.G.L. c. 93H relative to the standards to be met
by persons who own or license personal information about a resident of the Commonwealth of
Massachusetts. This regulation establishes minimum standards to be met in connection with
the safeguarding of personal information contained in both paper and electronic records. The
objectives of this regulation are to insure the security and confidentiality of customer
information in a manner fully consistent with industry standards; protect against anticipated
threats or hazards to the security or integrity of such information; and protect against unauthorized access to or use of such information that may result in substantial harm or
inconvenience to any consumer. |
| Kids' Privacy| Date Captured | Sunday November 01, 2009 09:40 PM | | [Thanks to COPPA, sites have to get a parent’s permission if they want to collect or share your kids’ personal information, with only a few exceptions. That goes for information sites ask for up-front, and information your kids choose to post about themselves. Personal information includes your child’s full name, address, email address, or cell phone number.
Under COPPA, sites also have to post privacy policies that give details about what kind of information they collect from kids — and what they might do with it (say, to send a weekly newsletter, direct advertising to them, or give the information to other companies). If a site plans to share the child’s information with another company, the privacy policy must say what that company will do with it. Links to the policies should be in places where they’re easy to spot.
What Can You Do?
Your kids’ personal information and privacy are valuable —to you, to them, and to marketers.]
*****NOTE DISPARITY WITH PROTECTION PROVIDED UNDER FERPA.
|
| COPPACOMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER to THE FEDERAL TRADE COMMISSION | Date Captured | Monday March 07, 2011 06:04 PM | |
Marc Rotenberg, EPIC testimony to FTC: COPPA currently defines PI as: Personal information means individually identifiable information about an
individual collected online, including:
(a) A first and last name;
(b) A home or other physical address including street name and name of a city or
town;
(c) An e-mail address or other online contact information, including but not
limited to an instant messaging user identifier, or a screen name that reveals an
individual's e-mail address;
(d) A telephone number;
(e) A Social Security number;
(f) A persistent identifier, such as a customer number held in a cookie or a
processor serial number, where such identifier is associated with individually
identifiable information; or a combination of a last name or photograph of the
individual with other information such that the combination permits physical or
online contacting; or
(g) Information concerning the child or the parents of that child that the operator
collects online from the child and combines with an identifier described in this
definition.
|
| COPPA Rulemaking and Rule Reviews| Date Captured | Monday March 07, 2011 05:46 PM | | Includes public testimony and roundtable. March 24, 2010 |
| How Different are Young Adults from Older Adults When it Comes to Information Privacy Attitudes and Policies?| Date Captured | Thursday April 15, 2010 06:12 PM | | Chris Jay Hoofnagle - University of California, Berkeley - School of Law, Berkeley Center for Law & Technology; Jennifer King -UC Berkeley School of Information; Berkeley Center for Law & Technology; Su Li- University of California, Berkeley- School of Law, Center for the Study of Law and Society; Joseph Turow -
University of Pennsylvania - Annenberg School for Communication: [Abstract:
Media reports teem with stories of young people posting salacious photos online, writing about alcohol-fueled misdeeds on social networking sites, and publicizing other ill-considered escapades that may haunt them in the future. These anecdotes are interpreted as representing a generation-wide shift in attitude toward information privacy. Many commentators therefore claim that young people “are less concerned with maintaining privacy than older people are.” Surprisingly, though, few empirical investigations have explored the privacy attitudes of young adults. This report is among the first quantitative studies evaluating young adults’ attitudes. It demonstrates that the picture is more nuanced than portrayed in the popular media. ]
[Among the findings:
_ Eighty-eight percent of people of all ages said they have refused to give out information to a business because they thought it was too personal or unnecessary. Among young adults, 82 percent have refused, compared with 85 percent of those over 65.
_ Most people — 86 percent — believe that anyone who posts a photo or video of them on the Internet should get their permission first, even if that photo was taken in public. Among young adults 18 to 24, 84 percent agreed — not far from the 90 percent among those 45 to 54.
_ Forty percent of adults ages 18 to 24 believe executives should face jail time if their company uses someone's personal information illegally — the same as the response among those 35 to 44 years old.] |
| FTC Seeks Comment on Children's Online Privacy Protections; Questions Whether Changes to Technology Warrant Changes to Agency Rule.| Date Captured | Tuesday April 06, 2010 02:51 PM | | [In a Federal Register notice to be published shortly, the FTC poses its standard regulatory review questions and identifies several areas where public comment would be especially useful. Among other things, the FTC asks:
What implications for COPPA enforcement are raised by mobile communications, interactive television, interactive gaming, or other similar interactive media.
For input on the use of automated systems – those that filter out any personally identifiable information prior to posting – to review children’s Web submissions.
Whether operators have the ability to contact specific individuals using information collected from children online, such as persistent IP addresses, mobile geolocation data, or information collected in connection with behavioral advertising, and whether the Rule’s definition of “personal information” should be expanded accordingly.
Whether there are additional technological methods to obtain verifiable parental consent that should be added to the COPPA Rule, and whether any of the methods currently included should be removed.
Whether parents are exercising their right under the Rule to review or delete personal information collected from their children, and what challenges operators face in authenticating parents.
Whether the Rule’s process for FTC approval of self-regulatory guidelines – known as safe harbor programs – has enhanced compliance, and whether the criteria for FTC approval and oversight of the guidelines should be modified in any way.] |
| DOD nixes vendor of online monitoring software over privacy concerns| Date Captured | Monday December 07, 2009 08:53 PM | | Jaikumar Vijayan writes [In September, EPIC, a Washington-based privacy advocacy group, filed a complaint against EchoMetrix with the Federal Trade Commission. EPIC claimed that EchoMetrix was violating the provisions of the Children's Online Privacy Protection Act (COPPA) by collecting personally identifiable information about children and their browsing habits and online chats.
EPIC claimed that EchoMetrix used the information to deliver targeted advertising to children and also sold that information to third-party marketers. In its complaint, EPIC pointed to a separate service offered by EchoMetrix called Pulse, which analyzes data gathered from multiple sources including instant messages, blogs and chat rooms. The information is sold as market research intelligence to marketing companies, the EPIC complaint said.]
[ |
| Kids' Privacy| Date Captured | Sunday November 01, 2009 09:40 PM | | [Thanks to COPPA, sites have to get a parent’s permission if they want to collect or share your kids’ personal information, with only a few exceptions. That goes for information sites ask for up-front, and information your kids choose to post about themselves. Personal information includes your child’s full name, address, email address, or cell phone number.
Under COPPA, sites also have to post privacy policies that give details about what kind of information they collect from kids — and what they might do with it (say, to send a weekly newsletter, direct advertising to them, or give the information to other companies). If a site plans to share the child’s information with another company, the privacy policy must say what that company will do with it. Links to the policies should be in places where they’re easy to spot.
What Can You Do?
Your kids’ personal information and privacy are valuable —to you, to them, and to marketers.]
*****NOTE DISPARITY WITH PROTECTION PROVIDED UNDER FERPA.
|
| Current law & proposed legislationNY Assembly bill A.8474 same as NY Senate bill S.2357B| Date Captured | Monday January 23, 2012 12:38 PM | | Requires active parental consent to release personal and sensitive information (categorized as directory information under FERPA) about students. This bill passed the NY Senate 62-0 in the 2011 session. It has been sponsored & reintroduced in the Assembly by Assemblywoman Linda Rosenthal & in the Senate by Sen. Suzi Oppenheimer for the 2012 legislative session.
|
| APPENDIX A: FERPA Guidance for Reasonable Methods and Written Agreements| Date Captured | Thursday January 05, 2012 05:57 PM | | FERPA represents the floor for protecting [student] privacy, not the ceiling. PAGE A-5 Federal Register/Vol. 76, No. 232/Friday, December 2, 2011/Rules and Regulations. |
| DEPARTMENT OF EDUCATION 34 CFR Part 99 in the Federal Register (76 FR 19726)| Date Captured | Monday December 05, 2011 11:20 AM | | SUMMARY: The Secretary of Education
(Secretary) amends the regulations
implementing section 444 of the General
Education Provisions Act (GEPA),
which is commonly referred to as the
Family Educational Rights and Privacy
Act (FERPA). These amendments are
needed to ensure that the U.S.
Department of Education (Department
or we) continues to implement FERPA
in a way that protects the privacy of
education records while allowing for the
effective use of data. Improved access to
data will facilitate States’ ability to
evaluate education programs, to ensure
limited resources are invested
effectively, to build upon what works
and discard what does not, to increase
accountability and transparency, and to
contribute to a culture of innovation and
continuous improvement in education.
|
| Cyber BullyingCYBERBULLYING: A Report on Bullying in a Digital Age| Date Captured | Tuesday December 27, 2011 02:28 PM | | NY Senate Independent Democratic Conference Sept. 2011 report. |
| Data BrokerData Brokers – Is Consumers’ Information Secure| Date Captured | Friday November 13, 2015 09:27 AM | | Ms. Pam Dixon; Executive Director -World Privacy Forum before Subcommittee on Privacy, Technology and the Law, Date: Tuesday, November 3, 2015;
Time: 02:30 PM;
Location: Dirksen Senate Office Building 226;
Presiding: Chairman Flake |
| Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers| Date Captured | Monday March 26, 2012 11:16 AM | | The final report calls on companies handling consumer data to implement recommendations for protecting privacy, including:
Privacy by Design - companies should build in consumers' privacy protections at every stage in developing their products. These include reasonable security for consumer data, limited collection and retention of such data, and reasonable procedures to promote data accuracy;
Simplified Choice for Businesses and Consumers - companies should give consumers the option to decide what information is shared about them, and with whom. This should include a Do-Not-Track mechanism that would provide a simple, easy way for consumers to control the tracking of their online activities.
Greater Transparency - companies should disclose details about their collection and use of consumers' information, and provide consumers access to the data collected about them. *****Data Brokers - The Commission calls on data brokers to make their operations more transparent by creating a centralized website to identify themselves, and to disclose how they collect and use consumer data. In addition, the website should detail the choices that data brokers provide consumers about their own information. |
| CA: State colleges, alumni groups reap $6.6M in credit card royalties | Date Captured | Friday September 02, 2011 08:29 PM | | Erica Perez; Under the agreements, banks typically get exclusive rights to market credit cards to university students and alumni, and they pay royalties to the universities or related organizations based on the number of new credit card accounts opened.] Excerpt from source linked to entry: [university must give the bank mailing lists for alumni, faculty, staff, fans, ticket holders, donors, undergraduates and graduate students. The lists include postal addresses, telephone numbers and e-mail addresses.] |
| American Student List (ASL)| Date Captured | Monday March 07, 2011 05:39 PM | | Student data for sale ONLINE. College Bound High School Students - Over 3 million high school juniors and seniors who have indicated an interest in higher education. Selectable by class year, age, head of household, income, geography and more;
Teenage Lifestyle Interests - 5 million individuals ages 14-19. Selectable by self-reported interests in specific areas including sports, scholastic activities, careers, computers and more;
College Students -
Approximately 5 million students attending numerous colleges and universities. Home and/or school addresses and phone numbers are available. Selectable by class year, field of study, college attended, tuition level, competitive rank and more;
College Grads And Alumni - Approximately 17 million College Grads/Alumni. Selectable by school last attended, household income, home ownership and more; Families With Children -
20 million households with the presence of children, tweens and teens (newborn through age 19). Selectable by head of household, income, gender, ethnicity, geography and more.
Ethnic Lists - Over 3 million Ethnic Teens, 4.5 million Ethnic Families and 15 million Ethnic Young Adults. Numerous backgrounds are available including Hispanic/Latino, Asian-American, Native-American, African-American and more. Also available — Foreign-Speaking Teens — first- or second-generation teens who speak the language of their ethnic group. |
| Directory Information Part 1 (WAV file, no text -- it's audio) | Date Captured | Sunday December 26, 2010 05:36 PM | | EDNY comments on Data Quality Campaign webcast with US ED response. See Part 2 for continuation of conversation. |
| Directory Information Part 2 (This file is an audio 'wav' file) | Date Captured | Sunday December 26, 2010 05:23 PM | | Part 2 of EDNY comments on Data Quality Campaign webcast with US ED response. |
| Schools Selling Students' Personal Information| Date Captured | Wednesday October 06, 2010 03:17 PM | | Link to stories about schools selling student information |
| Comments of the World Privacy Forum to FTC, Nov. 6, 2009| Date Captured | Thursday December 17, 2009 10:58 PM | | Pam Dixon Executive Director, World Privacy Forum -- Re: Privacy Roundtables – Comment, Project No. P095416 -
[The World Privacy Forum understands that businesses have a right to exist and to make money,
and that advertising and marketing is part of the marketplace. But we also believe that there is
not a reasonable balance right now between what data is being collected and used, and what
consumers can do to manage that data and their privacy. There are no perfect solutions, but we
think that a rights-based framework based on approaches contained in the Fair Credit Reporting
Act and on Fair Information Practices will address many of the problems and help create
solutions that are equitable for all stakeholders.]
|
| DOD nixes vendor of online monitoring software over privacy concerns| Date Captured | Monday December 07, 2009 08:53 PM | | Jaikumar Vijayan writes [In September, EPIC, a Washington-based privacy advocacy group, filed a complaint against EchoMetrix with the Federal Trade Commission. EPIC claimed that EchoMetrix was violating the provisions of the Children's Online Privacy Protection Act (COPPA) by collecting personally identifiable information about children and their browsing habits and online chats.
EPIC claimed that EchoMetrix used the information to deliver targeted advertising to children and also sold that information to third-party marketers. In its complaint, EPIC pointed to a separate service offered by EchoMetrix called Pulse, which analyzes data gathered from multiple sources including instant messages, blogs and chat rooms. The information is sold as market research intelligence to marketing companies, the EPIC complaint said.]
[ |
| GOOD STUDENT LIST FOR SALE| Date Captured | Saturday November 21, 2009 01:57 PM | | See lists for sale. |
| Lawmakers probe deeper into privacy | Date Captured | Saturday November 21, 2009 01:16 PM | | By Kim Hart - 11/19/09 04:00 PM ET - [Jennifer Barrett, an executive with Acxiom, a marketing company, said the firm could collect 1,500 possible data points about individual consumers, such as age, hobbies, address, occupation and recent purchases. Acxiom typically maintains 20-40 data points on the average person. Acxiom receives that information from public records, surveys consumers fill out voluntarily (such as warranty cards) and information from other companies.
In response to questions from Rep. Mike Doyle (D-Penn.), Barrett said consumers can see what data has been stored about them and can change or delete information used for marketing purposes. But consumers cannot find out who else has bought their data from Axciom.] |
| Federal data breach notification standard must pre-empt state laws| Date Captured | Monday November 16, 2009 08:33 PM | | Nextgov Jill R. Aitoro writes -- [The Data Breach Notification Act, introduced in January by Sen. Dianne Feinstein, D-Calif., would authorize the attorney general to bring civil actions against firms that failed to notify people whose personal information had been compromised in a breach and would extend notification requirements to government agencies. The Personal Data Privacy and Security Act, introduced in July by Sen. Patrick Leahy, D-Vt., also would set notification requirements and tighter criminal penalties for identity theft and willful concealment of a breach, and would require businesses to implement preventive security standards to guard against threats to their databases.]
[Two states are credited for having breach notification laws with the most teeth, said Peter McLaughlin, senior counsel with Foley & Lardner LLP and a member of the law firm's privacy, security and information management practice. Foley & Lardner released a report on Monday that provides in-depth coverage of all major aspects of U.S. and international security breach laws.] |
| PUBLIC Law, Chapter 230 LD 1183, item 1, 124th Maine State Legislature | Date Captured | Sunday November 08, 2009 10:35 PM | | SP0431, LR 597, item 1, Signed on 2009-06-02 00:00:00.0 - First Regular Session - 124th Maine Legislature, page 1 -
2. Marketing purposes. "Marketing purposes," with respect to the use of health-related
information or personal information, means the purposes of marketing or advertising products, goods or
services to individuals.
3. Person. "Person" includes an individual, firm, partnership, corporation, association, syndicate,
organization, society, business trust, attorney-in-fact and every natural or artificial legal entity.
4. Personal information. "Personal information" means individually identifiable information,
including:
A. An individual's first name, or first initial, and last name;
B. A home or other physical address;
C. A social security number;
D. A driver's license number or state identification card number; and
E. Information concerning a minor that is collected in combination with an identifier described in
this subsection.
5. Verifiable parental consent. "Verifiable parental consent" means any reasonable effort,
taking into consideration available technology, including a request for authorization for future collection,
use and disclosure described in the notice, to ensure that a parent of a minor receives notice of the
PUBLIC Law, Chapter 230 LD 1183, item 1, 124th Maine State Legislature
An Act To Prevent Predatory Marketing Practices against Minors
collection of personal information, use and disclosure practices and authorizes the collection, use and
disclosure, as applicable, of personal information and the subsequent use of that information before that
information is collected from that minor.
§ 9552. Unlawful collection and use of data from minors |
| 201 CMR 17.00: STANDARDS FOR THE PROTECTION OF PERSONAL INFORMATION OF RESIDENTS OF THE COMMONWEALTH| Date Captured | Saturday November 07, 2009 04:49 PM | | (1) Purpose
This regulation implements the provisions of M.G.L. c. 93H relative to the standards to be met
by persons who own or license personal information about a resident of the Commonwealth of
Massachusetts. This regulation establishes minimum standards to be met in connection with
the safeguarding of personal information contained in both paper and electronic records. The
objectives of this regulation are to insure the security and confidentiality of customer
information in a manner fully consistent with industry standards; protect against anticipated
threats or hazards to the security or integrity of such information; and protect against unauthorized access to or use of such information that may result in substantial harm or
inconvenience to any consumer. |
| ‘‘Building Effective Strategies To Promote Responsibility Accountability Choice Transparency Innovation Consumer Expectations and Safeguards Act’’ or the ‘‘BEST PRACTICES Act’’| Date Captured | Thursday November 05, 2009 03:19 PM | | H. R. 5777 -- To foster transparency about the commercial use of personal information,
provide consumers with meaningful choice about the collection, use, and
disclosure of such information, and for other purposes.
[Requires information brokers to: (1) establish procedures to verify the accuracy of information that identifies individuals; (2) provide to individuals whose personal information it maintains a means to review it; (3) place notice on the Internet instructing individuals how to request access to such information; and (4) correct inaccurate information. Directs the FTC to require information brokers to establish measures which facilitate the auditing or retracing of access to, or transmissions of, electronic data containing personal information. Prohibits information brokers from obtaining or disclosing personal information by false pretenses (pretexting).]
|
| Target-Marketing Becomes More Communal| Date Captured | Thursday November 05, 2009 10:45 AM | | WSJ Emily Steel writes [["The data is becoming the most important component for marketers and Web sites. It tells them who their audience is," says Omar Tawakol, chief executive at Blue Kai.
Some lawmakers, concerned about Internet privacy, are preparing legislation to make more transparent Web sites' tactics for collecting information on their users. In an effort to fend off legislation, data brokers say, they abide by industry standards and do not collect any personally identifiable information and sensitive data, such as health information. They also tout efforts to make their business practices more transparent to consumers.] |
| ‘‘Personal Data Privacy and Security Act of 2009’’ S. 1490| Date Captured | Wednesday November 04, 2009 02:19 PM | | 11TH CONGRESS - 1ST SESSION -- S. 1490:
To prevent and mitigate identity theft, to ensure privacy, to provide notice
of security breaches, and to enhance criminal penalties, law enforcement
assistance, and other protections against security breaches, fraudulent
access, and misuse of personally identifiable information.
|
| State says Cambridge Public Schools can't charge $14K for public records| Date Captured | Friday February 13, 2009 03:12 PM | | David L. Harris -- GateHouse News Service - [On Nov. 30, 2007, the Chronicle sent a letter requesting directory information, but the request was later denied in a three-page letter from the school’s legal department. After appealing to the state’s supervisor of public records, Alan Cote, the school department sent a letter dated July 11, explaining that the work to compile the directory information would cost $14,426.88.
The Chronicle’s sister paper, the Newton TAB, requested the same information from Newton Public Schools around the same time. The school department, which sent the data within three weeks of the request, did not charge the TAB for the information.] |
| Student Information Not For Sale At UW- Marathon County| Date Captured | Wednesday February 11, 2009 07:06 PM | | Wsaw.com reporter: Margo Spann --
[Private companies looking to sell or market products to college students are buying information about them directly from their schools.
The Assistant Director of Student Services at UW Marathon County Annette Hackbarth-Onson says federal law allows colleges to sell information about their students.
She says companies are often looking to buy students names, birth-dates, and email addresses.]
|
| Data MiningData Brokers – Is Consumers’ Information Secure| Date Captured | Friday November 13, 2015 09:27 AM | | Ms. Pam Dixon; Executive Director -World Privacy Forum before Subcommittee on Privacy, Technology and the Law, Date: Tuesday, November 3, 2015;
Time: 02:30 PM;
Location: Dirksen Senate Office Building 226;
Presiding: Chairman Flake |
| CA: State colleges, alumni groups reap $6.6M in credit card royalties | Date Captured | Friday September 02, 2011 08:29 PM | | Erica Perez; Under the agreements, banks typically get exclusive rights to market credit cards to university students and alumni, and they pay royalties to the universities or related organizations based on the number of new credit card accounts opened.] Excerpt from source linked to entry: [university must give the bank mailing lists for alumni, faculty, staff, fans, ticket holders, donors, undergraduates and graduate students. The lists include postal addresses, telephone numbers and e-mail addresses.] |
| Education New York comments re Student Privacy submitted to FERPA NPRM - May 23, 2011| Date Captured | Monday May 23, 2011 09:22 PM | | Document ID: ED-2011-OM-0002-0001: Family Educational Rights and Privacy. The proposed changes to FERPA do not adequately address the capacity of marketers
and other commercial enterprises to capture, use, and re-sell student information. Even
with privacy controls in place, it is also far too easy for individuals to get a hold of
student information and use it for illegal purposes, including identity theft, child
abduction in custody battles, and domestic violence. Few parents are aware, for
example, that anyone can request -- and receive -- a student directory from a school.
Data and information breaches occur every day in Pre-K-20 schools across the country,
so that protecting student privacy has become a matter of plugging holes in a dyke
rather than advancing a comprehensive policy that makes student privacy protection
the priority.
|
| Guidelines on Security and Privacy in Public Cloud Computing | Date Captured | Friday February 04, 2011 03:36 PM | | Cloud computing can and does mean different things to different people. The common
characteristics most share are on-demand scalability of highly available and reliable pooled
computing resources, secure access to metered services from nearly anywhere, and dislocation of
data from inside to outside the organization. While aspects of these characteristics have been
realized to a certain extent, cloud computing remains a work in progress. This publication
provides an overview of the security and privacy challenges pertinent to public cloud computing
and points out considerations organizations should take when outsourcing data, applications, and
infrastructure to a public cloud environment. Draft Special Publication 800-144
|
| Directory Information Part 1 (WAV file, no text -- it's audio) | Date Captured | Sunday December 26, 2010 05:36 PM | | EDNY comments on Data Quality Campaign webcast with US ED response. See Part 2 for continuation of conversation. |
| Directory Information Part 2 (This file is an audio 'wav' file) | Date Captured | Sunday December 26, 2010 05:23 PM | | Part 2 of EDNY comments on Data Quality Campaign webcast with US ED response. |
| Many States Collect Graduates’ Employment Information, but Clearer Guidance on Student Privacy Requirements Is Needed | Date Captured | Monday December 13, 2010 09:17 AM | | GAO-10-927 - GAO recommends that Education
clarify means by which states can
collect and share graduates’
employment information under the
Family Educational Rights and
Privacy Act (FERPA) and establish a time
frame for doing so. Education agreed
with the recommendation.
|
| DOD nixes vendor of online monitoring software over privacy concerns| Date Captured | Monday December 07, 2009 08:53 PM | | Jaikumar Vijayan writes [In September, EPIC, a Washington-based privacy advocacy group, filed a complaint against EchoMetrix with the Federal Trade Commission. EPIC claimed that EchoMetrix was violating the provisions of the Children's Online Privacy Protection Act (COPPA) by collecting personally identifiable information about children and their browsing habits and online chats.
EPIC claimed that EchoMetrix used the information to deliver targeted advertising to children and also sold that information to third-party marketers. In its complaint, EPIC pointed to a separate service offered by EchoMetrix called Pulse, which analyzes data gathered from multiple sources including instant messages, blogs and chat rooms. The information is sold as market research intelligence to marketing companies, the EPIC complaint said.]
[ |
| GOOD STUDENT LIST FOR SALE| Date Captured | Saturday November 21, 2009 01:57 PM | | See lists for sale. |
| ‘‘Building Effective Strategies To Promote Responsibility Accountability Choice Transparency Innovation Consumer Expectations and Safeguards Act’’ or the ‘‘BEST PRACTICES Act’’| Date Captured | Thursday November 05, 2009 03:19 PM | | H. R. 5777 -- To foster transparency about the commercial use of personal information,
provide consumers with meaningful choice about the collection, use, and
disclosure of such information, and for other purposes.
[Requires information brokers to: (1) establish procedures to verify the accuracy of information that identifies individuals; (2) provide to individuals whose personal information it maintains a means to review it; (3) place notice on the Internet instructing individuals how to request access to such information; and (4) correct inaccurate information. Directs the FTC to require information brokers to establish measures which facilitate the auditing or retracing of access to, or transmissions of, electronic data containing personal information. Prohibits information brokers from obtaining or disclosing personal information by false pretenses (pretexting).]
|
| Data StewardshipNYS Sen. Oppenheimer and Sen. Montgomery on S.2357| Date Captured | Tuesday June 21, 2011 04:25 PM | | Sen. Oppenheimer and Sen. Montgomery on S.2357 @ 36:30 minutes. Senators demonstrate responsible data stewardship. S.2357 excerpt:
[(C) UNLESS OTHERWISE ALLOWED BY LAW, A SCHOOL MAY NOT, EVEN WITH THE
AFFIRMATIVE CONSENT OF THE PARENT OF THE STUDENT IN ATTENDANCE OR THE
ELIGIBLE STUDENT IN ATTENDANCE, DISCLOSE PERSONALLY IDENTIFIABLE STUDENT
INFORMATION FOR A COMMERCIAL, FOR-PROFIT ACTIVITY INCLUDING BUT NOT
LIMITED TO USE FOR:
(I) MARKETING PRODUCTS OR SERVICES;
(II) SELLING PERSONALLY IDENTIFIABLE STUDENT INFORMATION FOR USE IN
MARKETING PRODUCTS OR SERVICES;
(III) CREATING OR CORRECTING AN INDIVIDUAL OR HOUSEHOLD PROFILE;
(IV) COMPILATION OF A STUDENT LIST;
(V) SALE OF THE INFORMATION FOR ANY COMMERCIAL PURPOSE; OR
(VI) ANY OTHER PURPOSE CONSIDERED BY THE SCHOOL AS LIKELY TO BE A
COMMERCIAL, FOR-PROFIT ACTIVITY.
(D) IN MAKING AN ALLOWABLE DISCLOSURE UNDER THIS SUBDIVISION, A SCHOOL
MAY ONLY DISCLOSE THE MINIMUM AMOUNT OF INFORMATION NECESSARY TO ACCOM
PLISH THE PURPOSE OF THE DISCLOSURE.]
|
| Education New York comments re Student Privacy submitted to FERPA NPRM - May 23, 2011| Date Captured | Monday May 23, 2011 09:22 PM | | Document ID: ED-2011-OM-0002-0001: Family Educational Rights and Privacy. The proposed changes to FERPA do not adequately address the capacity of marketers
and other commercial enterprises to capture, use, and re-sell student information. Even
with privacy controls in place, it is also far too easy for individuals to get a hold of
student information and use it for illegal purposes, including identity theft, child
abduction in custody battles, and domestic violence. Few parents are aware, for
example, that anyone can request -- and receive -- a student directory from a school.
Data and information breaches occur every day in Pre-K-20 schools across the country,
so that protecting student privacy has become a matter of plugging holes in a dyke
rather than advancing a comprehensive policy that makes student privacy protection
the priority.
|
| Basic Concepts and Definitions for Privacy and Confidentiality in Student Education Records | Date Captured | Thursday March 03, 2011 01:21 PM | | NCES 2011-601 This first brief discusses basic concepts and definitions that establish a common set
of terms related to the protection of personally identifiable information, especially
in education records.
|
| NCES 2011-602 Data Stewardship: Managing Personally Identifiable Information in Electronic Student Education Records | Date Captured | Tuesday January 04, 2011 09:55 PM | | SLDS Technical Brief - Guidance for Statewide Longitudinal Data Systems (SLDS) [A privacy and data protection program for student education records must include an array of
rules and procedures for protecting PII held in the record system. It also must include a full set
of public disclosures of the existence and uses of the information included in the data system,
a description of all parents’ or eligible students’ rights to review and appeal the contents of an
individual education record and of their rights and the procedures to appeal a violation. ]*****[A school directory may include PII such as a student’s name, grade level, and contact information. Taken by itself, the release of this information is not harmful to a student. However, when combined with the student’s Social Security Number or another identifier and the student’s education record, this information has the potential for violating a student’s right to privacy. The release of this combined record could lead to harm or embarrassment. Thus, the privacy and data protection program should focus on PII that will be maintained in the electronic student record system with its likely wealth of student data.2} |
| Data-driven EducationDirectory Information Part 2 (This file is an audio 'wav' file) | Date Captured | Sunday December 26, 2010 05:23 PM | | Part 2 of EDNY comments on Data Quality Campaign webcast with US ED response. |
| Deidentification | Case Study #5: Minimizing Access to PII: Best Practices for Access Controls and Disclosure Avoidance Techniques (Oct 2012)| Date Captured | Thursday November 27, 2014 07:14 AM | | is case study illustrates best practices for minimizing access to sensitive information with education data maintained in a Statewide Longitudinal Data System. |
| Data De-identification: An Overview of Basic Terms| Date Captured | Wednesday January 16, 2013 01:35 PM | | PTAC-GL, Oct 2012: In addition to defining and clarifying the distinction among several key terms, the paper provides
general best practice suggestions regarding data de-identification strategies for different types of
data. The information is presented in the form of an alphabetized list of definitions, followed at the
end by additional resources on FERPA requirements and statistical techniques that can be used to
protect student data against disclosures |
| Directory InformationData Brokers – Is Consumers’ Information Secure| Date Captured | Friday November 13, 2015 09:27 AM | | Ms. Pam Dixon; Executive Director -World Privacy Forum before Subcommittee on Privacy, Technology and the Law, Date: Tuesday, November 3, 2015;
Time: 02:30 PM;
Location: Dirksen Senate Office Building 226;
Presiding: Chairman Flake |
| Hearing on “How Emerging Technology Affects Student Privacy" | Date Captured | Monday February 16, 2015 12:24 PM | | United States House of Representatives
114th Congress, 1st Session;
Committee on Education and the Workforce
Subcommittee on Early Childhood, Elementary
and Secondary Education
Hearing on
“How Emerging Technology Affects Student Privacy"
February 12, 2015
Statement of Joel R. Reidenberg
Stanley D. and Nikki Waxberg Chair and Professor of Law
Founding Academic Director, Center on Law and Information Policy
Fordham University
New York, NY
Good morning Chairman Rokita, Ranking Member Fudge and distinguished |
| Opt-Out 2014: Protect Children video| Date Captured | Tuesday August 12, 2014 06:39 PM | |
| Opt-Out 2014: Protect Children| Date Captured | Tuesday August 12, 2014 06:10 PM | |
| Testimony of Pam Dixon Executive Director, World Privacy Forum Before the Senate Committee on Commerce, Science, and Transportation What Information Do Data Brokers Have on Consumers, and How Do They Use It?| Date Captured | Saturday December 21, 2013 09:13 AM | | The data broker industry has not shown restraint. Nothing is out of bounds. No list is too obnoxious to sell. Data brokers sell lists that allow for the use of racial, ethnic and other factors that would be illegal or unacceptable in other circumstances. These lists and scores are used everyday to make decisions about how consumers can participate in the economic marketplace. Their information determines who gets in and who gets shut out. All of this must change. I urge you to take action.
|
| Model State Law: Student Privacy Protection Act | Date Captured | Tuesday December 25, 2012 08:36 AM | | This Act shall be known and cited as the “Student Privacy Protection Act.” This Act shall be liberally and remedially construed to effectuate its purpose. The purpose of the Act is to protect the privacy of students by establishing standards for the disclosure of directory information about students by schools. |
| eBehavioral AdvertisingProposed Privacy Legislation Wins Few Fans| Date Captured | Thursday May 06, 2010 08:24 AM | | WSJ : [ The goal for the legislation is to set a standard for consumer privacy protections and also provide consumers with more transparency and control regarding the collection, use and sharing of their information, said Rep. Rick Boucher (D., Va.). Mr. Boucher released a draft of the bill for discussion on Tuesday along with Rep. Cliff Stearns (R., Fla.).
The bill stipulates that as a general rule companies can collect information about consumers unless a person opts out of that data collection — a point of contention among privacy advocates.
The regulation also specifies standards for the collection and use of personally identifiable information. Companies must disclose to consumers if they are collecting personally identifiable information and how they are using that data. Consumers must give a company permission to share that personally identifiable information with outside companies. ] |
| Ad Industry Works on Ads About Ads | Date Captured | Tuesday November 24, 2009 03:07 PM | | Wall Street Journal Emily Steel writes -- [At issue is the practice of tracking consumers’ Web activities — from the searches they make to the sites they visit and the products they buy — for the purpose of targeting ads.
The efforts follow calls from the FTC earlier this year for Web advertisers and Internet companies to do a better job explaining how they track and use information about consumers’ Web activities and creating a simple way consumers can opt out of being tracked.] |
| Education Reporting SystemsSunguard| Date Captured | Saturday November 21, 2009 01:02 PM | | [Student Information Management -- eSchoolPLUS is a student management system that helps educators and parents by providing them direct, real-time access to the most relevant student information available. Teachers and administrators can easily manage day-to-day student information and data such as demographics, scheduling, attendance, discipline, standardized tests, report cards and transcripts. With eSchoolPLUS, parents gain the ability to be more informed as to their child’s grades, attendance, assignments and discipline information. Superintendents, principals and other district administrators and school board members can track daily school status, student performance and progress.] |
| Fair Information PracticeSome questions raised over release of student info (North Dakota)| Date Captured | Tuesday March 08, 2011 04:54 PM | | [North Dakota: High schools across the state would be required to give names, addresses and phone numbers of their students to the State Board of Higher Education under a proposed Senate bill.] [Several committee members expressed concern about the additional information and wanted to make sure parents would be fully aware of what information was being requested before opting out.
That view also was shared by Bev Nielson of the North Dakota School Boards Association.] |
| NCES 2011-602 Data Stewardship: Managing Personally Identifiable Information in Electronic Student Education Records | Date Captured | Tuesday January 04, 2011 09:55 PM | | SLDS Technical Brief - Guidance for Statewide Longitudinal Data Systems (SLDS) [A privacy and data protection program for student education records must include an array of
rules and procedures for protecting PII held in the record system. It also must include a full set
of public disclosures of the existence and uses of the information included in the data system,
a description of all parents’ or eligible students’ rights to review and appeal the contents of an
individual education record and of their rights and the procedures to appeal a violation. ]*****[A school directory may include PII such as a student’s name, grade level, and contact information. Taken by itself, the release of this information is not harmful to a student. However, when combined with the student’s Social Security Number or another identifier and the student’s education record, this information has the potential for violating a student’s right to privacy. The release of this combined record could lead to harm or embarrassment. Thus, the privacy and data protection program should focus on PII that will be maintained in the electronic student record system with its likely wealth of student data.2} |
| Directory Information Part 1 (WAV file, no text -- it's audio) | Date Captured | Sunday December 26, 2010 05:36 PM | | EDNY comments on Data Quality Campaign webcast with US ED response. See Part 2 for continuation of conversation. |
| Directory Information Part 2 (This file is an audio 'wav' file) | Date Captured | Sunday December 26, 2010 05:23 PM | | Part 2 of EDNY comments on Data Quality Campaign webcast with US ED response. |
| Schools Selling Students' Personal Information| Date Captured | Wednesday October 06, 2010 03:17 PM | | Link to stories about schools selling student information |
| Congress Should Consider Alternatives for Strengthening Protection of Personally Identifiable Information | Date Captured | Tuesday September 28, 2010 02:51 PM | | GAO-08-795T : In its report GAO identified
alternatives that the Congress
should consider, including revising
the scope of privacy laws to cover
all personal information, requiring
that the use of such information be
limited to a specific purpose, and
revising the structure and
publication of privacy notices. |
| Delta College trustees won't add more student information to campus directory| Date Captured | Thursday March 18, 2010 01:34 PM | | By Andrew Dodson | The Bay City Times - [Currently, information on Delta College students that is readily available, unless they have opted out, includes their name, degree, address, awards, dates attended, program, participation in activities, enrollment, e-mail and weight and height for members of athletic teams.
Higgs argued that the college should have more items on file, including a student photo, whether or not that student is full or part time and a phone number.
"That's what the courts look to," said Higgs. "Our policy doesn't have those things and it should."
Other board members disagreed, saying that more data collecting isn't required and isn't worth the time. They voted against the plan 8-1.] |
| CDT- Updating the Privacy Act of 1974 - | Date Captured | Tuesday March 16, 2010 09:16 PM | | [Updating the Privacy Act of 1974
June 5, 2009 government-wide push toward the development of policies and practices to protect the information of citizens and other individuals. While the underlying framework of the law, rooted in the principles of Fair Information Practices (FIPs), is still sound, the thirty-five year-old wording of the Act renders it ill-equipped to meet many of the privacy challenges posed by modern information technology.
1) Updating the Privacy Act of 1974
2) Fair Information Practices are Central
3) The Creation of Federal Privacy Leadership
4) Updating Definitions to Match Changing Data Practices
5) Strengthening Privacy Notices
|
| THE FAILURE OF FAIR INFORMATION PRACTICE PRINCIPLES forthcoming in Consumer Protection in the Age of the ‘Information Economy’ | Date Captured | Sunday January 31, 2010 10:03 PM | | Fred H. Cate - [The key is refocusing FIPPS on substantive tools for protecting privacy,
and away from notice and consent; leveling the playing field between information processors and
data subjects; and created sufficient, but limited, liability so that data processors will have
meaningful incentives, rather than bureaucratic regulations, to motivate appropriate behavior, and
that individuals will be compensated when processing results in serious harm. This is only a first
step. These proposed Consumer Privacy Protection Principles are undoubtedly incomplete and
imperfect, but they are an effort to return to a more meaningful dialogue about the legal regulation
of privacy and the value of information flows in the face of explosive growth in technological
capabilities in an increasingly global society.]
|
| Summary of LD 1677 Bill Info LD 1677 (SP 649) "An Act To Protect Minors from Pharmaceutical Marketing Practices" | Date Captured | Thursday January 07, 2010 06:04 PM | | State of Maine Legislature - "An Act To Protect Minors from Pharmaceutical Marketing Practices" --
Sponsored by Senator Elizabeth Schneider. -- IAPP writes -- [The bill applies to online information only and is limited to pharmaceutical marketing. It gives the attorney general the power to adopt rules to determine its scope. Violation of the law would be considered an unfair trade practice.] |
| Comments of the World Privacy Forum to FTC, Nov. 6, 2009| Date Captured | Thursday December 17, 2009 10:58 PM | | Pam Dixon Executive Director, World Privacy Forum -- Re: Privacy Roundtables – Comment, Project No. P095416 -
[The World Privacy Forum understands that businesses have a right to exist and to make money,
and that advertising and marketing is part of the marketplace. But we also believe that there is
not a reasonable balance right now between what data is being collected and used, and what
consumers can do to manage that data and their privacy. There are no perfect solutions, but we
think that a rights-based framework based on approaches contained in the Fair Credit Reporting
Act and on Fair Information Practices will address many of the problems and help create
solutions that are equitable for all stakeholders.]
|
| Refocusing the FTC’s Role in Privacy Protection | Date Captured | Monday December 14, 2009 05:31 PM | | Comments of the Center for Democracy & Technology (CDT) in regards to the FTC Consumer Privacy Roundtable. |
| Refocusing the FTC’s Role in Privacy Protection| Date Captured | Tuesday November 10, 2009 03:33 PM | | Center for Technology in Government (CDT) Policy Post 15.17, November 10, 2009. [
A Briefing On Public Policy Issues Affecting Civil Liberties Online from The Center For Democracy and Technology
Refocusing the FTC’s Role in Privacy Protection
1) CDT Submits Comments in regards to the FTC Consumer Privacy Roundtable
2) The Significance of a Comprehensive Set of Fair Information Practice Principles
3) Examining FIPs at Work: Recent FTC Enforcement Actions Demonstrate a Path Forward
4) CDT Recommendations for Future FTC Action
|
| Kids' Privacy| Date Captured | Sunday November 01, 2009 09:40 PM | | [Thanks to COPPA, sites have to get a parent’s permission if they want to collect or share your kids’ personal information, with only a few exceptions. That goes for information sites ask for up-front, and information your kids choose to post about themselves. Personal information includes your child’s full name, address, email address, or cell phone number.
Under COPPA, sites also have to post privacy policies that give details about what kind of information they collect from kids — and what they might do with it (say, to send a weekly newsletter, direct advertising to them, or give the information to other companies). If a site plans to share the child’s information with another company, the privacy policy must say what that company will do with it. Links to the policies should be in places where they’re easy to spot.
What Can You Do?
Your kids’ personal information and privacy are valuable —to you, to them, and to marketers.]
*****NOTE DISPARITY WITH PROTECTION PROVIDED UNDER FERPA.
|
| South Dakota Superintendent Thinks Info Policy Will Pass Tonight| Date Captured | Friday October 30, 2009 05:37 PM | | [Over the past month some parents have voiced their concerns to the school board over what they consider the selling of their children's contact information. Some say they don't want it to land in the wrong hands. Pam Homan says parents have known about the information policy for some time. "On the blue card as we call it parents have been informed of the FERPA requirement and whether or not they wish to have their child's name included or excluded from information."
Revisions have been made to the proposed policy. Allowing parents more control over where the information is given. It will allow four categories that are: school publications, directory information, SD board of regents, and military recruiters.] |
| FAIR INFORMATION PRACTICE PRINCIPLES| Date Captured | Friday October 30, 2009 11:08 AM | | Over the past quarter century, government agencies in the United States, Canada, and Europe have studied the manner in which entities collect and use personal information -- their "information practices" -- and the safeguards required to assure those practices are fair and provide adequate privacy protection. The result has been a series of reports, guidelines, and model codes that represent widely-accepted principles concerning fair information practices. Common to all of these documents [hereinafter referred to as "fair information practice codes"] are five core principles of privacy protection: (1) Notice/Awareness; (2) Choice/Consent; (3) Access/Participation; (4) Integrity/Security; and (5) Enforcement/Redress.
|
| Protection of Pupil Rights Amendment (PPRA) | Date Captured | Friday October 30, 2009 11:00 AM | | Protection of Pupil Rights Amendment (PPRA)
The Protection of Pupil Rights Amendment (PPRA) (20 U.S.C. § 1232h; 34 CFR Part 98) applies to programs that receive funding from the U.S. Department of Education (ED). PPRA is intended to protect the rights of parents and students .
|
| Education Marketing Group/ECRA LAWSUIT RE: SALE OF STUDENT INFORMATION| Date Captured | Friday October 30, 2009 10:15 AM | | Parties Subject to Order
ORDERED, ADJUDGED AND DECREED that this Consent Order and Judgment
shall extend to Student Marketing Group, Inc. (“SMG”) and Educational Research Center of
America, Inc. (“ERCA”), their successors, assignees, officers, agents, representatives, affiliates and
employees and any other person under their direction or control, whether acting individually or in
concert with others or through any corporate entity or device through which they may now or
hereafter act or conduct business (collectively “respondents”).
|
| Commercial Activities in Schools: Use of Student Data is Limited and Additional Dissemination of Guidance Could Help Districts Develop Policies| Date Captured | Thursday March 12, 2009 03:16 PM | | GAO -- Recommendation: The Secretary of Education should take additional action to assist districts in understanding that they are required to have specific policies in place for the collection, disclosure, and use of student information for marketing and selling purposes by disseminating its guidance to state school boards associations.
|
| Student Information Not For Sale At UW- Marathon County| Date Captured | Wednesday February 11, 2009 07:06 PM | | Wsaw.com reporter: Margo Spann --
[Private companies looking to sell or market products to college students are buying information about them directly from their schools.
The Assistant Director of Student Services at UW Marathon County Annette Hackbarth-Onson says federal law allows colleges to sell information about their students.
She says companies are often looking to buy students names, birth-dates, and email addresses.]
|
| FERPAHearing on “How Emerging Technology Affects Student Privacy" | Date Captured | Monday February 16, 2015 12:24 PM | | United States House of Representatives
114th Congress, 1st Session;
Committee on Education and the Workforce
Subcommittee on Early Childhood, Elementary
and Secondary Education
Hearing on
“How Emerging Technology Affects Student Privacy"
February 12, 2015
Statement of Joel R. Reidenberg
Stanley D. and Nikki Waxberg Chair and Professor of Law
Founding Academic Director, Center on Law and Information Policy
Fordham University
New York, NY
Good morning Chairman Rokita, Ranking Member Fudge and distinguished |
| | FERPA Exceptions Summary| Date Captured | Monday April 14, 2014 09:03 AM | |
| EPIC vs US ED reply| Date Captured | Friday February 22, 2013 09:30 AM | |
| ‘‘Uninterrupted Scholars Act (USA)| Date Captured | Wednesday January 16, 2013 02:01 PM | | Amends FERPA: ‘‘(L) an agency caseworker or other representative of a
State or local child welfare agency, or tribal organization (as
defined in section 4 of the Indian Self-Determination and Education
Assistance Act (25 U.S.C. 450b)), who has the right
to access a student’s case plan, |
| | EPIC v US Department of Education| Date Captured | Thursday March 01, 2012 09:08 AM | | EPIC has filed a lawsuit under the Administrative Procedure Act against the Department of Education. EPIC's lawsuit argues that the agency's December 2011 regulations amending the Family Educational Rights and Privacy Act exceed the agency's statutory authority, and are contrary to law. The agency issued the revised regulations despite the fact that “numerous commenters . . . believe the Department lacks the statutory authority to promulgate the proposed regulations." |
| "What every school official should know about privacy" | Date Captured | Thursday March 17, 2011 02:24 PM | | Video of Daniel Solove on schools and privacy taped at Cornell University. |
| FERPA Myth Busters| Date Captured | Friday July 23, 2010 02:58 PM | | Organization: Education Counsel -- Draft for WICHE Conference Use -- December 16, 2008 |
| Family Educational Rights and Privacy Act (FERPA) and the Disclosure of Student Information Related to Emergencies and Disasters | Date Captured | Thursday June 24, 2010 01:48 PM | | The purpose of this guidance is to answer questions that have arisen about the sharing of
personally identifiable information from students’ education records to outside parties when
responding to emergencies, including natural or man-made disasters. Understanding how, what,
and when information can be shared with outside parties is an important part of emergency
preparedness.
|
| Education and Workforce Data Connections: A Primer on States’ Status| Date Captured | Wednesday April 14, 2010 06:16 PM | | Data Quality Campaign - [States are currently working to connect education and workforce data, however, states are far from
reaching the goal of having data systems that can link across the P-20/Workforce spectrum. To connect
these education and workforce databases, states should
engage a broad range of stakeholders to:
1. Prioritize, through broad-based stakeholder input, the
critical policy questions to drive the development and
use of longitudinal data systems.
2. Ensure data systems are interoperable within and
across agencies and states by adopting or developing
common data standards, definitions and language.
3. Protect personally identifiable information through
governance policies and practices that promote the
security of the information while allowing appropriate
data access and sharing.] |
| Clash Over Student Privacy| Date Captured | Tuesday March 09, 2010 05:05 PM | | This document should not be shared due to copyright. Inside Higher Ed - [WASHINGTON -- The U.S. Education Department has fired the top federal official charged with protecting student privacy, in what the dismissed official says was a conflict with the agency's political leaders over their zeal to encourage the collection of data about students' academic performance.
Paul Gammill says he was physically escorted out of the department's offices on a Friday morning last month after he refused to resign as director of the agency's Family Policy Compliance Office. Administration officials said that "[p]rivacy laws require us to keep certain employment matters confidential, so we cannot comment on Mr. Gammill.
But Gammill, not so encumbered, maintains that he was dismissed because, on several occasions, he argued in internal meetings and documents that the department's approach to prodding states to expand their longitudinal student data systems violated the Family Educational Rights and Privacy Act, which protects the privacy of students' educational records.] |
| Federal Register: July 6, 2000 (Volume 65, Number 130)| Date Captured | Tuesday March 09, 2010 04:56 PM | | DEPARTMENT OF EDUCATION - 34 CFR Part 99 - Family Educational Rights and Privacy- AGENCY: Department of Education. ACTION: Final regulations. SUMMARY: The Secretary amends the regulations implementing the Family
Educational Rights and Privacy Act (FERPA). The amendments are needed
to implement sections 951 and 952 of the Higher Education Amendments of
1998 (HEA). These amendments permit postsecondary institutions to
disclose certain information to the public and to parents of students.
DATES: These regulations are effective August 7, 2000. |
| Putting Private Info on Government Database | Date Captured | Tuesday March 09, 2010 04:34 PM | | Phyllis Schlafly writes - [The Fordham report made numerous recommendations to beef up student privacy, such as collecting only information relevant to articulated purposes, purging unjustified data, enacting time limits for data retention and hiring a chief privacy officer for each state. There is no indication that these suggestions will be implemented.
The Obama Department of Education officials believe that collecting personally identifiable data is "at the heart of improving schools and school districts." One of the four reform mandates of the Race to the Top competition is to establish pre-kindergarten to college-and-career data systems that "track progress and foster continuous improvement."] |
| Comments of the World Privacy Forum regarding Notice of Proposed Rulemaking, FERPA| Date Captured | Tuesday February 02, 2010 08:28 PM | | [Our comments focus on several aspects of the Notice of Proposed Rulemaking (NPRM), notably,
the definition and handling of directory information and personally identifiable information. We
also comment on the use of full tax returns to determine eligibility. And finally, we comment on
the issue of outsourcing, including the need for audit trails in regards to the proposed expansion
of the school official exemption.] |
| Family Policy Compliance Office (FPCO)| Date Captured | Wednesday November 04, 2009 05:04 PM | | The mission of the Family Policy Compliance Office (FPCO) is to meet the needs of the Department's primary customers--learners of all ages--by effectively implementing two laws that seek to ensure student and parental rights in education: the Family Educational Rights and Privacy Act (FERPA) and the Protection of Pupil Rights Amendment (PPRA). |
| Personal school data not always private| Date Captured | Tuesday November 03, 2009 08:15 PM | | APOLGIES @ SCOTT WALDMAN Staff Writer I TRIED REACHING YOU MANY TIMES FOR ACTIVE LINK
Section: Capital Region, Page: B1
Date: Saturday, February 9, 2008
[GUILDERLAND - Last year, the Guilderland Teachers Association got the address of every local family and sent those with school-age children postcards promoting the union's picks in the May school board election.
But trying to get that kind of personal information from other school districts won't work. The issue shines a light on how school districts interpret a federal law that permits the disclosure of "directory" information - including student and parent names, addresses and phone numbers - without consent. The law leaves it up to individual districts to define what is considered directory information. The statute also stipulates that schools must tell residents they have the right to withhold the information.]
|
| Use of parental list is faulted| Date Captured | Tuesday November 03, 2009 08:06 PM | | March 17, 2008 by Scott Waldman - [GUILDERLAND - Guilderland School District violated federal law when it provided the names and addresses of parents to the teachers union, according to the state's authority on open government.
Last year, Guilderland Teachers Association used those names and addresses to send parents of school-aged children postcards promoting the union's picks in a school board election. School officials deny that any law was broken, but the district recently imposed a moratorium on releasing "directory" information after complaints by school board members and news coverage of the controversy.] |
| Kids' Privacy| Date Captured | Sunday November 01, 2009 09:40 PM | | [Thanks to COPPA, sites have to get a parent’s permission if they want to collect or share your kids’ personal information, with only a few exceptions. That goes for information sites ask for up-front, and information your kids choose to post about themselves. Personal information includes your child’s full name, address, email address, or cell phone number.
Under COPPA, sites also have to post privacy policies that give details about what kind of information they collect from kids — and what they might do with it (say, to send a weekly newsletter, direct advertising to them, or give the information to other companies). If a site plans to share the child’s information with another company, the privacy policy must say what that company will do with it. Links to the policies should be in places where they’re easy to spot.
What Can You Do?
Your kids’ personal information and privacy are valuable —to you, to them, and to marketers.]
*****NOTE DISPARITY WITH PROTECTION PROVIDED UNDER FERPA.
|
| South Dakota Superintendent Thinks Info Policy Will Pass Tonight| Date Captured | Friday October 30, 2009 05:37 PM | | [Over the past month some parents have voiced their concerns to the school board over what they consider the selling of their children's contact information. Some say they don't want it to land in the wrong hands. Pam Homan says parents have known about the information policy for some time. "On the blue card as we call it parents have been informed of the FERPA requirement and whether or not they wish to have their child's name included or excluded from information."
Revisions have been made to the proposed policy. Allowing parents more control over where the information is given. It will allow four categories that are: school publications, directory information, SD board of regents, and military recruiters.] |
| Plano ISD: Redefining the student directory | Date Captured | Friday October 30, 2009 10:30 AM | | [If the changes are approved, Plano ISD couldn't, without consent from the parents, print a student's address, telephone number or e-mail address in any district publication.
Some school districts -- and I'm not sure about Plano -- sell directory information to third parties as a money-making operation. Companies, such as Coca-Cola or Citi Bank, could buy the directories and market products to students.]
NOTE: CHANGES WERE APPROVED
|
| CHILDREN’S EDUCATIONAL RECORDS AND PRIVACY -- A STUDY OF ELEMENTARY AND SECONDARY SCHOOL STATE REPORTING SYSTEMS -- October 28, 2009 | Date Captured | Friday October 30, 2009 09:44 AM | | [The Study reports on the results of a survey of all fifty states and finds that state educational databases across the country ignore key privacy protections for the nation's K-12 children. The Study finds that large amounts of personally identifiable data and sensitive personal information about children are stored by the state departments of education in electronic warehouses or for the states by third party vendors. These data warehouses typically lack adequate privacy protections, such as clear access and use restrictions and data retention policies, are often not compliant with the Family Educational Rights and Privacy Act, and leave K-12 children unprotected from data misuse, improper data release, and data breaches. The Study provides recommendations for best practices and legislative reform to address these privacy problems.]
Joel R. Reidenberg, Professor of Law and Founding Academic Director of CLIP
Jamela Debelak, Esq., Executive Director of CLIP |
| National Forum on Education Statistics. Forum Guide to Protecting the Privacy of Student Information: State and Local Education Agencies| Date Captured | Saturday March 21, 2009 01:43 PM | | National Forum on Education Statistics. Forum Guide to Protecting the Privacy of Student Information: State and Local
Education Agencies, NCES 2004–330. Washington, DC: 2004. |
| Commercial Activities in Schools: Use of Student Data is Limited and Additional Dissemination of Guidance Could Help Districts Develop Policies| Date Captured | Thursday March 12, 2009 03:16 PM | | GAO -- Recommendation: The Secretary of Education should take additional action to assist districts in understanding that they are required to have specific policies in place for the collection, disclosure, and use of student information for marketing and selling purposes by disseminating its guidance to state school boards associations.
|
| State says Cambridge Public Schools can't charge $14K for public records| Date Captured | Friday February 13, 2009 03:12 PM | | David L. Harris -- GateHouse News Service - [On Nov. 30, 2007, the Chronicle sent a letter requesting directory information, but the request was later denied in a three-page letter from the school’s legal department. After appealing to the state’s supervisor of public records, Alan Cote, the school department sent a letter dated July 11, explaining that the work to compile the directory information would cost $14,426.88.
The Chronicle’s sister paper, the Newton TAB, requested the same information from Newton Public Schools around the same time. The school department, which sent the data within three weeks of the request, did not charge the TAB for the information.] |
| Joint Guidance on the Application of the Family Educational Rights and Privacy Act (FERPA) And the Health Insurance Portability and Accountability Act of 1996 (HIPAA) To Student Health Records (ID: CSD5578)| Date Captured | Thursday December 04, 2008 04:36 PM | | The HIPAA Privacy Rule specifically excludes from its coverage those records that are protected by
FERPA. At the elementary or secondary school level, students’ immunization and other health records that
are maintained by a school district or individual school, including a school-operated health clinic,
that receives funds under any program administered by the U.S. Department of Education are
“education records” subject to FERPA, including health and medical records maintained by a school
nurse who is employed by or under contract with a school or school district. Some schools may
receive a grant from a foundation or government agency to hire a nurse. Notwithstanding the
source of the funding, if the nurse is hired as a school official (or contractor), the records maintained
by the nurse or clinic are “education records” subject to FERPA.
|
| EDUCAUSE | Date Captured | Tuesday June 03, 2008 08:26 PM | | EDUCAUSE is a nonprofit association and good source of information about FERPA and higher education. |
| Family Educational Rights and Privacy Act (FERPA)| Date Captured | Thursday July 27, 2006 09:36 PM | | "The Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education.
FERPA gives parents certain rights with respect to their children's education records. These rights transfer to the student when he or she reaches the age of 18 or attends a school beyond the high school level. Students to whom the rights have transferred are 'eligible students.'" parent or eligible student in order to release any information from a student's education record. However, FERPA allows schools to disclose those records, without consent, to the following parties or under the following conditions (34 CFR § 99.31):
School officials with legitimate educational interest;
Other schools to which a student is transferring;
Specified officials for audit or evaluation purposes;
Appropriate parties in connection with financial aid to a student;
Organizations conducting certain studies for or on behalf of the school;
Accrediting organizations;
To comply with a judicial order or lawfully issued subpoena;
Appropriate officials in cases of health and safety emergencies; and
State and local authorities, within a juvenile justice system, pursuant to specific State law.
Schools may disclose, without consent, "directory" information such as a student's name, address, telephone number, date and place of birth, honors and awards, and dates of attendance. However, schools must tell parents and eligible students about directory information and allow parents and eligible students a reasonable amount of time to request that the school not disclose directory information about them. Schools must notify parents and eligible students annually of their rights under FERPA. The actual means of notification (special letter, inclusion in a PTA bulletin, student handbook, or newspaper article) is left to the discretion of each school.
|
| Fourth AmendmentCoalition pushes ECPA update for online privacy in cloud computing age| Date Captured | Wednesday March 31, 2010 04:46 PM | | [A powerful collection of organizations has formed a new coalition to push for an update to the Electronic Communications Privacy Act (ECPA). Members of the coalition include Google, Microsoft, AT&T, AOL, Intel, the ACLU and the Electronic Frontier Foundation. The guidance from the coalition would enshrine principles for “digital due process,” online privacy and data protection in the age of cloud computing within an updated ECPA.]
|
| Digital Due Process| Date Captured | Wednesday March 31, 2010 04:23 PM | | [A powerful collection of organizations has formed a new coalition to push for an update to the Electronic Communications Privacy Act (ECPA). Members of the coalition include Google, Microsoft, AT&T, AOL, Intel, the ACLU and the Electronic Frontier Foundation. The guidance from the coalition would enshrine principles for “digital due process,” online privacy and data protection in the age of cloud computing within an updated ECPA.]
|
| Freedom of Information (FOI)NEW YORK PUBLIC OFFICERS LAW, ARTICLE 6 SECTIONS 84-90 FREEDOM OF INFORMATION LAW| Date Captured | Monday March 14, 2011 06:20 PM | | Freedom of Information Law
PUBLIC OFFICERS LAW, ARTICLE 6 SECTIONS 84-90
FREEDOM OF INFORMATION LAW:
[iii. sale or release of lists of names and addresses if such lists would be used for solicitation or fund-raising purposes;] |
| FTCProtecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers| Date Captured | Monday March 26, 2012 11:16 AM | | The final report calls on companies handling consumer data to implement recommendations for protecting privacy, including:
Privacy by Design - companies should build in consumers' privacy protections at every stage in developing their products. These include reasonable security for consumer data, limited collection and retention of such data, and reasonable procedures to promote data accuracy;
Simplified Choice for Businesses and Consumers - companies should give consumers the option to decide what information is shared about them, and with whom. This should include a Do-Not-Track mechanism that would provide a simple, easy way for consumers to control the tracking of their online activities.
Greater Transparency - companies should disclose details about their collection and use of consumers' information, and provide consumers access to the data collected about them. *****Data Brokers - The Commission calls on data brokers to make their operations more transparent by creating a centralized website to identify themselves, and to disclose how they collect and use consumer data. In addition, the website should detail the choices that data brokers provide consumers about their own information. |
| Stolen Futures: A Forum on Child Identity Theft July 12, 2011| Date Captured | Monday July 25, 2011 05:26 PM | | Session 3 TRANSCRIPT - Securing Children’s Data in the Educational System: Steven Toporoff - Federal Trade Commission.
PANELISTS:
Kathleen Styles,
U.S. Department of Education;
Michael Borkoski,
Howard County Maryland Public
Schools;
Larry Wong,
Montgomery County Maryland Public
Schools;
Richard Boyle
ECMC,
Denny Shaw
i-SAFE, Inc.
[This panel will explore the Family Educational Rights and Privacy Act (FERPA) and
initiatives to protect children’s personal information in school systems. We will also
explore lessons learned from a high-profile data breach involving student information.
Finally, the panel will discuss outreach efforts to teach children, teachers, youth
counselors, and school administrators about privacy and securing children’s personal
information.]
|
| Stolen Futures: A Forum on Child Identity Theft July 12, 2011| Date Captured | Monday July 25, 2011 05:16 PM | | Session 2 TRANSCRIPT intro [Linda Foley is the founder and research director of
the Identity Theft Resource Center, a nationwide nonprofit, victim-services advocacy, and
consumer-education program based in San Diego, California. Russell Butler is Executive Director
of the Maryland Crime Victims Resource Center, which provides criminal justice information and
education, support services, therapeutic individual, family, and group counseling, and legal
information, referrals, and representation to victims of crime. And then I have Theresa
Ronnebaum. Theresa is the Identity Theft Program Specialist for the Florida Attorney General's
office with over 15 years experience in victim advocacy.] |
| COMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER to THE FEDERAL TRADE COMMISSION | Date Captured | Monday March 07, 2011 06:04 PM | |
Marc Rotenberg, EPIC testimony to FTC: COPPA currently defines PI as: Personal information means individually identifiable information about an
individual collected online, including:
(a) A first and last name;
(b) A home or other physical address including street name and name of a city or
town;
(c) An e-mail address or other online contact information, including but not
limited to an instant messaging user identifier, or a screen name that reveals an
individual's e-mail address;
(d) A telephone number;
(e) A Social Security number;
(f) A persistent identifier, such as a customer number held in a cookie or a
processor serial number, where such identifier is associated with individually
identifiable information; or a combination of a last name or photograph of the
individual with other information such that the combination permits physical or
online contacting; or
(g) Information concerning the child or the parents of that child that the operator
collects online from the child and combines with an identifier described in this
definition.
|
| COPPA Rulemaking and Rule Reviews| Date Captured | Monday March 07, 2011 05:46 PM | | Includes public testimony and roundtable. March 24, 2010 |
| FACEBOOK - Complaint, Request for Investigation, Injunction, and Other Relief | Date Captured | Monday May 10, 2010 09:54 AM | | [This complaint concerns material changes to privacy settings made by Facebook, the
largest social network service in the United States, that adversely impact the users of
the service. Facebook now discloses personal information to the public that Facebook
users previously restricted. Facebook now discloses personal information to third
parties that Facebook users previously did not make available. These changes violate
user expectations, diminish user privacy, and contradict Facebook’s own
representations. These business practices are Unfair and Deceptive Trade Practices,
subject to review by the Federal Trade Commission (the “Commission”) under
section 5 of the Federal Trade Commission Act.]
|
| FTC Seeks Comment on Children's Online Privacy Protections; Questions Whether Changes to Technology Warrant Changes to Agency Rule.| Date Captured | Tuesday April 06, 2010 02:51 PM | | [In a Federal Register notice to be published shortly, the FTC poses its standard regulatory review questions and identifies several areas where public comment would be especially useful. Among other things, the FTC asks:
What implications for COPPA enforcement are raised by mobile communications, interactive television, interactive gaming, or other similar interactive media.
For input on the use of automated systems – those that filter out any personally identifiable information prior to posting – to review children’s Web submissions.
Whether operators have the ability to contact specific individuals using information collected from children online, such as persistent IP addresses, mobile geolocation data, or information collected in connection with behavioral advertising, and whether the Rule’s definition of “personal information” should be expanded accordingly.
Whether there are additional technological methods to obtain verifiable parental consent that should be added to the COPPA Rule, and whether any of the methods currently included should be removed.
Whether parents are exercising their right under the Rule to review or delete personal information collected from their children, and what challenges operators face in authenticating parents.
Whether the Rule’s process for FTC approval of self-regulatory guidelines – known as safe harbor programs – has enhanced compliance, and whether the criteria for FTC approval and oversight of the guidelines should be modified in any way.] |
| Comments of the World Privacy Forum to FTC, Nov. 6, 2009| Date Captured | Thursday December 17, 2009 10:58 PM | | Pam Dixon Executive Director, World Privacy Forum -- Re: Privacy Roundtables – Comment, Project No. P095416 -
[The World Privacy Forum understands that businesses have a right to exist and to make money,
and that advertising and marketing is part of the marketplace. But we also believe that there is
not a reasonable balance right now between what data is being collected and used, and what
consumers can do to manage that data and their privacy. There are no perfect solutions, but we
think that a rights-based framework based on approaches contained in the Fair Credit Reporting
Act and on Fair Information Practices will address many of the problems and help create
solutions that are equitable for all stakeholders.]
|
| Refocusing the FTC’s Role in Privacy Protection | Date Captured | Monday December 14, 2009 05:31 PM | | Comments of the Center for Democracy & Technology (CDT) in regards to the FTC Consumer Privacy Roundtable. |
| DOD nixes vendor of online monitoring software over privacy concerns| Date Captured | Monday December 07, 2009 08:53 PM | | Jaikumar Vijayan writes [In September, EPIC, a Washington-based privacy advocacy group, filed a complaint against EchoMetrix with the Federal Trade Commission. EPIC claimed that EchoMetrix was violating the provisions of the Children's Online Privacy Protection Act (COPPA) by collecting personally identifiable information about children and their browsing habits and online chats.
EPIC claimed that EchoMetrix used the information to deliver targeted advertising to children and also sold that information to third-party marketers. In its complaint, EPIC pointed to a separate service offered by EchoMetrix called Pulse, which analyzes data gathered from multiple sources including instant messages, blogs and chat rooms. The information is sold as market research intelligence to marketing companies, the EPIC complaint said.]
[ |
| Ad Industry Works on Ads About Ads | Date Captured | Tuesday November 24, 2009 03:07 PM | | Wall Street Journal Emily Steel writes -- [At issue is the practice of tracking consumers’ Web activities — from the searches they make to the sites they visit and the products they buy — for the purpose of targeting ads.
The efforts follow calls from the FTC earlier this year for Web advertisers and Internet companies to do a better job explaining how they track and use information about consumers’ Web activities and creating a simple way consumers can opt out of being tracked.] |
| Federal data breach notification standard must pre-empt state laws| Date Captured | Monday November 16, 2009 08:33 PM | | Nextgov Jill R. Aitoro writes -- [The Data Breach Notification Act, introduced in January by Sen. Dianne Feinstein, D-Calif., would authorize the attorney general to bring civil actions against firms that failed to notify people whose personal information had been compromised in a breach and would extend notification requirements to government agencies. The Personal Data Privacy and Security Act, introduced in July by Sen. Patrick Leahy, D-Vt., also would set notification requirements and tighter criminal penalties for identity theft and willful concealment of a breach, and would require businesses to implement preventive security standards to guard against threats to their databases.]
[Two states are credited for having breach notification laws with the most teeth, said Peter McLaughlin, senior counsel with Foley & Lardner LLP and a member of the law firm's privacy, security and information management practice. Foley & Lardner released a report on Monday that provides in-depth coverage of all major aspects of U.S. and international security breach laws.] |
| Refocusing the FTC’s Role in Privacy Protection| Date Captured | Tuesday November 10, 2009 03:33 PM | | Center for Technology in Government (CDT) Policy Post 15.17, November 10, 2009. [
A Briefing On Public Policy Issues Affecting Civil Liberties Online from The Center For Democracy and Technology
Refocusing the FTC’s Role in Privacy Protection
1) CDT Submits Comments in regards to the FTC Consumer Privacy Roundtable
2) The Significance of a Comprehensive Set of Fair Information Practice Principles
3) Examining FIPs at Work: Recent FTC Enforcement Actions Demonstrate a Path Forward
4) CDT Recommendations for Future FTC Action
|
| ‘‘Building Effective Strategies To Promote Responsibility Accountability Choice Transparency Innovation Consumer Expectations and Safeguards Act’’ or the ‘‘BEST PRACTICES Act’’| Date Captured | Thursday November 05, 2009 03:19 PM | | H. R. 5777 -- To foster transparency about the commercial use of personal information,
provide consumers with meaningful choice about the collection, use, and
disclosure of such information, and for other purposes.
[Requires information brokers to: (1) establish procedures to verify the accuracy of information that identifies individuals; (2) provide to individuals whose personal information it maintains a means to review it; (3) place notice on the Internet instructing individuals how to request access to such information; and (4) correct inaccurate information. Directs the FTC to require information brokers to establish measures which facilitate the auditing or retracing of access to, or transmissions of, electronic data containing personal information. Prohibits information brokers from obtaining or disclosing personal information by false pretenses (pretexting).]
|
| Kids' Privacy| Date Captured | Sunday November 01, 2009 09:40 PM | | [Thanks to COPPA, sites have to get a parent’s permission if they want to collect or share your kids’ personal information, with only a few exceptions. That goes for information sites ask for up-front, and information your kids choose to post about themselves. Personal information includes your child’s full name, address, email address, or cell phone number.
Under COPPA, sites also have to post privacy policies that give details about what kind of information they collect from kids — and what they might do with it (say, to send a weekly newsletter, direct advertising to them, or give the information to other companies). If a site plans to share the child’s information with another company, the privacy policy must say what that company will do with it. Links to the policies should be in places where they’re easy to spot.
What Can You Do?
Your kids’ personal information and privacy are valuable —to you, to them, and to marketers.]
*****NOTE DISPARITY WITH PROTECTION PROVIDED UNDER FERPA.
|
| FAIR INFORMATION PRACTICE PRINCIPLES| Date Captured | Friday October 30, 2009 11:08 AM | | Over the past quarter century, government agencies in the United States, Canada, and Europe have studied the manner in which entities collect and use personal information -- their "information practices" -- and the safeguards required to assure those practices are fair and provide adequate privacy protection. The result has been a series of reports, guidelines, and model codes that represent widely-accepted principles concerning fair information practices. Common to all of these documents [hereinafter referred to as "fair information practice codes"] are five core principles of privacy protection: (1) Notice/Awareness; (2) Choice/Consent; (3) Access/Participation; (4) Integrity/Security; and (5) Enforcement/Redress.
|
| Education Marketing Group/ECRA LAWSUIT RE: SALE OF STUDENT INFORMATION| Date Captured | Friday October 30, 2009 10:15 AM | | Parties Subject to Order
ORDERED, ADJUDGED AND DECREED that this Consent Order and Judgment
shall extend to Student Marketing Group, Inc. (“SMG”) and Educational Research Center of
America, Inc. (“ERCA”), their successors, assignees, officers, agents, representatives, affiliates and
employees and any other person under their direction or control, whether acting individually or in
concert with others or through any corporate entity or device through which they may now or
hereafter act or conduct business (collectively “respondents”).
|
| GAOK-12 Education: Many Challenges Arise in Educating Students Who Change Schools Frequently| Date Captured | Monday December 20, 2010 09:20 PM | | GAO-11-40 November 18, 2010 - The recent economic downturn, with foreclosures and homelessness, may be increasing student mobility. |
| Many States Collect Graduates’ Employment Information, but Clearer Guidance on Student Privacy Requirements Is Needed | Date Captured | Monday December 13, 2010 09:17 AM | | GAO-10-927 - GAO recommends that Education
clarify means by which states can
collect and share graduates’
employment information under the
Family Educational Rights and
Privacy Act (FERPA) and establish a time
frame for doing so. Education agreed
with the recommendation.
|
| Congress Should Consider Alternatives for Strengthening Protection of Personally Identifiable Information | Date Captured | Tuesday September 28, 2010 02:51 PM | | GAO-08-795T : In its report GAO identified
alternatives that the Congress
should consider, including revising
the scope of privacy laws to cover
all personal information, requiring
that the use of such information be
limited to a specific purpose, and
revising the structure and
publication of privacy notices. |
| Commercial Activities in Schools: Use of Student Data is Limited and Additional Dissemination of Guidance Could Help Districts Develop Policies| Date Captured | Thursday March 12, 2009 03:16 PM | | GAO -- Recommendation: The Secretary of Education should take additional action to assist districts in understanding that they are required to have specific policies in place for the collection, disclosure, and use of student information for marketing and selling purposes by disseminating its guidance to state school boards associations.
|
| Higher EducationThe Handbook for Campus Safety and Security Reporting| Date Captured | Friday March 11, 2011 07:35 PM | | FERPA does not preclude an institution’s compliance
with the timely warning provision of the campus security
regulations. FERPA recognizes that information can, in case of
an emergency, be released without consent when needed to
protect the health and safety of others. In addition, if
institutions utilize information from the records of a campus
law enforcement unit to issue a timely warning, FERPA is not
implicated as those records are not protected by FERPA. U.S. Department of
Education, Office of Postsecondary Education, The Handbook for Campus Safety and Security Reporting,
Washington, D.C., 2011.
|
| Some questions raised over release of student info (North Dakota)| Date Captured | Tuesday March 08, 2011 04:54 PM | | [North Dakota: High schools across the state would be required to give names, addresses and phone numbers of their students to the State Board of Higher Education under a proposed Senate bill.] [Several committee members expressed concern about the additional information and wanted to make sure parents would be fully aware of what information was being requested before opting out.
That view also was shared by Bev Nielson of the North Dakota School Boards Association.] |
| Identifying Violence-prone Students| Date Captured | Thursday January 13, 2011 02:02 PM | | The fine line higher education officials walk in dealing with troubled students is discussed. |
| Many States Collect Graduates’ Employment Information, but Clearer Guidance on Student Privacy Requirements Is Needed | Date Captured | Monday December 13, 2010 09:17 AM | | GAO-10-927 - GAO recommends that Education
clarify means by which states can
collect and share graduates’
employment information under the
Family Educational Rights and
Privacy Act (FERPA) and establish a time
frame for doing so. Education agreed
with the recommendation.
|
| Delta College trustees won't add more student information to campus directory| Date Captured | Thursday March 18, 2010 01:34 PM | | By Andrew Dodson | The Bay City Times - [Currently, information on Delta College students that is readily available, unless they have opted out, includes their name, degree, address, awards, dates attended, program, participation in activities, enrollment, e-mail and weight and height for members of athletic teams.
Higgs argued that the college should have more items on file, including a student photo, whether or not that student is full or part time and a phone number.
"That's what the courts look to," said Higgs. "Our policy doesn't have those things and it should."
Other board members disagreed, saying that more data collecting isn't required and isn't worth the time. They voted against the plan 8-1.] |
| HIPAAIdentifying Violence-prone Students| Date Captured | Thursday January 13, 2011 02:02 PM | | The fine line higher education officials walk in dealing with troubled students is discussed. |
| Joint Guidance on the Application of the Family Educational Rights and Privacy Act (FERPA) And the Health Insurance Portability and Accountability Act of 1996 (HIPAA) To Student Health Records (ID: CSD5578)| Date Captured | Thursday December 04, 2008 04:36 PM | | The HIPAA Privacy Rule specifically excludes from its coverage those records that are protected by
FERPA. At the elementary or secondary school level, students’ immunization and other health records that
are maintained by a school district or individual school, including a school-operated health clinic,
that receives funds under any program administered by the U.S. Department of Education are
“education records” subject to FERPA, including health and medical records maintained by a school
nurse who is employed by or under contract with a school or school district. Some schools may
receive a grant from a foundation or government agency to hire a nurse. Notwithstanding the
source of the funding, if the nurse is hired as a school official (or contractor), the records maintained
by the nurse or clinic are “education records” subject to FERPA.
|
| Homeless StudentsK-12 Education: Many Challenges Arise in Educating Students Who Change Schools Frequently| Date Captured | Monday December 20, 2010 09:20 PM | | GAO-11-40 November 18, 2010 - The recent economic downturn, with foreclosures and homelessness, may be increasing student mobility. |
| Identity TheftIdentity Theft Reported by Households, 2005-2010 | Date Captured | Monday December 05, 2011 11:06 AM | | Lynn Langton - In 2010, 7.0% of households in the United States, or about 8.6 million households, had at least one member age 12 or older who experienced one or more types of identity theft victimization.
Among households in which at least one member experienced one or more types of identity theft, 64.1% experienced the misuse or attempted misuse of an existing credit card account in 2010.
From 2005 to 2010, the percentage of all households with one or more type of identity theft that suffered no direct financial loss increased from 18.5% to 23.7%.
|
| PREPARED STATEMENT OF THE FEDERAL TRADE COMMISSION on CHILD IDENTITY THEFT| Date Captured | Friday September 02, 2011 09:38 PM | | PREPARED STATEMENT OF THE FEDERAL TRADE COMMISSION
Before the
SUBCOMMITTEE ON SOCIAL SECURITY
of the
HOUSE COMMITTEE ON WAYS AND MEANS
on
Child Identity Theft
Field Hearing
Plano, Texas
September 1, 2011; EXCERPT: A. The Child Identity Theft Forum Discussions [They noted that identity
thieves often steal children’s information from schools, businesses, and government agencies.]
|
| Stolen Futures: A Forum on Child Identity Theft July 12, 2011| Date Captured | Monday July 25, 2011 05:26 PM | | Session 3 TRANSCRIPT - Securing Children’s Data in the Educational System: Steven Toporoff - Federal Trade Commission.
PANELISTS:
Kathleen Styles,
U.S. Department of Education;
Michael Borkoski,
Howard County Maryland Public
Schools;
Larry Wong,
Montgomery County Maryland Public
Schools;
Richard Boyle
ECMC,
Denny Shaw
i-SAFE, Inc.
[This panel will explore the Family Educational Rights and Privacy Act (FERPA) and
initiatives to protect children’s personal information in school systems. We will also
explore lessons learned from a high-profile data breach involving student information.
Finally, the panel will discuss outreach efforts to teach children, teachers, youth
counselors, and school administrators about privacy and securing children’s personal
information.]
|
| Stolen Futures: A Forum on Child Identity Theft July 12, 2011| Date Captured | Monday July 25, 2011 05:16 PM | | Session 2 TRANSCRIPT intro [Linda Foley is the founder and research director of
the Identity Theft Resource Center, a nationwide nonprofit, victim-services advocacy, and
consumer-education program based in San Diego, California. Russell Butler is Executive Director
of the Maryland Crime Victims Resource Center, which provides criminal justice information and
education, support services, therapeutic individual, family, and group counseling, and legal
information, referrals, and representation to victims of crime. And then I have Theresa
Ronnebaum. Theresa is the Identity Theft Program Specialist for the Florida Attorney General's
office with over 15 years experience in victim advocacy.] |
| Stolen Futures: A Forum on Child Identity Theft July 12, 2011| Date Captured | Wednesday July 20, 2011 06:12 PM | | TRANSCRIPT SESSION ONE:
Stolen Futures: A Forum on Child Identity Theft
July 12, 2011; The Federal Trade Commission (FTC) and the Office for Victims Rights (OVC), Office of Justice Programs, U.S. Department of Justice, will hold a forum to discuss child identity theft. Government, business, non-profit, legal service providers, and victim advocates will explore the nature of child identity theft, including foster care identity theft and identity theft within families, with the goal of advising parents and victims on how to prevent the crime and how to resolve child identity theft problems.
|
| ILLINOIS | Information PolicyKindergarten Through 12 Grade Schools’ Collection and Use of Social Security Numbers (A-08-10-11057) | Date Captured | Thursday December 23, 2010 09:53 AM | | OFFICE OF THE INSPECTOR GENERAL SOCIAL SECURITY ADMINISTRATION - Despite the potential risks associated with using SSNs as primary student identifiers,
many K-12 schools continue this practice. While we recognize that SSA cannot prohibit
States or K-12 schools from collecting and using SSNs as student identifiers or for other
purposes, we believe SSA can help reduce the threat of identity theft and SSN misuse
by encouraging States and K-12 schools to reduce unnecessary collection of SSNs and
improve protections and safeguards when collected.
|
| Internet Happy Birthday, Internet| Date Captured | Friday October 30, 2009 08:22 PM | | NPR interview -- authentication and privacy concerns mentioned.
October 30, 2009
[On Oct. 29, 1969, around 10:30 P.M., a message from one computer was sent over a modified phone line to another computer hundreds of miles away. Some say the Internet was born that day. UCLA computer scientist Leonard Kleinrock, who was there, gives his account.]
IMPORTANT EXCERPT:
[Dr. KLEINROCK: Yes. In fact, in those early days, the culture of the Internet was one of trust, openness, shared ideas. You know, I knew everybody on the Internet in those days and I trusted them all. And everybody behaved well, so we had a very easy, open access. We did not introduce any limitations nor did we introduce what we should have, which was the ability to do strong user authentication and strong file authentication. So I know that if you are communicating with me, it's you, Ira Flatow, and not someone else. And if you send me a file, I receive the file you intended me to receive.
We should've installed that in the architecture in the early days. And the first thing we should've done with it is turn it off, because we needed this open, trusted, available, shared environment, which was the culture, the ethics of the early Internet. And then when we approach the late 1980s and the early 1990s and spam, and viruses, and pornography and eventually the identity theft and the fraud, and the botnets and the denial of service we see today, as that began to emerge, we should then slowly have turned on that authentication process, which is part of what your other caller referred to is this IPV6 is an attempt to bring on and patch on some of this authentication capability. But it's very hard now that it's not built deep into the architecture of the Internet.]
|
| Juvenile JusticeTEXAS SB 1106| Date Captured | Saturday August 13, 2011 03:54 PM | | AN ACT relating to the exchange of confidential information concerning
certain juveniles.
|
| LegislationNYC Opposition to A.8474| Date Captured | Thursday June 21, 2012 11:10 PM | |
| California AB.143 | Date Captured | Saturday September 03, 2011 02:40 PM | | INTRODUCED BY Assembly Member Fuentes; This bill would redefine directory information to no longer
include a pupil's place of birth and to also include a pupil's e-mail
address. |
| NYS Sen. Oppenheimer and Sen. Montgomery on S.2357| Date Captured | Tuesday June 21, 2011 04:25 PM | | Sen. Oppenheimer and Sen. Montgomery on S.2357 @ 36:30 minutes. Senators demonstrate responsible data stewardship. S.2357 excerpt:
[(C) UNLESS OTHERWISE ALLOWED BY LAW, A SCHOOL MAY NOT, EVEN WITH THE
AFFIRMATIVE CONSENT OF THE PARENT OF THE STUDENT IN ATTENDANCE OR THE
ELIGIBLE STUDENT IN ATTENDANCE, DISCLOSE PERSONALLY IDENTIFIABLE STUDENT
INFORMATION FOR A COMMERCIAL, FOR-PROFIT ACTIVITY INCLUDING BUT NOT
LIMITED TO USE FOR:
(I) MARKETING PRODUCTS OR SERVICES;
(II) SELLING PERSONALLY IDENTIFIABLE STUDENT INFORMATION FOR USE IN
MARKETING PRODUCTS OR SERVICES;
(III) CREATING OR CORRECTING AN INDIVIDUAL OR HOUSEHOLD PROFILE;
(IV) COMPILATION OF A STUDENT LIST;
(V) SALE OF THE INFORMATION FOR ANY COMMERCIAL PURPOSE; OR
(VI) ANY OTHER PURPOSE CONSIDERED BY THE SCHOOL AS LIKELY TO BE A
COMMERCIAL, FOR-PROFIT ACTIVITY.
(D) IN MAKING AN ALLOWABLE DISCLOSURE UNDER THIS SUBDIVISION, A SCHOOL
MAY ONLY DISCLOSE THE MINIMUM AMOUNT OF INFORMATION NECESSARY TO ACCOM
PLISH THE PURPOSE OF THE DISCLOSURE.]
|
| New York Senate; S.2357-B| Date Captured | Tuesday June 07, 2011 12:07 PM | | This bill, sponsored by Sen. Oppenheimer, restricts the sale of student PII and requires affirmative consent for the release of sensitive information. |
| U.S. Department of Education (USED) Safeguarding Student Privacy | Date Captured | Friday April 08, 2011 06:38 PM | | The use of data is vital to ensuring the best education for our children. However, the benefits of using
student data must always be balanced with the need to protect students’ privacy rights. Students and their
parents should expect that their personal information is safe, properly collected and maintained and that it is
used only for appropriate purposes and not improperly redisclosed. It is imperative to protect students’
privacy to avoid discrimination, identity theft or other malicious and damaging criminal acts. All education
data holders must act responsibly and be held accountable for safeguarding students’ personally identifiable
information – from practitioners of early learning to those developing systems across the education
continuum (P-20) and from schools to their contractors. The need for articulated privacy protections and
data security continues to grow as Statewide Longitudinal Data Systems (SLDS) are built and more education
records are digitized and shared electronically. As States develop and refine their information management
systems, it is critical that they ensure that student information continues to be protected and that students’
personally identifiable information is disclosed only for authorized purposes and under the circumstances
permitted by law. All P-20 stakeholders should be involved in the development of these statewide systems
and protection policies. |
| TITLE 20 > CHAPTER 31 > SUBCHAPTER III > Part 4 > § 1232g| Date Captured | Tuesday March 15, 2011 12:47 PM | | FERPA statute regarding directory information - note PICTURE and E-MAIL NOT in statute. US ED added through regulations -- they were not added by Congress: 5)(A) For the purposes of this section the term “directory information” relating to a student includes the following: the student’s name, address, telephone listing, date and place of birth, major field of study, participation in officially recognized activities and sports, weight and height of members of athletic teams, dates of attendance, degrees and awards received, and the most recent previous educational agency or institution attended by the student. |
| NEW YORK PUBLIC OFFICERS LAW, ARTICLE 6 SECTIONS 84-90 FREEDOM OF INFORMATION LAW| Date Captured | Monday March 14, 2011 06:20 PM | | Freedom of Information Law
PUBLIC OFFICERS LAW, ARTICLE 6 SECTIONS 84-90
FREEDOM OF INFORMATION LAW:
[iii. sale or release of lists of names and addresses if such lists would be used for solicitation or fund-raising purposes;] |
| OHIO 3319.321 Confidentiality| Date Captured | Thursday March 10, 2011 02:40 PM | | Ohio Revised Code » Title [33] XXXIII EDUCATION (A) No person shall release, or permit access to, the directory information concerning any students
attending a public school to any person or group for use in a profit-making plan or activity.
Notwithstanding division (B)(4) of section 149.43 of the Revised Code, a person may require disclosure
of the requestor’s identity or the intended use of the directory information concerning any students
attending a public school to ascertain whether the directory information is for use in a profit-making plan
or activity.
|
| Letter to: Chairman Boucher and Ranking Member Stearns| Date Captured | Monday June 07, 2010 06:26 PM | | Mike Sachoff -- [In response to a discussion draft of a new privacy bill now under consideration by the House Subcommittee on Communications, Technology and the Internet, ten privacy and consumer groups today called for stronger measures to protect consumer privacy both online and off.
The organizations including the Consumer Federation of America, Electronic Frontier Foundation, Consumer Watchdog, World Privacy Forum, Consumer Action, USPIRG, Privacy Rights Clearinghouse, Privacy Times, Privacy Lives, and the Center for Digital Democracy, raised their concerns in a letter to Subcommittee Chairman Rick Boucher and Ranking Member Cliff Stearns.
The groups recommended the following:
*The bill should incorporate the Fair Information Practice Principles that have long served as the bedrock of consumer privacy protection in the U.S., including the principle of not collecting more data than is necessary for the stated purposes, limits on how long data should be retained, and a right to access and correct one's data.
*The bill's definitions of what constitutes "sensitive information" need to be expanded; for instance, to include health-related information beyond just "medical records."
*The bill should require strict "opt-in" procedures for the collection and use of covered data and should prohibit the collection and use of any sensitive information except for the transactions for which consumers provided it.]
|
| DRAFT - Boucher bill| Date Captured | Thursday May 06, 2010 08:34 AM | | A BILL : To require notice to and consent of an individual prior to
the collection and disclosure of certain personal informa-
tion relating to that individual.
|
| Proposed Privacy Legislation Wins Few Fans| Date Captured | Thursday May 06, 2010 08:24 AM | | WSJ : [ The goal for the legislation is to set a standard for consumer privacy protections and also provide consumers with more transparency and control regarding the collection, use and sharing of their information, said Rep. Rick Boucher (D., Va.). Mr. Boucher released a draft of the bill for discussion on Tuesday along with Rep. Cliff Stearns (R., Fla.).
The bill stipulates that as a general rule companies can collect information about consumers unless a person opts out of that data collection — a point of contention among privacy advocates.
The regulation also specifies standards for the collection and use of personally identifiable information. Companies must disclose to consumers if they are collecting personally identifiable information and how they are using that data. Consumers must give a company permission to share that personally identifiable information with outside companies. ] |
| FERPA Legislative History| Date Captured | Wednesday May 05, 2010 10:21 AM | | The Family Educational Rights and Privacy Act of 1974 (“FERPA”), § 513 of P.L. 93-
380 (The Education Amendments of 1974), was signed into law by President Ford on
August 21, 1974, with an effective date of November 19, 1974, 90 days after enactment.
FERPA was enacted as a new § 4381 of the General Education Provisions Act (GEPA)
called “Protection of the Rights and Privacy of Parents and Students,” and codified at 20
U.S.C. § 1232g.2 It was also commonly referred to as the “Buckley Amendment” after
its principal sponsor, Senator James Buckley of New York. FERPA was offered as an
amendment on the Senate floor and was not the subject of Committee consideration.
Accordingly, traditional legislative history for FERPA as first enacted is unavailable.
|
| Federal Register: July 6, 2000 (Volume 65, Number 130)| Date Captured | Tuesday March 09, 2010 04:56 PM | | DEPARTMENT OF EDUCATION - 34 CFR Part 99 - Family Educational Rights and Privacy- AGENCY: Department of Education. ACTION: Final regulations. SUMMARY: The Secretary amends the regulations implementing the Family
Educational Rights and Privacy Act (FERPA). The amendments are needed
to implement sections 951 and 952 of the Higher Education Amendments of
1998 (HEA). These amendments permit postsecondary institutions to
disclose certain information to the public and to parents of students.
DATES: These regulations are effective August 7, 2000. |
| H.R.6. Higher Education Amendments of 1998| Date Captured | Monday March 08, 2010 06:54 PM | | An Act - To extend the authorization of programs under the Higher Education Act of 1965,
and for other purposes.
Be it enacted by the Senate and House of Representatives of
the United States of America in Congress assembled,
SECTION 1. SHORT TITLE; TABLE OF CONTENTS.
(a) SHORT TITLE.—This Act may be cited as the ‘‘Higher Education Amendments of 1998’’.
|
| Summary of LD 1677 Bill Info LD 1677 (SP 649) "An Act To Protect Minors from Pharmaceutical Marketing Practices" | Date Captured | Thursday January 07, 2010 06:04 PM | | State of Maine Legislature - "An Act To Protect Minors from Pharmaceutical Marketing Practices" --
Sponsored by Senator Elizabeth Schneider. -- IAPP writes -- [The bill applies to online information only and is limited to pharmaceutical marketing. It gives the attorney general the power to adopt rules to determine its scope. Violation of the law would be considered an unfair trade practice.] |
| Lawmakers probe deeper into privacy | Date Captured | Saturday November 21, 2009 01:16 PM | | By Kim Hart - 11/19/09 04:00 PM ET - [Jennifer Barrett, an executive with Acxiom, a marketing company, said the firm could collect 1,500 possible data points about individual consumers, such as age, hobbies, address, occupation and recent purchases. Acxiom typically maintains 20-40 data points on the average person. Acxiom receives that information from public records, surveys consumers fill out voluntarily (such as warranty cards) and information from other companies.
In response to questions from Rep. Mike Doyle (D-Penn.), Barrett said consumers can see what data has been stored about them and can change or delete information used for marketing purposes. But consumers cannot find out who else has bought their data from Axciom.] |
| Federal data breach notification standard must pre-empt state laws| Date Captured | Monday November 16, 2009 08:33 PM | | Nextgov Jill R. Aitoro writes -- [The Data Breach Notification Act, introduced in January by Sen. Dianne Feinstein, D-Calif., would authorize the attorney general to bring civil actions against firms that failed to notify people whose personal information had been compromised in a breach and would extend notification requirements to government agencies. The Personal Data Privacy and Security Act, introduced in July by Sen. Patrick Leahy, D-Vt., also would set notification requirements and tighter criminal penalties for identity theft and willful concealment of a breach, and would require businesses to implement preventive security standards to guard against threats to their databases.]
[Two states are credited for having breach notification laws with the most teeth, said Peter McLaughlin, senior counsel with Foley & Lardner LLP and a member of the law firm's privacy, security and information management practice. Foley & Lardner released a report on Monday that provides in-depth coverage of all major aspects of U.S. and international security breach laws.] |
| PUBLIC Law, Chapter 230 LD 1183, item 1, 124th Maine State Legislature | Date Captured | Sunday November 08, 2009 10:35 PM | | SP0431, LR 597, item 1, Signed on 2009-06-02 00:00:00.0 - First Regular Session - 124th Maine Legislature, page 1 -
2. Marketing purposes. "Marketing purposes," with respect to the use of health-related
information or personal information, means the purposes of marketing or advertising products, goods or
services to individuals.
3. Person. "Person" includes an individual, firm, partnership, corporation, association, syndicate,
organization, society, business trust, attorney-in-fact and every natural or artificial legal entity.
4. Personal information. "Personal information" means individually identifiable information,
including:
A. An individual's first name, or first initial, and last name;
B. A home or other physical address;
C. A social security number;
D. A driver's license number or state identification card number; and
E. Information concerning a minor that is collected in combination with an identifier described in
this subsection.
5. Verifiable parental consent. "Verifiable parental consent" means any reasonable effort,
taking into consideration available technology, including a request for authorization for future collection,
use and disclosure described in the notice, to ensure that a parent of a minor receives notice of the
PUBLIC Law, Chapter 230 LD 1183, item 1, 124th Maine State Legislature
An Act To Prevent Predatory Marketing Practices against Minors
collection of personal information, use and disclosure practices and authorizes the collection, use and
disclosure, as applicable, of personal information and the subsequent use of that information before that
information is collected from that minor.
§ 9552. Unlawful collection and use of data from minors |
| 201 CMR 17.00: STANDARDS FOR THE PROTECTION OF PERSONAL INFORMATION OF RESIDENTS OF THE COMMONWEALTH| Date Captured | Saturday November 07, 2009 04:49 PM | | (1) Purpose
This regulation implements the provisions of M.G.L. c. 93H relative to the standards to be met
by persons who own or license personal information about a resident of the Commonwealth of
Massachusetts. This regulation establishes minimum standards to be met in connection with
the safeguarding of personal information contained in both paper and electronic records. The
objectives of this regulation are to insure the security and confidentiality of customer
information in a manner fully consistent with industry standards; protect against anticipated
threats or hazards to the security or integrity of such information; and protect against unauthorized access to or use of such information that may result in substantial harm or
inconvenience to any consumer. |
| ‘‘Building Effective Strategies To Promote Responsibility Accountability Choice Transparency Innovation Consumer Expectations and Safeguards Act’’ or the ‘‘BEST PRACTICES Act’’| Date Captured | Thursday November 05, 2009 03:19 PM | | H. R. 5777 -- To foster transparency about the commercial use of personal information,
provide consumers with meaningful choice about the collection, use, and
disclosure of such information, and for other purposes.
[Requires information brokers to: (1) establish procedures to verify the accuracy of information that identifies individuals; (2) provide to individuals whose personal information it maintains a means to review it; (3) place notice on the Internet instructing individuals how to request access to such information; and (4) correct inaccurate information. Directs the FTC to require information brokers to establish measures which facilitate the auditing or retracing of access to, or transmissions of, electronic data containing personal information. Prohibits information brokers from obtaining or disclosing personal information by false pretenses (pretexting).]
|
| ‘‘Personal Data Privacy and Security Act of 2009’’ S. 1490| Date Captured | Wednesday November 04, 2009 02:19 PM | | 11TH CONGRESS - 1ST SESSION -- S. 1490:
To prevent and mitigate identity theft, to ensure privacy, to provide notice
of security breaches, and to enhance criminal penalties, law enforcement
assistance, and other protections against security breaches, fraudulent
access, and misuse of personally identifiable information.
|
| Longitudinal DatabaseHow Much Data Is Enough Data? What happens to privacy when bureaucracies exceed their scope| Date Captured | Thursday October 18, 2012 04:38 PM | | The following is a detailed account of Oklahoma’s P20 Council (that organization dedicated to the collection of “educational data” as prescribed by the Obama Administration through development of a State Longitudinal Data System (SLDS))- their operation, goals and function in the state of Oklahoma. This is, in fact, very important information, as EVERY STATE IN THE UNION is to have a similar council. Not all SLDS development groups are called, P20 (which stands for pre-K to 20 years of age – the time span over which this data is to be collected and accrued). Some other acronyms are P12, P20 Workforce and SLDS. |
| Pivotal Role of Policymakers as Leaders of P–20/Workforce Data Governance| Date Captured | Friday September 21, 2012 01:40 PM | | Outlines the actions policymakers can take to effectively develop and lead P–20W data governance and ensure that data systems meet stakeholder needs. |
| SHARED LEARNING INFRASTRUCTURE AND FERPA | Date Captured | Wednesday April 25, 2012 04:02 PM | |
| Updated Guidance on the Collection and Reporting of Teacher and Course Data in the Student Information Repository System (SIRS)| Date Captured | Wednesday February 29, 2012 09:19 AM | | This memorandum provides important updates on the implementation of federal and State requirements for reporting professional staff and course data for students. This guidance directly addresses three issues:
(1) Federal and State requirements for charter and other public schools, school districts, and BOCES to report additional student data, including course enrollment and the teachers/principals responsible for a student’s instruction;
(2) The timeline for reporting new data elements; and
(3) Implementation strategies for collecting and reporting these data. |
| NEW YORK: RACE TO THE TOP ANNUAL PERFORMANCE REPORT | Date Captured | Friday January 20, 2012 02:57 PM | | New York faces the ongoing challenge of communicating and collaborating with its various stakeholders. Similarly, the complexity of reviewing and approving Scopes of Work, budgets, expenditures, and evaluation plans
for all of the State’s participating LEAs presented a formidable
task that required a high level of strategic planning and logistical coordination by NYSED leadership. The State is working to overcome these challenges by investing in communication tools and leveraging other quality-control methods (such as a new online expenditure reporting tool) in order to increase its responsiveness and efficiency in the future. |
| S. 1464 - METRICS Act| Date Captured | Saturday August 13, 2011 03:10 PM | | To enable States to implement integrated statewide education longitudinal data systems. This Act may be cited as the ``Measuring and Evaluating Trends for
Reliability, Integrity, and Continued Success (METRICS) Act of 2011''
or the ``METRICS Act''.
|
| NYS Sen. Oppenheimer and Sen. Montgomery on S.2357| Date Captured | Tuesday June 21, 2011 04:25 PM | | Sen. Oppenheimer and Sen. Montgomery on S.2357 @ 36:30 minutes. Senators demonstrate responsible data stewardship. S.2357 excerpt:
[(C) UNLESS OTHERWISE ALLOWED BY LAW, A SCHOOL MAY NOT, EVEN WITH THE
AFFIRMATIVE CONSENT OF THE PARENT OF THE STUDENT IN ATTENDANCE OR THE
ELIGIBLE STUDENT IN ATTENDANCE, DISCLOSE PERSONALLY IDENTIFIABLE STUDENT
INFORMATION FOR A COMMERCIAL, FOR-PROFIT ACTIVITY INCLUDING BUT NOT
LIMITED TO USE FOR:
(I) MARKETING PRODUCTS OR SERVICES;
(II) SELLING PERSONALLY IDENTIFIABLE STUDENT INFORMATION FOR USE IN
MARKETING PRODUCTS OR SERVICES;
(III) CREATING OR CORRECTING AN INDIVIDUAL OR HOUSEHOLD PROFILE;
(IV) COMPILATION OF A STUDENT LIST;
(V) SALE OF THE INFORMATION FOR ANY COMMERCIAL PURPOSE; OR
(VI) ANY OTHER PURPOSE CONSIDERED BY THE SCHOOL AS LIKELY TO BE A
COMMERCIAL, FOR-PROFIT ACTIVITY.
(D) IN MAKING AN ALLOWABLE DISCLOSURE UNDER THIS SUBDIVISION, A SCHOOL
MAY ONLY DISCLOSE THE MINIMUM AMOUNT OF INFORMATION NECESSARY TO ACCOM
PLISH THE PURPOSE OF THE DISCLOSURE.]
|
| New York Senate; S.2357-B| Date Captured | Tuesday June 07, 2011 12:07 PM | | This bill, sponsored by Sen. Oppenheimer, restricts the sale of student PII and requires affirmative consent for the release of sensitive information. |
| Education New York comments re Student Privacy submitted to FERPA NPRM - May 23, 2011| Date Captured | Monday May 23, 2011 09:22 PM | | Document ID: ED-2011-OM-0002-0001: Family Educational Rights and Privacy. The proposed changes to FERPA do not adequately address the capacity of marketers
and other commercial enterprises to capture, use, and re-sell student information. Even
with privacy controls in place, it is also far too easy for individuals to get a hold of
student information and use it for illegal purposes, including identity theft, child
abduction in custody battles, and domestic violence. Few parents are aware, for
example, that anyone can request -- and receive -- a student directory from a school.
Data and information breaches occur every day in Pre-K-20 schools across the country,
so that protecting student privacy has become a matter of plugging holes in a dyke
rather than advancing a comprehensive policy that makes student privacy protection
the priority.
|
| Supporting Data Use While Protecting the Privacy, Security and Confidentiality of Student Information| Date Captured | Monday May 02, 2011 06:28 PM | | Data Quality Campaign: [Meet the moral and legal responsibility to
respect the privacy and the confidentiality
of students’ personally identifiable
information; Mitigate risks related to the intentional
and unintentional misuse of data, which are
amplified by the digital nature of today’s
society in which more information — in
education and every sector — is housed and
shared in electronic and web-based forms;
and ensure clarity around roles and responsibilities, including
states’ authority to share data, in what form the data can be
shared, at what level of detail, with whom and with what
protections in place.] |
| DQC: The American Recovery and Reinvestment Act (ARRA) Support for State Longitudinal Data Systems (SLDS)| Date Captured | Friday April 22, 2011 05:06 PM | | Data Quality Campaign - The American Recovery and Reinvestment Act provides federal support to states to further build
and promote the use of statewide longitudinal data systems. This document includes:
1. ARRA Overview and Data Systems;
a. American Recovery and Reinvestment Act;
b. America COMPETES Act;
2. State Stabilization Funds and Assurances
3. Institute of Education Sciences State Longitudinal Data Systems Grants:
a. American Recovery and Reinvestment Act – IES Funding;
4. U.S. Department of Education Guidance on Implementation of ARRA :
a. Fact sheet: The American Recovery and Reinvestment Act of 2009: Saving and
Creating Jobs and Reforming Education;
b. Letter to Governors from Secretary of Education Arne Duncan
c. Implementing the American Recovery Act – Letter from Secretary of Education
Arne Duncan |
| U.S. Department of Education (USED) Safeguarding Student Privacy | Date Captured | Friday April 08, 2011 06:38 PM | | The use of data is vital to ensuring the best education for our children. However, the benefits of using
student data must always be balanced with the need to protect students’ privacy rights. Students and their
parents should expect that their personal information is safe, properly collected and maintained and that it is
used only for appropriate purposes and not improperly redisclosed. It is imperative to protect students’
privacy to avoid discrimination, identity theft or other malicious and damaging criminal acts. All education
data holders must act responsibly and be held accountable for safeguarding students’ personally identifiable
information – from practitioners of early learning to those developing systems across the education
continuum (P-20) and from schools to their contractors. The need for articulated privacy protections and
data security continues to grow as Statewide Longitudinal Data Systems (SLDS) are built and more education
records are digitized and shared electronically. As States develop and refine their information management
systems, it is critical that they ensure that student information continues to be protected and that students’
personally identifiable information is disclosed only for authorized purposes and under the circumstances
permitted by law. All P-20 stakeholders should be involved in the development of these statewide systems
and protection policies. |
| United States House of Representatives Committee on Education and Labor Hearing on “How Data Can be Used to Inform Educational Outcomes” April 14, 2010 | Date Captured | Monday March 14, 2011 07:36 PM | |
1. States are warehousing sensitive information about identifiable children.
2. The Fordham CLIP study documents that privacy protections are
lacking and rules need to be developed and implemented to assure that
children’s educational records are adequately protected.
3. As part of basic privacy standards, strong data security is necessary to
minimize the risks of data invasions, scandals and melt-downs from
centralized databases of children’s personal information.
Statement of Joel R. Reidenberg, Professor of Law and Founding Academic Director Center on Law and Information Policy, Fordham University School of Law New York, NY
|
| GAMMILL v USED - USA Merit System Board documents| Date Captured | Monday March 14, 2011 01:14 PM | | Proposed regulatory (not statutory) change vastly expands term authorized representative well beyond these four 3 entities: Comptroller General of US, Secretary, Attorney General, and state or local education authorities. (See pages 10 and 11) |
| PAUL GAMMILL v U.S. DEPARTMENT OF EDUCATION| Date Captured | Monday March 14, 2011 12:44 PM | | Whistleblower Retaliation lawsuit filed by Gammill against USED for retaliation of sharing an illegal attempt to circumvent FERPA. Case Number: 1:2011cv00409;
Filed: February 18, 2011;
Court: District Of Columbia District Court;
Office: Washington, DC Office;
County: 88888;
Presiding Judge: John D. Bates
|
| P-20 Data System with Instructional Reporting | Date Captured | Thursday March 10, 2011 09:18 PM | | 2010 SLDS P-20 Best Practice Conference - Summary:
The Statewide Longitudinal Data Systems Grant Program (SLDS) hosted the 2010 SLDS P-20 Best Practice Conference on November 16–17, 2010, in Washington, DC. The meeting served as a forum for dialogue, collaboration, and the sharing of best practices, providing the opportunity for more than 150 representatives from forty-nine states and the District of Columbia. FY 2006, FY 2007, FY 2009, and FY 2009 ARRA grantee states shared solutions and ideas with one another and took home information on topics identified as critical to their projects in the upcoming year.
|
| Data Quality Campaign (DQC) archived webcasts/events| Date Captured | Monday March 07, 2011 06:20 PM | | Amazing SLDS/longitudinal database resource. |
| Data Quality Campaign Release of Data for Action 2010: DQC's State Analysis| Date Captured | Monday March 07, 2011 06:15 PM | | On February 16, 2011 DQC discussed the results of its sixth annual state analysis Data for Action 2010, a powerful policymaking tool to drive education leaders to use data in decision making. Data for Action is a series of analyses on states’ ability to collect and use data to improve student success. It provides transparency about state progress and priority actions they need to take to collect and use longitudinal data to improve student success.
|
| Basic Concepts and Definitions for Privacy and Confidentiality in Student Education Records | Date Captured | Thursday March 03, 2011 01:21 PM | | NCES 2011-601 This first brief discusses basic concepts and definitions that establish a common set
of terms related to the protection of personally identifiable information, especially
in education records.
|
| Recommendations on Data Security and Privacy Protections| Date Captured | Saturday February 19, 2011 11:00 PM | | Excerpted from the Data Protections Report submitted to the U.S. Department of Education’s Performance Information Management Service by Highlight Technologies on June 16, 2010. (Where is original report and comments?)
|
| NCES 2011-602 Data Stewardship: Managing Personally Identifiable Information in Electronic Student Education Records | Date Captured | Tuesday January 04, 2011 09:55 PM | | SLDS Technical Brief - Guidance for Statewide Longitudinal Data Systems (SLDS) [A privacy and data protection program for student education records must include an array of
rules and procedures for protecting PII held in the record system. It also must include a full set
of public disclosures of the existence and uses of the information included in the data system,
a description of all parents’ or eligible students’ rights to review and appeal the contents of an
individual education record and of their rights and the procedures to appeal a violation. ]*****[A school directory may include PII such as a student’s name, grade level, and contact information. Taken by itself, the release of this information is not harmful to a student. However, when combined with the student’s Social Security Number or another identifier and the student’s education record, this information has the potential for violating a student’s right to privacy. The release of this combined record could lead to harm or embarrassment. Thus, the privacy and data protection program should focus on PII that will be maintained in the electronic student record system with its likely wealth of student data.2} |
| Directory Information Part 1 (WAV file, no text -- it's audio) | Date Captured | Sunday December 26, 2010 05:36 PM | | EDNY comments on Data Quality Campaign webcast with US ED response. See Part 2 for continuation of conversation. |
| Directory Information Part 2 (This file is an audio 'wav' file) | Date Captured | Sunday December 26, 2010 05:23 PM | | Part 2 of EDNY comments on Data Quality Campaign webcast with US ED response. |
| New York State Student Information Repository System (SIRS) Manual| Date Captured | Wednesday December 22, 2010 08:44 PM | | New York State Student t Information Repository System (SIRS) Manual; Reporting Data for the 2010–11 School Year (SEE APPENDIX 19)
|
| K-12 Education: Many Challenges Arise in Educating Students Who Change Schools Frequently| Date Captured | Monday December 20, 2010 09:20 PM | | GAO-11-40 November 18, 2010 - The recent economic downturn, with foreclosures and homelessness, may be increasing student mobility. |
| Many States Collect Graduates’ Employment Information, but Clearer Guidance on Student Privacy Requirements Is Needed | Date Captured | Monday December 13, 2010 09:17 AM | | GAO-10-927 - GAO recommends that Education
clarify means by which states can
collect and share graduates’
employment information under the
Family Educational Rights and
Privacy Act (FERPA) and establish a time
frame for doing so. Education agreed
with the recommendation.
|
| Congress Should Consider Alternatives for Strengthening Protection of Personally Identifiable Information | Date Captured | Tuesday September 28, 2010 02:51 PM | | GAO-08-795T : In its report GAO identified
alternatives that the Congress
should consider, including revising
the scope of privacy laws to cover
all personal information, requiring
that the use of such information be
limited to a specific purpose, and
revising the structure and
publication of privacy notices. |
| Education and Workforce Data Connections: A Primer on States’ Status| Date Captured | Wednesday April 14, 2010 06:16 PM | | Data Quality Campaign - [States are currently working to connect education and workforce data, however, states are far from
reaching the goal of having data systems that can link across the P-20/Workforce spectrum. To connect
these education and workforce databases, states should
engage a broad range of stakeholders to:
1. Prioritize, through broad-based stakeholder input, the
critical policy questions to drive the development and
use of longitudinal data systems.
2. Ensure data systems are interoperable within and
across agencies and states by adopting or developing
common data standards, definitions and language.
3. Protect personally identifiable information through
governance policies and practices that promote the
security of the information while allowing appropriate
data access and sharing.] |
| Clash Over Student Privacy| Date Captured | Tuesday March 09, 2010 05:05 PM | | This document should not be shared due to copyright. Inside Higher Ed - [WASHINGTON -- The U.S. Education Department has fired the top federal official charged with protecting student privacy, in what the dismissed official says was a conflict with the agency's political leaders over their zeal to encourage the collection of data about students' academic performance.
Paul Gammill says he was physically escorted out of the department's offices on a Friday morning last month after he refused to resign as director of the agency's Family Policy Compliance Office. Administration officials said that "[p]rivacy laws require us to keep certain employment matters confidential, so we cannot comment on Mr. Gammill.
But Gammill, not so encumbered, maintains that he was dismissed because, on several occasions, he argued in internal meetings and documents that the department's approach to prodding states to expand their longitudinal student data systems violated the Family Educational Rights and Privacy Act, which protects the privacy of students' educational records.] |
| Putting Private Info on Government Database | Date Captured | Tuesday March 09, 2010 04:34 PM | | Phyllis Schlafly writes - [The Fordham report made numerous recommendations to beef up student privacy, such as collecting only information relevant to articulated purposes, purging unjustified data, enacting time limits for data retention and hiring a chief privacy officer for each state. There is no indication that these suggestions will be implemented.
The Obama Department of Education officials believe that collecting personally identifiable data is "at the heart of improving schools and school districts." One of the four reform mandates of the Race to the Top competition is to establish pre-kindergarten to college-and-career data systems that "track progress and foster continuous improvement."] |
| Data Quality Campaign Quarterly Issue Meeting: Linking Data Across Agencies: States That Are Making It Work | Date Captured | Monday November 09, 2009 07:27 PM | | The Data Quality Campaign (DQC) will host Linking Data Across Agencies: States That Are Making It Work on Thursday, November 12, 2009 from 2:30 to 4:30 P.M. (ET) in Washington, DC at the Hall of the States, 444 North Capitol Street, Room 233-235. This meeting will highlight leading states that are successfully linking data across systems and agencies to answer critical policy questions aimed at improving student achievement. A corresponding issue brief co-authored by the DQC and the Forum for Youth Investment will be released at the meeting that captures the current status of states’ ability to link data across agencies and provide several state case studies that capture promising strategies to sharing individual-level data across systems and agencies to improve student achievement.
Registration to attend in person is required by Tuesday November 10, 2009 and strongly encouraged if participating in the interactive webcast. Seating is limited, so please sign up early! A video of this session and corresponding issue brief will be available at the campaign’s Web site after November 16, 2009. |
| CHILDREN’S EDUCATIONAL RECORDS AND PRIVACY -- A STUDY OF ELEMENTARY AND SECONDARY SCHOOL STATE REPORTING SYSTEMS -- October 28, 2009 | Date Captured | Friday October 30, 2009 09:44 AM | | [The Study reports on the results of a survey of all fifty states and finds that state educational databases across the country ignore key privacy protections for the nation's K-12 children. The Study finds that large amounts of personally identifiable data and sensitive personal information about children are stored by the state departments of education in electronic warehouses or for the states by third party vendors. These data warehouses typically lack adequate privacy protections, such as clear access and use restrictions and data retention policies, are often not compliant with the Family Educational Rights and Privacy Act, and leave K-12 children unprotected from data misuse, improper data release, and data breaches. The Study provides recommendations for best practices and legislative reform to address these privacy problems.]
Joel R. Reidenberg, Professor of Law and Founding Academic Director of CLIP
Jamela Debelak, Esq., Executive Director of CLIP |
| Migrant EducationK-12 Education: Many Challenges Arise in Educating Students Who Change Schools Frequently| Date Captured | Monday December 20, 2010 09:20 PM | | GAO-11-40 November 18, 2010 - The recent economic downturn, with foreclosures and homelessness, may be increasing student mobility. |
| MOOCWhat Campus Leaders Need to Know About MOOCs| Date Captured | Friday February 08, 2013 12:59 PM | |
| MOOC ALERT| Date Captured | Wednesday February 06, 2013 02:09 PM | | MOOCs are MASSIVE OPEN ONLINE COURSES |
| What Campus Leaders Need to Know About MOOCs| Date Captured | Friday February 01, 2013 10:42 PM | | An EDUCAUSE Executive Briefing on MASSIVE OPEN ONLINE COURSES (MOOCs) |
| NCLBNew York State Student Information Repository System (SIRS) Manual| Date Captured | Wednesday December 22, 2010 08:44 PM | | New York State Student t Information Repository System (SIRS) Manual; Reporting Data for the 2010–11 School Year (SEE APPENDIX 19)
|
| Education and Workforce Data Connections: A Primer on States’ Status| Date Captured | Wednesday April 14, 2010 06:16 PM | | Data Quality Campaign - [States are currently working to connect education and workforce data, however, states are far from
reaching the goal of having data systems that can link across the P-20/Workforce spectrum. To connect
these education and workforce databases, states should
engage a broad range of stakeholders to:
1. Prioritize, through broad-based stakeholder input, the
critical policy questions to drive the development and
use of longitudinal data systems.
2. Ensure data systems are interoperable within and
across agencies and states by adopting or developing
common data standards, definitions and language.
3. Protect personally identifiable information through
governance policies and practices that promote the
security of the information while allowing appropriate
data access and sharing.] |
| New York StateNEW YORK PUBLIC OFFICERS LAW, ARTICLE 6 SECTIONS 84-90 FREEDOM OF INFORMATION LAW| Date Captured | Monday March 14, 2011 06:20 PM | | Freedom of Information Law
PUBLIC OFFICERS LAW, ARTICLE 6 SECTIONS 84-90
FREEDOM OF INFORMATION LAW:
[iii. sale or release of lists of names and addresses if such lists would be used for solicitation or fund-raising purposes;] |
| NYC SchoolsNYC Schools Parents Bill of Rights| Date Captured | Monday February 14, 2011 09:49 PM | | Parents have the right to: 12. consent to disclosures of personally identifiable information contained in the
student’s education records, except to the extent that Family Educational Rights
and Privacy Act (FERPA) and Chancellor’s Regulation A-820 authorize disclose without consent. |
| NYC P-3 SCHOOL FAMILY HANDBOOK | Date Captured | Sunday February 13, 2011 05:39 PM | | See page 19 for information deemed appropriate to release about 4 year old CHILDREN. |
| CONFIDENTIALITY AND RELEASE OF STUDENT RECORDS; RECORDS RETENTION| Date Captured | Sunday February 13, 2011 03:13 PM | | This regulation supersedes New York City Chancellor’s Regulation A-820 dated July 8, 2008. Changes: • The regulation was revised to conform to amendments to federal regulations under the Family
Educational Rights and Privacy Act (“FERPA”).
|
| OMBM-03-22, OMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002| Date Captured | Tuesday March 15, 2011 10:00 PM | | A. Definitions;
Information in identifiable form- is information in an IT system or online collection: (i) that directly identifies an individual (e.g., name, address, social security number or other identifying number or code, telephone number, email address, etc.) or (ii) by which an agency intends to identify specific individuals in conjunction with other data elements, i.e., indirect identification. (These data elements may include a combination of gender, race, birth date, geographic indicator, and other descriptors).2Information in identifiable form is defined in section 208(d) of the Act as "any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means." Information "permitting the physical or online contacting of a specific individual" (see section 208(b)(1)(A)(ii)(II)) is the same as "information in identifiable form." |
| Opt-OutOpt-Out 2014: Protect Children video| Date Captured | Tuesday August 12, 2014 06:39 PM | |
| DECEMBER 2011 – REVISED FERPA REGULATIONS: AN OVERVIEW FOR PARENTS AND STUDENTS| Date Captured | Monday November 12, 2012 11:00 AM | | It is important for schools to have directory information policies, as schools may not do even mundane activities (such as publishing yearbooks or creating graduation programs) without having designated the items about the students contained in the publications as directory information. For example, without a directory information policy, FERPA would require schools to obtain consent for every student every time it wants to publish a yearbook. However, many schools have been forgoing designations of directory information, as they have concluded that such designations would put students at risk of becoming targets of marketing campaigns, the media, or even victims of criminal acts |
| New York State Sample Parental Notice Language for 2011-2012 School Year | Date Captured | Tuesday January 24, 2012 01:44 PM | | If you do not wish to have your child’s weight status group information included as part of the Health Department’s survey this year, please print and sign your name below and return this form: |
| | Example of customized opt-out form | Date Captured | Sunday September 04, 2011 07:45 PM | | COLLEGE OF CHARLESTON
FERPA DIRECTORY INFORMATION OPT-OUT FORM - note parents or college students have choices as to which information they want to share. |
| Parent InvolvementFLORIDA HB 543| Date Captured | Tuesday January 31, 2012 07:09 PM | | Bill to be entitled: An act relating to parental involvement and
accountability in public schools; creating s.
1008.347, F.S.; providing purpose to provide
information and tools to parents of prekindergarten
through grade 5 students and to set minimum standards
for parental involvement; specifying causes for
student underachievement; requiring shared information
between teachers, schools, and parents; requiring
prekindergarten through grade 5 teachers to evaluate
parental involvement and send a parental involvement evaluation to parents under certain circumstances;
requiring adoption of a process to dispute a parental involvement evaluation; requiring reports on parental involvement evaluations by district school boards and the Department of Education; providing for
implementation;. |
| PPRAFamily Policy Compliance Office (FPCO)| Date Captured | Wednesday November 04, 2009 05:04 PM | | The mission of the Family Policy Compliance Office (FPCO) is to meet the needs of the Department's primary customers--learners of all ages--by effectively implementing two laws that seek to ensure student and parental rights in education: the Family Educational Rights and Privacy Act (FERPA) and the Protection of Pupil Rights Amendment (PPRA). |
| Protection of Pupil Rights Amendment (PPRA) | Date Captured | Friday October 30, 2009 11:00 AM | | Protection of Pupil Rights Amendment (PPRA)
The Protection of Pupil Rights Amendment (PPRA) (20 U.S.C. § 1232h; 34 CFR Part 98) applies to programs that receive funding from the U.S. Department of Education (ED). PPRA is intended to protect the rights of parents and students .
|
| Privacy“The Right to Privacy” | Date Captured | Saturday December 11, 2010 05:58 PM | | Warren and Brandeis - Harvard Law Review. Vol. IV - December 15, 1890 - No. 5 [Recent inventions and business methods call attention to the next step which must be taken for the protection of the person, and for securing to the individual what Judge Cooley calls the right "to be let alone" [10] Instantaneous photographs and newspaper enterprise have invaded the sacred precincts of private and domestic life; and numerous mechanical devices threaten to make good the prediction that "what is whispered in the closet shall be proclaimed from the house-tops." For years there has been a feeling that the law must afford some remedy for the unauthorized circulation of portraits of private persons;[11] and the evil of invasion of privacy by the newspapers, long keenly felt, has been but recently discussed by an able writer.[12] The alleged facts of a somewhat notorious case brought before an inferior tribunal in New York a few months ago,[13] directly involved the consideration of the right of circulating portraits; and the question whether our law will recognize and protect the right to privacy in this and in other respects must soon come before our courts for consideration.]
|
| Privacy HarmThe Problems Of Web Surveillance| Date Captured | Tuesday January 11, 2011 08:54 AM | | Clarification by Ryan Calo: 1) Consumers do not understand the circumstances under which the government may gain access to their data.
2) Electronic privacy laws are outdated and do not reflect contemporary technology or practices.
3) Regardless of the government’s motives, certain practices threaten to chill free speech and should be viewed with great skepticism. |
| The Boundaries of Privacy Harm| Date Captured | Saturday July 17, 2010 07:00 PM | | M. Ryan Calo -- Stanford Law School -- July 16, 2010 -- Abstract:
[This Essay describes the outer boundaries and core properties of privacy harm. Properly understood, privacy harm falls into just two categories. The subjective category of privacy harm is the unwanted perception of observation. This category describes unwelcome mental states—anxiety, embarrassment, fear—that stem from the belief that one is being watched or monitored. Examples include everything from a landlord listening in on his tenants to generalized government surveillance.
The objective category of privacy harm is the unanticipated or coerced use of information concerning a person against that person. These are negative, external actions justified by reference to personal information. Examples include identity theft, the leaking of classified information that reveals an undercover agent, and the use of a drunk-driving suspect’s blood as evidence against him.
The subjective and objective categories of privacy harm are distinct but related. Just as assault is the apprehension of battery, so is the unwanted perception of observation largely an apprehension of information-driven injury. The categories represent, respectively, the anticipation and consequence of a loss of control over personal information.
The approach offers several advantages. It uncouples privacy harm from privacy violations, demonstrating that no person need commit a privacy violation for privacy harm to occur (and vice versa). It creates a “limiting principle” capable of revealing when another value—autonomy or equality, for instance—is more directly at stake. It also creates a “rule of recognition” that permits the identification of a privacy harm when no other harm is apparent. Finally, the approach permits the sizing and redress of privacy harm in novel ways.]
|
| Race to the Top (RttT)Race to the Top Reform Flow Chart| Date Captured | Saturday September 29, 2012 10:04 AM | |
| State and District Receipt of Recovery Act Funds| Date Captured | Friday September 21, 2012 03:09 PM | | A Report From Charting the Progress of Education Reform: An Evaluation of the Recovery Act’s Role;
SEPTEMBER 2012: The American Recovery and Reinvestment Act (ARRA or the Recovery Act) of 2009 provided an unprecedented level of funding designed to “stimulate the economy in the short-term and invest wisely, using these funds to improve schools, raise achievement, drive reforms and produce better results for children and young people for the long-term health of our nation.”1 The distribution of Recovery Act funds was intended to reflect these multiple goals. Nearly $97.4 billion were allocated to the U.S. Department of Education (ED), of which $70.6 billion were awarded by ED for primary and secondary (K-12) education through existing and new federal programs.2 These funds were distributed to states and districts using formulas based primarily on population and student poverty and through competitive grants.
In return for grants, Recovery Act recipients were required to commit to four core reforms or assurances:
1. Adopting rigorous college-ready and career-ready standards and high-quality assessments,
2. Establishing data systems and using data to improve performance,
3. Increasing educator effectiveness and the equitable distribution of effective educators, and
4. Turning around the lowest-performing schools. |
| NEW YORK: RACE TO THE TOP ANNUAL PERFORMANCE REPORT | Date Captured | Friday January 20, 2012 02:57 PM | | New York faces the ongoing challenge of communicating and collaborating with its various stakeholders. Similarly, the complexity of reviewing and approving Scopes of Work, budgets, expenditures, and evaluation plans
for all of the State’s participating LEAs presented a formidable
task that required a high level of strategic planning and logistical coordination by NYSED leadership. The State is working to overcome these challenges by investing in communication tools and leveraging other quality-control methods (such as a new online expenditure reporting tool) in order to increase its responsiveness and efficiency in the future. |
| RACE TO THE TOP: Reform Efforts Are Under Way and Information Sharing Could Be Improved| Date Captured | Sunday January 15, 2012 08:51 AM | |
State officials GAO interviewed said their states took a variety of actions to be competitive for RTT grants. Of the 20 states GAO interviewed, officials in 6 said their states undertook reforms, such as amending laws related to teacher evaluations, to be competitive for RTT. However, officials from 14 states said their reforms resulted from prior or ongoing efforts and were not made to be more competitive for RTT.
Grantees plan to use RTT grant funds to implement reforms in four areas. (See figure.) The largest percentage of state-level RTT funds will be used to increase the effectiveness of teachers and leaders. GAO interviewed officials in 8 nongrantee states who said they expect to continue implementing parts of their RTT plans, though at a slower pace than if they had received a grant. |
| Race to the Top: Characteristics of Grantees’ Amended Programs and Education’s Review Process| Date Captured | Tuesday January 10, 2012 03:13 PM | | GAO Findings: • According to Education officials, most amendments consisted of minor adjustments to grant budgets, activities, and timelines, and some amendments involved significant changes to the grant award. Grantees have cited a variety of reasons for these amendments, such as timeline delays and difficulty finding qualified staff.
• Education established a review process in which Education officials consider amendment requests on a case-by-case basis. In addition, the department distinguishes significant amendment requests from minor requests based on how the amendment would change project timelines, budgets, performance measures, and the implementation of other related projects. Education reportedly applied greater scrutiny to requests that involved significant changes to grantees’ planned activities, often by requiring that grantees provide additional information or seek consultation from issue- area experts within the department. Rather than reject amendment requests, Education officials explained that they generally asked grantees to resubmit requests with more information. |
| Education New York comments re Student Privacy submitted to FERPA NPRM - May 23, 2011| Date Captured | Monday May 23, 2011 09:22 PM | | Document ID: ED-2011-OM-0002-0001: Family Educational Rights and Privacy. The proposed changes to FERPA do not adequately address the capacity of marketers
and other commercial enterprises to capture, use, and re-sell student information. Even
with privacy controls in place, it is also far too easy for individuals to get a hold of
student information and use it for illegal purposes, including identity theft, child
abduction in custody battles, and domestic violence. Few parents are aware, for
example, that anyone can request -- and receive -- a student directory from a school.
Data and information breaches occur every day in Pre-K-20 schools across the country,
so that protecting student privacy has become a matter of plugging holes in a dyke
rather than advancing a comprehensive policy that makes student privacy protection
the priority.
|
| New York State Race to the Top Application| Date Captured | Wednesday March 16, 2011 10:54 AM | | New York State submitted its Phase II Race to the Top application to the U.S. Department of Education on June 1.
On August 24, the U.S. Department of Education announced that New York State had been awarded $696,646,000 as a winner in the second round of the federal Race to the Top competition.
The application and related documents are posted below:
Selection Criteria and Competition Priorities (4.05 MB)
Appendices (28.88 MB)
Participating LEA Memorandum of Understanding and Preliminary Scope of Work (Exhibit I) (63 KB)
Frequently Asked Questions and Answers (57 KB)
The Regents Education Reform Plan and New York State's Race to the Top (RTTT) Application Summary | PDF (41 KB)
Legislation in Support of Race to the Top Application
|
| Records ManagementCONFIDENTIALITY AND RELEASE OF STUDENT RECORDS; RECORDS RETENTION| Date Captured | Sunday February 13, 2011 03:13 PM | | This regulation supersedes New York City Chancellor’s Regulation A-820 dated July 8, 2008. Changes: • The regulation was revised to conform to amendments to federal regulations under the Family
Educational Rights and Privacy Act (“FERPA”).
|
| New York State Student Information Repository System (SIRS) Manual| Date Captured | Wednesday December 22, 2010 08:44 PM | | New York State Student t Information Repository System (SIRS) Manual; Reporting Data for the 2010–11 School Year (SEE APPENDIX 19)
|
| K-12 Education: Many Challenges Arise in Educating Students Who Change Schools Frequently| Date Captured | Monday December 20, 2010 09:20 PM | | GAO-11-40 November 18, 2010 - The recent economic downturn, with foreclosures and homelessness, may be increasing student mobility. |
| ResearchStatistical Methods for Protecting Personally Identifiable Information in Aggregate Reporting | Date Captured | Thursday March 03, 2011 01:36 PM | | NCES 2011-603 Building on current best practices,
the Brief outlines reporting recommendations.
Primarily, the goal of these reporting
recommendations is to maximize the reporting
of student outcomes while protecting students’
personally identifiable information.
|
| Resource LinksKey Terms/Definitions in Privacy and Confidentiality| Date Captured | Thursday January 06, 2011 02:23 PM | | American Statistical Association's Privacy and Confidentiality Committee |
| School DayThe Handbook for Campus Safety and Security Reporting| Date Captured | Friday March 11, 2011 07:35 PM | | FERPA does not preclude an institution’s compliance
with the timely warning provision of the campus security
regulations. FERPA recognizes that information can, in case of
an emergency, be released without consent when needed to
protect the health and safety of others. In addition, if
institutions utilize information from the records of a campus
law enforcement unit to issue a timely warning, FERPA is not
implicated as those records are not protected by FERPA. U.S. Department of
Education, Office of Postsecondary Education, The Handbook for Campus Safety and Security Reporting,
Washington, D.C., 2011.
|
| School SafetyEDUCATION INTERRUPTED: The Growing Use of Suspensions in New York City’s Public Schools| Date Captured | Thursday October 13, 2011 04:16 PM | | This report analyzes 449,513 suspensions served by New York City students from 1999 to 2009 to draw
a picture of zero tolerance practices in the nation’s largest school district. The number of suspensions
served each school year has nearly doubled in a decade—even though the student population has
decreased over the same period—sending a clear message that public education is a reward for “good”
behavior, rather than a fundamental right. This section explains the methodology we used to analyze the
suspension data, and provides valuable background on zero tolerance discipline.
Section II provides an overview of New York City disciplinary policies and practices. It examines the ever-
increasing emphasis on out-of-class and out-of-school suspensions in New York City’s Discipline Code,
which governs student behavior. This section also analyzes the impact that NYPD school safety officers
have had on the increasing reliance on suspensions and arrests as primary disciplinary tools.
Section III analyzes 10 years of school discipline data in New York City, explaining the data behind our
conclusions. Finally, the report concludes with our recommendations for the DOE, as well as city and
state lawmakers.
|
| Breaking Schools’ Rules: A Statewide Study of How School Discipline Relates to Students’ Success and Juvenile Justice Involvement| Date Captured | Tuesday August 02, 2011 10:09 AM | | This report was prepared by the Council of State Governments Justice Center in
partnership with the Public Policy Research Institute at Texas A&M University.
Key findings in the report include the following:
1. Nearly six in ten public school students studied were suspended or expelled at least once between their seventh- and twelfth-grade school years.
2. African-American students and those with particular educational disabilities were disproportionately likely to be removed from the classroom for disciplinary reasons.
3. Students who were suspended and/or expelled, particularly those who were repeatedly disciplined, were more likely to be held back a grade or to drop out than were students not involved in the disciplinary system.
4. When a student was suspended or expelled, his or her likelihood of being involved in the juvenile justice system the subsequent year increased significantly.
5. Suspension and expulsion rates among schools—even those schools with similar student compositions and campus characteristics—varied significantly. |
| Balancing Student Privacy and School Safety: A Guide to the Family Educational Rights and Privacy Act for Elementary and Secondary Schools| Date Captured | Monday July 25, 2011 01:51 PM | | Many school districts employ security staff to monitor safety and security in and around schools. Some schools employ off-duty police officers as school security officers, while others designate a particular school official to be responsible for referring potential or alleged violations of law to local police authorities. Under FERPA, investigative reports and other records created and maintained by these "law enforcement units" are not considered "education records" subject to FERPA. Accordingly, schools may disclose information from law enforcement unit records to anyone, including outside law enforcement authorities, without parental consent. See 34 CFR § 99.8.
While a school has flexibility in deciding how to carry out safety functions, it must also indicate to parents in its school policy or information provided to parents which office or school official serves as the school's "law enforcement unit." (The school's notification to parents of their rights under FERPA can include this designation. As an example, the U.S. Department of Education has posted a model notification on the Web at: http://www.ed.gov /policy/gen/guid/fpco/ferpa/lea-officials.html.)
Law enforcement unit officials who are employed by the school should be designated in its FERPA notification as "school officials" with a "legitimate educational interest." As such, they may be given access to personally identifiable information from students' education records. The school's law enforcement unit officials must protect the privacy of education records it receives and may disclose them only in compliance with FERPA. For that reason, it is advisable that law enforcement unit records be maintained separately from education records. |
| Addressing Emergencies on Campus June 2011 | Date Captured | Tuesday June 28, 2011 06:32 PM | | United States Department of Education (USED) : Summary of two
applicable Federal education laws administered by the Department of Education (Department):
the Family Educational Rights and Privacy Act (FERPA) and the Higher Education Act of 1965
(HEA), as amended. This Federal component is only one piece of what is necessary to consider
in ensuring the safety of our Nation’s students, faculty, and school staff. A comprehensive and
effective campus policy must incorporate all Federal and State policies regarding health and
safety emergencies, education, student privacy, civil rights, and law enforcement, as well as
specific local community needs.
|
| Campus Attacks:Targeted Violence Affecting Institutions of Higher Education | Date Captured | Tuesday January 18, 2011 01:53 PM | | The report included a recommendation that the U.S. Secret Service, U.S. Department of Education, and the Federal Bureau of Investigation explore the issue of violence at institutions of higher education. Accordingly, the three agencies initiated a collaborative effort, the goal of which was to understand the scope of the problem of targeted violence at these institutions in the United States.
In total, 272 incidents were identified through a comprehensive search of open-source reporting from 1900 [their typo] to 2008. The incidents studied include various forms of targeted violence, ranging from domestic violence to mass murder. The findings should be useful for campus safety professionals charged with identifying, assessing, and managing violence risk at institutions of higher education. |
| Identifying Violence-prone Students| Date Captured | Thursday January 13, 2011 02:02 PM | | The fine line higher education officials walk in dealing with troubled students is discussed. |
| K-12 EDUCATION - Selected Cases of Public and Private Schools That Hired or Retained Individuals with Histories of Sexual Misconduct| Date Captured | Friday December 17, 2010 01:00 PM | | GAO-11-200 ; GAO examined show that individuals with histories of sexual misconduct were hired or retained by public and private schools as teachers, support staff, volunteers, and contractors. |
| School-Prison-PipelineEDUCATION INTERRUPTED: The Growing Use of Suspensions in New York City’s Public Schools| Date Captured | Thursday October 13, 2011 04:16 PM | | This report analyzes 449,513 suspensions served by New York City students from 1999 to 2009 to draw
a picture of zero tolerance practices in the nation’s largest school district. The number of suspensions
served each school year has nearly doubled in a decade—even though the student population has
decreased over the same period—sending a clear message that public education is a reward for “good”
behavior, rather than a fundamental right. This section explains the methodology we used to analyze the
suspension data, and provides valuable background on zero tolerance discipline.
Section II provides an overview of New York City disciplinary policies and practices. It examines the ever-
increasing emphasis on out-of-class and out-of-school suspensions in New York City’s Discipline Code,
which governs student behavior. This section also analyzes the impact that NYPD school safety officers
have had on the increasing reliance on suspensions and arrests as primary disciplinary tools.
Section III analyzes 10 years of school discipline data in New York City, explaining the data behind our
conclusions. Finally, the report concludes with our recommendations for the DOE, as well as city and
state lawmakers.
|
| Breaking Schools’ Rules: A Statewide Study of How School Discipline Relates to Students’ Success and Juvenile Justice Involvement| Date Captured | Tuesday August 02, 2011 10:09 AM | | This report was prepared by the Council of State Governments Justice Center in
partnership with the Public Policy Research Institute at Texas A&M University.
Key findings in the report include the following:
1. Nearly six in ten public school students studied were suspended or expelled at least once between their seventh- and twelfth-grade school years.
2. African-American students and those with particular educational disabilities were disproportionately likely to be removed from the classroom for disciplinary reasons.
3. Students who were suspended and/or expelled, particularly those who were repeatedly disciplined, were more likely to be held back a grade or to drop out than were students not involved in the disciplinary system.
4. When a student was suspended or expelled, his or her likelihood of being involved in the juvenile justice system the subsequent year increased significantly.
5. Suspension and expulsion rates among schools—even those schools with similar student compositions and campus characteristics—varied significantly. |
| Smart GridGroups Urge California PUC to Adopt Rules to Protect Consumer Privacy| Date Captured | Sunday March 14, 2010 08:54 PM | | infozine reports [San Francisco, CA - infoZine - Privacy advocates are warning that "smart meters" intended to precisely measure and control home electrical consumption could erode the privacy of daily life unless regulators limit data collection and disclosure. In a joint filing yesterday, the Center for Democracy & Technology (CDT) and the Electronic Frontier Foundation (EFF) urged the California Public Utilities Commission (PUC) to adopt rules to protect the privacy and security of consumers' energy-usage information. The Samuelson Law, Technology & Public Policy Clinic at UC Berkeley School of Law drafted the comments for CDT.
Smart meters being installed now in California will collect 750 to 3,000 data points a month per household. This detailed energy usage data can indicate whether someone is at home or out, entertaining guests, or using particular appliances. Marketers and others may seek such data. To head off misuse of the information, CDT and EFF urged the California PUC to adopt comprehensive privacy standards for the collection, retention, use and disclosure of consumers' household energy data. ] |
| Social NetworkingACLU: Social Networking, your privacy rights explained| Date Captured | Thursday March 08, 2012 09:05 AM | | The vast majority of young people living in the United States go online daily and use social networking sites like Twitter, Facebook and YouTube. With all this information-sharing, many questions about ownership of personal information and possible discipline for postings arise. This guide will answer some of those questions so that you can better understand the rights you have when using social networking both in and out of school. |
| Social Media: Federal Agencies Need Policies and Procedures for Managing and Protecting Information They Access and Disseminate| Date Captured | Thursday July 28, 2011 06:51 PM | | Federal agencies increasingly use recently developed Internet technologies that allow individuals or groups to create, organize, comment on, and share online content. The use of these social media services-- including popular Web sites like Facebook, Twitter, and YouTube-- has been endorsed by President Obama and provides opportunities for agencies to more readily share information with and solicit feedback from the public. However, these services may also pose risks to the adequate protection of both personal and government information. GAO was asked to (1) describe how federal agencies are currently using commercially provided social media services and (2) determine the extent to which agencies have developed and implemented policies and procedures for managing and protecting information associated with this use. To do this, GAO examined the headquarters-level Facebook pages, Twitter accounts, and YouTube channels of 24 major federal agencies; reviewed pertinent policies, procedures, and guidance; and interviewed officials involved in agency use of social media. Agency: Department of Education;
Records management: Document processes and policies and record-keeping
roles and responsibilities for how social media records are identified
and managed: Did not develop policies and procedures for use of social
media services;
Privacy protection: Update privacy policy to discuss use of PII made
available through social media: Did not develop policies and
procedures for use of social media services;
Privacy protection: Conduct privacy impact assessment for social media
use: Developed policies and procedures that guided use of some but not
all services;
Security risk management: Identify security risks associated with
agency use of social media and security controls to mitigate risks:
Did not develop policies and procedures for use of social media
services. ***** Appendix IX: Comments from the Department of Education: |
| FERPA and Social Media| Date Captured | Thursday March 10, 2011 02:50 PM | | When students are assigned to post information to public social media platforms outside of the university LMS, they should be informed that their material may be viewed by others.
Students should not be required to release personal information on a public site.
Instructor comments or grades on student material should not be made public. (Interestingly, grades given by other students on “peer-graded” work can be made public under FERPA). (ACE, 2008)
While not clearly required by law, students under the age of 18 should get their parent’s consent to post public work.
FERPA does not forbid instructors from using social media in the classroom, but common sense guidelines should be used to ensure the protection of students. |
| FACEBOOK - Complaint, Request for Investigation, Injunction, and Other Relief | Date Captured | Monday May 10, 2010 09:54 AM | | [This complaint concerns material changes to privacy settings made by Facebook, the
largest social network service in the United States, that adversely impact the users of
the service. Facebook now discloses personal information to the public that Facebook
users previously restricted. Facebook now discloses personal information to third
parties that Facebook users previously did not make available. These changes violate
user expectations, diminish user privacy, and contradict Facebook’s own
representations. These business practices are Unfair and Deceptive Trade Practices,
subject to review by the Federal Trade Commission (the “Commission”) under
section 5 of the Federal Trade Commission Act.]
|
| How Different are Young Adults from Older Adults When it Comes to Information Privacy Attitudes and Policies?| Date Captured | Thursday April 15, 2010 06:12 PM | | Chris Jay Hoofnagle - University of California, Berkeley - School of Law, Berkeley Center for Law & Technology; Jennifer King -UC Berkeley School of Information; Berkeley Center for Law & Technology; Su Li- University of California, Berkeley- School of Law, Center for the Study of Law and Society; Joseph Turow -
University of Pennsylvania - Annenberg School for Communication: [Abstract:
Media reports teem with stories of young people posting salacious photos online, writing about alcohol-fueled misdeeds on social networking sites, and publicizing other ill-considered escapades that may haunt them in the future. These anecdotes are interpreted as representing a generation-wide shift in attitude toward information privacy. Many commentators therefore claim that young people “are less concerned with maintaining privacy than older people are.” Surprisingly, though, few empirical investigations have explored the privacy attitudes of young adults. This report is among the first quantitative studies evaluating young adults’ attitudes. It demonstrates that the picture is more nuanced than portrayed in the popular media. ]
[Among the findings:
_ Eighty-eight percent of people of all ages said they have refused to give out information to a business because they thought it was too personal or unnecessary. Among young adults, 82 percent have refused, compared with 85 percent of those over 65.
_ Most people — 86 percent — believe that anyone who posts a photo or video of them on the Internet should get their permission first, even if that photo was taken in public. Among young adults 18 to 24, 84 percent agreed — not far from the 90 percent among those 45 to 54.
_ Forty percent of adults ages 18 to 24 believe executives should face jail time if their company uses someone's personal information illegally — the same as the response among those 35 to 44 years old.] |
| Facebook fights back, disallows the Suicide Machine| Date Captured | Thursday January 07, 2010 08:17 PM | | Los Angeles Times reports - [The Suicide Machine is a clever Web site out of the Netherlands that was designed to free users from their social network lives on Facebook, Twitter, MySpace and LinkedIn. You just pick one of the networks, start up the machine, and it graphically shows you unfriending your contacts, one by one, and eliminating all your other contacts with your profile. Forever.]
|
| State databasesGates Foundation COOPER on data sharing| Date Captured | Thursday April 26, 2012 03:09 PM | | The SLC, co-funded by the Foundation and the Carnegie Corporation of New York, "is working to change the way educational data is gathered," Cooper explained. "All of these different technologies have created islands within the schools"--islands which prevent the holistic examination of a student's data during their educational path. Even if one school has its act together and can effectively track a student in that school, what happens if that student transfers to another school? Or wants to take additional classes as an institution like the Khan Academy or Maker Faire, Cooper asked. Right now, such extracurricular learning opportunities are rarely tracked. |
| NEW YORK: RACE TO THE TOP ANNUAL PERFORMANCE REPORT | Date Captured | Friday January 20, 2012 02:57 PM | | New York faces the ongoing challenge of communicating and collaborating with its various stakeholders. Similarly, the complexity of reviewing and approving Scopes of Work, budgets, expenditures, and evaluation plans
for all of the State’s participating LEAs presented a formidable
task that required a high level of strategic planning and logistical coordination by NYSED leadership. The State is working to overcome these challenges by investing in communication tools and leveraging other quality-control methods (such as a new online expenditure reporting tool) in order to increase its responsiveness and efficiency in the future. |
| Student MobilityK-12 Education: Many Challenges Arise in Educating Students Who Change Schools Frequently| Date Captured | Monday December 20, 2010 09:20 PM | | GAO-11-40 November 18, 2010 - The recent economic downturn, with foreclosures and homelessness, may be increasing student mobility. |
| Teacher Evaluation“Study of Promising Features of Teacher Preparation Programs”| Date Captured | Tuesday August 14, 2012 03:59 PM | | COMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER
to
THE INSTITUTE OF EDUCATION SCIENCES
of the
DEPARTMENT OF EDUCATION
Notice of New System of Records: For the foregoing reasons, the Education Department must revise its Privacy Act
notice for the Study of Promising Features of Teacher Preparation Programs to: (1) limit
the collection of student information to only that which is necessary and relevant; and (2)
clarify the circumstances under which it will disclose information pursuant to the routine
use exception. |
| Teacher Preparation“Study of Promising Features of Teacher Preparation Programs”| Date Captured | Tuesday August 14, 2012 03:59 PM | | COMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER
to
THE INSTITUTE OF EDUCATION SCIENCES
of the
DEPARTMENT OF EDUCATION
Notice of New System of Records: For the foregoing reasons, the Education Department must revise its Privacy Act
notice for the Study of Promising Features of Teacher Preparation Programs to: (1) limit
the collection of student information to only that which is necessary and relevant; and (2)
clarify the circumstances under which it will disclose information pursuant to the routine
use exception. |
| P-20 Data System with Instructional Reporting | Date Captured | Thursday March 10, 2011 09:18 PM | | 2010 SLDS P-20 Best Practice Conference - Summary:
The Statewide Longitudinal Data Systems Grant Program (SLDS) hosted the 2010 SLDS P-20 Best Practice Conference on November 16–17, 2010, in Washington, DC. The meeting served as a forum for dialogue, collaboration, and the sharing of best practices, providing the opportunity for more than 150 representatives from forty-nine states and the District of Columbia. FY 2006, FY 2007, FY 2009, and FY 2009 ARRA grantee states shared solutions and ideas with one another and took home information on topics identified as critical to their projects in the upcoming year.
|
| Transparency | US Department of EducationData De-identification: An Overview of Basic Terms| Date Captured | Wednesday January 16, 2013 01:35 PM | | PTAC-GL, Oct 2012: In addition to defining and clarifying the distinction among several key terms, the paper provides
general best practice suggestions regarding data de-identification strategies for different types of
data. The information is presented in the form of an alphabetized list of definitions, followed at the
end by additional resources on FERPA requirements and statistical techniques that can be used to
protect student data against disclosures |
| | DEPARTMENT OF EDUCATION 34 CFR Part 99 in the Federal Register (76 FR 19726)| Date Captured | Monday December 05, 2011 11:20 AM | | SUMMARY: The Secretary of Education
(Secretary) amends the regulations
implementing section 444 of the General
Education Provisions Act (GEPA),
which is commonly referred to as the
Family Educational Rights and Privacy
Act (FERPA). These amendments are
needed to ensure that the U.S.
Department of Education (Department
or we) continues to implement FERPA
in a way that protects the privacy of
education records while allowing for the
effective use of data. Improved access to
data will facilitate States’ ability to
evaluate education programs, to ensure
limited resources are invested
effectively, to build upon what works
and discard what does not, to increase
accountability and transparency, and to
contribute to a culture of innovation and
continuous improvement in education.
|
| Recommendations on Data Security and Privacy Protections| Date Captured | Saturday February 19, 2011 11:00 PM | | Excerpted from the Data Protections Report submitted to the U.S. Department of Education’s Performance Information Management Service by Highlight Technologies on June 16, 2010. (Where is original report and comments?)
|
| Directory Information Part 2 (This file is an audio 'wav' file) | Date Captured | Sunday December 26, 2010 05:23 PM | | Part 2 of EDNY comments on Data Quality Campaign webcast with US ED response. |
| US Education DepartmentSHEEO NPRM FERPA MAY 2011| Date Captured | Monday August 05, 2013 10:35 PM | | We have formally endorsed the suggestions from the
Data Quality Campaign (DQC) and acknowledge the value of the specific comments and suggestions they have
provided. |
| | | EPIC V US ED Defendant Statement of ISSUES| Date Captured | Tuesday February 05, 2013 11:26 AM | |
| EPIC v US ED | Date Captured | Monday January 21, 2013 01:46 PM | | PLAINTIFFS’ CROSS-MOTION FOR SUMMARY JUDGMENT AND MEMORANDUM
OPPOSING DEFENDANT’S MOTION TO DISMISS AND MOTION FOR SUMMARY
JUDGMENT |
| EPIC v US ED (US ED answer) | Date Captured | Friday May 04, 2012 02:53 PM | |
| APPENDIX A: FERPA Guidance for Reasonable Methods and Written Agreements| Date Captured | Thursday January 05, 2012 05:57 PM | | FERPA represents the floor for protecting [student] privacy, not the ceiling. PAGE A-5 Federal Register/Vol. 76, No. 232/Friday, December 2, 2011/Rules and Regulations. |
| Addressing Emergencies on Campus June 2011 | Date Captured | Tuesday June 28, 2011 06:32 PM | | United States Department of Education (USED) : Summary of two
applicable Federal education laws administered by the Department of Education (Department):
the Family Educational Rights and Privacy Act (FERPA) and the Higher Education Act of 1965
(HEA), as amended. This Federal component is only one piece of what is necessary to consider
in ensuring the safety of our Nation’s students, faculty, and school staff. A comprehensive and
effective campus policy must incorporate all Federal and State policies regarding health and
safety emergencies, education, student privacy, civil rights, and law enforcement, as well as
specific local community needs.
|
| Education New York comments re Student Privacy submitted to FERPA NPRM - May 23, 2011| Date Captured | Monday May 23, 2011 09:22 PM | | Document ID: ED-2011-OM-0002-0001: Family Educational Rights and Privacy. The proposed changes to FERPA do not adequately address the capacity of marketers
and other commercial enterprises to capture, use, and re-sell student information. Even
with privacy controls in place, it is also far too easy for individuals to get a hold of
student information and use it for illegal purposes, including identity theft, child
abduction in custody battles, and domestic violence. Few parents are aware, for
example, that anyone can request -- and receive -- a student directory from a school.
Data and information breaches occur every day in Pre-K-20 schools across the country,
so that protecting student privacy has become a matter of plugging holes in a dyke
rather than advancing a comprehensive policy that makes student privacy protection
the priority.
|
| GAMMILL v USED - USA Merit System Board documents| Date Captured | Monday March 14, 2011 01:14 PM | | Proposed regulatory (not statutory) change vastly expands term authorized representative well beyond these four 3 entities: Comptroller General of US, Secretary, Attorney General, and state or local education authorities. (See pages 10 and 11) |
| PAUL GAMMILL v U.S. DEPARTMENT OF EDUCATION| Date Captured | Monday March 14, 2011 12:44 PM | | Whistleblower Retaliation lawsuit filed by Gammill against USED for retaliation of sharing an illegal attempt to circumvent FERPA. Case Number: 1:2011cv00409;
Filed: February 18, 2011;
Court: District Of Columbia District Court;
Office: Washington, DC Office;
County: 88888;
Presiding Judge: John D. Bates
|
| The Handbook for Campus Safety and Security Reporting| Date Captured | Friday March 11, 2011 07:35 PM | | FERPA does not preclude an institution’s compliance
with the timely warning provision of the campus security
regulations. FERPA recognizes that information can, in case of
an emergency, be released without consent when needed to
protect the health and safety of others. In addition, if
institutions utilize information from the records of a campus
law enforcement unit to issue a timely warning, FERPA is not
implicated as those records are not protected by FERPA. U.S. Department of
Education, Office of Postsecondary Education, The Handbook for Campus Safety and Security Reporting,
Washington, D.C., 2011.
|
| Campus Attacks:Targeted Violence Affecting Institutions of Higher Education | Date Captured | Tuesday January 18, 2011 01:53 PM | | The report included a recommendation that the U.S. Secret Service, U.S. Department of Education, and the Federal Bureau of Investigation explore the issue of violence at institutions of higher education. Accordingly, the three agencies initiated a collaborative effort, the goal of which was to understand the scope of the problem of targeted violence at these institutions in the United States.
In total, 272 incidents were identified through a comprehensive search of open-source reporting from 1900 [their typo] to 2008. The incidents studied include various forms of targeted violence, ranging from domestic violence to mass murder. The findings should be useful for campus safety professionals charged with identifying, assessing, and managing violence risk at institutions of higher education. |
| NCES 2011-602 Data Stewardship: Managing Personally Identifiable Information in Electronic Student Education Records | Date Captured | Tuesday January 04, 2011 09:55 PM | | SLDS Technical Brief - Guidance for Statewide Longitudinal Data Systems (SLDS) [A privacy and data protection program for student education records must include an array of
rules and procedures for protecting PII held in the record system. It also must include a full set
of public disclosures of the existence and uses of the information included in the data system,
a description of all parents’ or eligible students’ rights to review and appeal the contents of an
individual education record and of their rights and the procedures to appeal a violation. ]*****[A school directory may include PII such as a student’s name, grade level, and contact information. Taken by itself, the release of this information is not harmful to a student. However, when combined with the student’s Social Security Number or another identifier and the student’s education record, this information has the potential for violating a student’s right to privacy. The release of this combined record could lead to harm or embarrassment. Thus, the privacy and data protection program should focus on PII that will be maintained in the electronic student record system with its likely wealth of student data.2} |
| WebcastsData Quality Campaign (DQC) archived webcasts/events| Date Captured | Monday March 07, 2011 06:20 PM | | Amazing SLDS/longitudinal database resource. |
| Data Quality Campaign Release of Data for Action 2010: DQC's State Analysis| Date Captured | Monday March 07, 2011 06:15 PM | | On February 16, 2011 DQC discussed the results of its sixth annual state analysis Data for Action 2010, a powerful policymaking tool to drive education leaders to use data in decision making. Data for Action is a series of analyses on states’ ability to collect and use data to improve student success. It provides transparency about state progress and priority actions they need to take to collect and use longitudinal data to improve student success.
|
| Data Quality Campaign Quarterly Issue Meeting: Linking Data Across Agencies: States That Are Making It Work | Date Captured | Monday November 09, 2009 07:27 PM | | The Data Quality Campaign (DQC) will host Linking Data Across Agencies: States That Are Making It Work on Thursday, November 12, 2009 from 2:30 to 4:30 P.M. (ET) in Washington, DC at the Hall of the States, 444 North Capitol Street, Room 233-235. This meeting will highlight leading states that are successfully linking data across systems and agencies to answer critical policy questions aimed at improving student achievement. A corresponding issue brief co-authored by the DQC and the Forum for Youth Investment will be released at the meeting that captures the current status of states’ ability to link data across agencies and provide several state case studies that capture promising strategies to sharing individual-level data across systems and agencies to improve student achievement.
Registration to attend in person is required by Tuesday November 10, 2009 and strongly encouraged if participating in the interactive webcast. Seating is limited, so please sign up early! A video of this session and corresponding issue brief will be available at the campaign’s Web site after November 16, 2009. |
| WelfareAmerican Bar Association FERPA comments| Date Captured | Thursday January 26, 2012 05:22 PM | | FERPA NPRM May 23, 2011 |
| December 2011 FERPA Regulations: Information Sharing Around Child Welfare and Education| Date Captured | Thursday January 26, 2012 08:02 AM | | The new rules offer expanded opportunities for state or local child welfare and education agencies to share information. However, given that these new regulations do not sufficiently eliminate the barriers to intersystem communication for children in care, we look forward to legislative changes to ensure that child welfare agencies can fulfill their duty to ensure that the educational needs of the children in their care are met. |
| Who Is Watching Your Children?It's 3PM: Who's Watching Your Children?| Date Captured | Wednesday December 12, 2012 05:48 PM | | Parents concerned about their children's privacy should be aware of how easily personally identifiable information can be bought and sold by marketers as well as by identity thieves.
FERPA was enacted in 1974 to protect the privacy of education records and directory information -- including name, address, phone number, date of birth, and e-mail address, among other personally identifiable information. Parents should be aware that under FERPA, directory information can be disclosed without parental consent. If you do not opt-out of directory information personal and identifiable information about your children may be public. |
|
|
