education new york online education new york online education new york online
NYS & NATIONAL Education Data Management & Information Policy
Today's Info Policy News
Weekly Archive
Information Policy
FERPA
Protecting your children's privacy: The Facts
Student Lobbyists
STOP Common Core
Parents 4 Privacy
WHO'S WATCHING YOUR CHILDREN?
about
contact us
site map

Tweet This!:

Follow Us: Follow EducationNY on Twitter

Search

WHO'S WATCHING YOUR CHILDREN?

Scroll down OR use the topic links at the right for more information about protecting your children's privacy.

Sheila Kaplan
3 Pierrepont Pl.
Brooklyn, NY 11201
347-486-0361
www.educationnewyork.com
sheila@educationnewyork.com
twitter.com/educationny

Did you know?

You have the right under federal education law to restrict access to your children's personal information

Under the federal Family Educational Rights Privacy Act (FERPA) parents and guardians have a right to inspect their child's school records and opt-out of directory information, thus restricting third-party access to their personal information such as address and date of birth. Schools are obligated under FERPA to notify parents of this right at the beginning of the school year. Has your children's school notified you?

Why is this right to opt-out important? Because as cases of identity theft, database hacking, and the sale of personal information increase daily, the need to protect your children's privacy becomes even more urgent. Schools are a rich source of personal information about children that can be legally and illegally accessed by third parties.

Parents concerned about their children's privacy should be aware of how easily personally identifiable information can be bought and sold by marketers as well as by identity thieves. The Federal Trade Commission recently issued a Consumer Alert to parents warning of the risk of children's identity theft and urging parents to safeguard their children's school records and directory information. http://educationnewyork.com/files/alt056.pdf

FERPA was enacted in 1974 to protect the privacy of education records and directory information -- which can include name, address, phone number, date of birth, and e-mail address, among other personally identifiable information. However, under FERPA, directory information can be disclosed without parental consent. If you do not opt-out of directory information personal and identifiable information about your children may be public.

Click on topics on the right to learn more about FERPA and the gaps in the law that have resulted in information privacy breaches around the country and a robust market in children's personal information.

Ask your school today what they're doing to protect your child's information privacy.

 

Scroll down OR use the topic links at the right for more information about protecting your children's privacy.

compiled by education new york online
Updated Monday April 14, 2014 09:03 AM

Applications

“Mobile Apps for Kids: Disclosures Still Not Making the Grade"
Date CapturedThursday December 13, 2012 12:18 PM
FTC: The report strongly urges all entities in the mobile app industry – including app stores, app developers, and third parties providing services within the apps – to accelerate efforts to ensure that parents have the key information they need to make decisions about the apps they download for their children. The report also urges industry to implement recommendations in the recent FTC Privacy Report including: Incorporating privacy protections into the design of mobile products and services; Offering parents easy-to-understand choices about the data collection and sharing through kids’ apps; and Providing greater transparency about how data is collected, used, and shared through kids’ apps.

Breaches

Office of Inadequate Security
Date CapturedMonday September 05, 2011 10:40 AM
Education breaches
Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)
Date CapturedMonday May 03, 2010 11:04 AM
Recommendations of the National Institute of Standards and Technology - [The escalation of security breaches involving personally identifiable information (PII) has contributed to the loss of millions of records over the past few years. Breaches involving PII are hazardous to both individuals and organizations. Individual harms may include identity theft, embarrassment, or blackmail. Organizational harms may include a loss of public trust, legal liability, or remediation costs. To appropriately protect the confidentiality of PII, organizations should use a risk-based approach; as McGeorge Bundy once stated, "If we guard our toothbrushes and diamonds with equal zeal, we will lose fewer toothbrushes and more diamonds." This document provides guidelines for a risk-based approach to protecting the confidentiality of PII. The recommendations in this document are intended primarily for U.S. Federal government agencies and those who conduct business on behalf of the agencies, but other organizations may find portions of the publication useful. Each organization may be subject to a different combination of laws, regulations, and other mandates related to protecting PII, so an organization‘s legal counsel and privacy officer should be consulted to determine the current obligations for PII protection. For example, the Office of Management and Budget (OMB) has issued several memoranda with requirements for how Federal agencies must handle and protect PII. To effectively protect PII, organizations should implement the following recommendations.]

Child identity theft

FTC "STOLEN FUTURES" WEBCAST Session Two - FAMILIAL IDENTITY THEFT - July 12, 2011
Date CapturedSunday September 11, 2011 12:04 AM
WEBCAST ON CHILD IDENTITY THEFT. DISCUSSES MOST AT RISK STUDENTS. Session 2 Linda Foley is the founder of the Identity Theft Resource Center, a nationwide nonprofit, victim-services advocacy, and consumer-education program based in San Diego, California. Russell Butler is Executive Director of the Maryland Crime Victims Resource Center, which provides criminal justice information and education, support services, therapeutic individual, family, and group counseling, and legal information, referrals, and representation to victims of crime. Theresa Ronnebaum is the Identity Theft Program Specialist for the Florida Attorney General's office with over 15 years experience in victim advocacy.
PREPARED STATEMENT OF THE FEDERAL TRADE COMMISSION on CHILD IDENTITY THEFT
Date CapturedFriday September 02, 2011 09:38 PM
PREPARED STATEMENT OF THE FEDERAL TRADE COMMISSION Before the SUBCOMMITTEE ON SOCIAL SECURITY of the HOUSE COMMITTEE ON WAYS AND MEANS on Child Identity Theft Field Hearing Plano, Texas September 1, 2011; EXCERPT: A. The Child Identity Theft Forum Discussions [They noted that identity thieves often steal children’s information from schools, businesses, and government agencies.]
Kindergarten Through 12 Grade Schools’ Collection and Use of Social Security Numbers (A-08-10-11057)
Date CapturedThursday December 23, 2010 09:53 AM
OFFICE OF THE INSPECTOR GENERAL SOCIAL SECURITY ADMINISTRATION - Despite the potential risks associated with using SSNs as primary student identifiers, many K-12 schools continue this practice. While we recognize that SSA cannot prohibit States or K-12 schools from collecting and using SSNs as student identifiers or for other purposes, we believe SSA can help reduce the threat of identity theft and SSN misuse by encouraging States and K-12 schools to reduce unnecessary collection of SSNs and improve protections and safeguards when collected.

Civil Rights

Revealing New Truths About Our Nation's Schools
Date CapturedTuesday March 06, 2012 05:54 PM
CRDC makes public long-hidden data about which students are suspended, expelled, and arrested in school.

Cloud Computing

FERPA and the Cloud: What FERPA Can Learn from HIPAA
Date CapturedTuesday December 18, 2012 07:01 AM
SOLOVE: Parents need to look at what their schools are doing about student privacy and speak up, because the law isn’t protecting their children’s privacy. School officials who want to develop a more meaningful and robust protection of privacy should talk to government officials who are tasked with complying with HIPAA. They can learn a lot from studying HIPAA and following some of its requirements. Congress should remake FERPA more in the model of HIPAA. If Congress won’t act, state legislatures should pass better education privacy laws. Because FERPA does not provide adequate oversight and enforcement of cloud computing providers, schools must be especially aggressive and assume the responsibility. Otherwise, their students’ data will not be adequately protected. School officials shouldn’t assume that the law is providing regulation of cloud computing providers and that they need not worry. The law isn’t, so right now the schools need to be especially vigilant.
FERPA and the Cloud: Why FERPA Desperately Needs Reform
Date CapturedTuesday December 11, 2012 06:51 AM
SOLOVE: Parents should lobby Congress and their state legislatures to pass laws providing better protections of their children’s data. This is an issue that should be of great concern to parents since educational institutions possess a staggering amount of personal data about students, and this data can currently be outsourced to nearly any company anywhere – even to a cloud computing provider in the most totalitarian country in the world!

Common Core

STOP COMMON CORE STATE STANDARDS Groups Across USA
Date CapturedSunday June 16, 2013 04:22 PM
FERPA, COMMON CORE STATE STANDARDS & DATA-SHARING
Date CapturedWednesday March 06, 2013 09:54 AM

COPPA

Protecting Student Privacy While Using Online Educational Services
Date CapturedTuesday February 25, 2014 02:51 PM
Privacidad de los niños
Date CapturedSaturday November 24, 2012 01:06 PM
Kids' Privacy
Date CapturedSunday November 01, 2009 09:40 PM
[Thanks to COPPA, sites have to get a parent’s permission if they want to collect or share your kids’ personal information, with only a few exceptions. That goes for information sites ask for up-front, and information your kids choose to post about themselves. Personal information includes your child’s full name, address, email address, or cell phone number. Under COPPA, sites also have to post privacy policies that give details about what kind of information they collect from kids — and what they might do with it (say, to send a weekly newsletter, direct advertising to them, or give the information to other companies). If a site plans to share the child’s information with another company, the privacy policy must say what that company will do with it. Links to the policies should be in places where they’re easy to spot. What Can You Do? Your kids’ personal information and privacy are valuable —to you, to them, and to marketers.] *****NOTE DISPARITY WITH PROTECTION PROVIDED UNDER FERPA.

Data Broker

Testimony of Pam Dixon Executive Director, World Privacy Forum Before the Senate Committee on Commerce, Science, and Transportation What Information Do Data Brokers Have on Consumers, and How Do They Use It?
Date CapturedSaturday December 21, 2013 09:13 AM
The data broker industry has not shown restraint. Nothing is out of bounds. No list is too obnoxious to sell. Data brokers sell lists that allow for the use of racial, ethnic and other factors that would be illegal or unacceptable in other circumstances. These lists and scores are used everyday to make decisions about how consumers can participate in the economic marketplace. Their information determines who gets in and who gets shut out. All of this must change. I urge you to take action.

Data Mining

Status of the Department of Education’s Inventory of Its Data Collections
Date CapturedSaturday August 03, 2013 08:32 AM
1. What information will the inventory of Education’s data collections contain and when will the inventory be completed? 2. What process is Education using to catalog its data collections, and to what extent does that process include internal controls to ensure the accuracy of the information collected? 3. What are Education’s plans to make its data collection inventory publicly available?

Directory Information

Testimony of Pam Dixon Executive Director, World Privacy Forum Before the Senate Committee on Commerce, Science, and Transportation What Information Do Data Brokers Have on Consumers, and How Do They Use It?
Date CapturedSaturday December 21, 2013 09:13 AM
The data broker industry has not shown restraint. Nothing is out of bounds. No list is too obnoxious to sell. Data brokers sell lists that allow for the use of racial, ethnic and other factors that would be illegal or unacceptable in other circumstances. These lists and scores are used everyday to make decisions about how consumers can participate in the economic marketplace. Their information determines who gets in and who gets shut out. All of this must change. I urge you to take action.
Model State Law: Student Privacy Protection Act
Date CapturedTuesday December 25, 2012 08:36 AM
This Act shall be known and cited as the “Student Privacy Protection Act.” This Act shall be liberally and remedially construed to effectuate its purpose. The purpose of the Act is to protect the privacy of students by establishing standards for the disclosure of directory information about students by schools.
NCES 2011-602 Data Stewardship: Managing Personally Identifiable Information in Electronic Student Education Records
Date CapturedTuesday January 04, 2011 09:55 PM
SLDS Technical Brief - Guidance for Statewide Longitudinal Data Systems (SLDS) [A privacy and data protection program for student education records must include an array of rules and procedures for protecting PII held in the record system. It also must include a full set of public disclosures of the existence and uses of the information included in the data system, a description of all parents’ or eligible students’ rights to review and appeal the contents of an individual education record and of their rights and the procedures to appeal a violation. ]*****[A school directory may include PII such as a student’s name, grade level, and contact information. Taken by itself, the release of this information is not harmful to a student. However, when combined with the student’s Social Security Number or another identifier and the student’s education record, this information has the potential for violating a student’s right to privacy. The release of this combined record could lead to harm or embarrassment. Thus, the privacy and data protection program should focus on PII that will be maintained in the electronic student record system with its likely wealth of student data.2}

FERPA

FERPA Exceptions Summary
Date CapturedMonday April 14, 2014 09:03 AM
Protecting Student Privacy While Using Online Educational Services
Date CapturedTuesday February 25, 2014 02:51 PM
EPIC v US ED Reply
Date CapturedWednesday March 06, 2013 12:02 PM
2/15/13
FERPA History
Date CapturedSaturday November 24, 2012 11:06 AM
DECEMBER 2011 – REVISED FERPA REGULATIONS: AN OVERVIEW FOR PARENTS AND STUDENTS
Date CapturedMonday November 12, 2012 11:00 AM
It is important for schools to have directory information policies, as schools may not do even mundane activities (such as publishing yearbooks or creating graduation programs) without having designated the items about the students contained in the publications as directory information. For example, without a directory information policy, FERPA would require schools to obtain consent for every student every time it wants to publish a yearbook. However, many schools have been forgoing designations of directory information, as they have concluded that such designations would put students at risk of becoming targets of marketing campaigns, the media, or even victims of criminal acts
APPENDIX A: FERPA Guidance for Reasonable Methods and Written Agreements
Date CapturedThursday January 05, 2012 05:57 PM
FERPA represents the floor for protecting [student] privacy, not the ceiling. PAGE A-5 Federal Register/Vol. 76, No. 232/Friday, December 2, 2011/Rules and Regulations.
DEPARTMENT OF EDUCATION 34 CFR Part 99 in the Federal Register (76 FR 19726)
Date CapturedMonday December 05, 2011 11:20 AM
SUMMARY: The Secretary of Education (Secretary) amends the regulations implementing section 444 of the General Education Provisions Act (GEPA), which is commonly referred to as the Family Educational Rights and Privacy Act (FERPA). These amendments are needed to ensure that the U.S. Department of Education (Department or we) continues to implement FERPA in a way that protects the privacy of education records while allowing for the effective use of data. Improved access to data will facilitate States’ ability to evaluate education programs, to ensure limited resources are invested effectively, to build upon what works and discard what does not, to increase accountability and transparency, and to contribute to a culture of innovation and continuous improvement in education.
Education New York comments re Student Privacy submitted to FERPA NPRM - May 23, 2011
Date CapturedMonday May 23, 2011 09:22 PM
Document ID: ED-2011-OM-0002-0001: Family Educational Rights and Privacy. The proposed changes to FERPA do not adequately address the capacity of marketers and other commercial enterprises to capture, use, and re-sell student information. Even with privacy controls in place, it is also far too easy for individuals to get a hold of student information and use it for illegal purposes, including identity theft, child abduction in custody battles, and domestic violence. Few parents are aware, for example, that anyone can request -- and receive -- a student directory from a school. Data and information breaches occur every day in Pre-K-20 schools across the country, so that protecting student privacy has become a matter of plugging holes in a dyke rather than advancing a comprehensive policy that makes student privacy protection the priority.
TITLE 20 > CHAPTER 31 > SUBCHAPTER III > Part 4 > § 1232g
Date CapturedTuesday March 15, 2011 12:47 PM
FERPA statute regarding directory information - note PICTURE and E-MAIL NOT in statute. US ED added through regulations -- they were not added by Congress: 5)(A) For the purposes of this section the term “directory information” relating to a student includes the following: the student’s name, address, telephone listing, date and place of birth, major field of study, participation in officially recognized activities and sports, weight and height of members of athletic teams, dates of attendance, degrees and awards received, and the most recent previous educational agency or institution attended by the student.

GAO

Many States Collect Graduates’ Employment Information, but Clearer Guidance on Student Privacy Requirements Is Needed
Date CapturedMonday December 13, 2010 09:17 AM
GAO-10-927 - GAO recommends that Education clarify means by which states can collect and share graduates’ employment information under the Family Educational Rights and Privacy Act (FERPA) and establish a time frame for doing so. Education agreed with the recommendation.
Commercial Activities in Schools: Use of Student Data is Limited and Additional Dissemination of Guidance Could Help Districts Develop Policies
Date CapturedThursday March 12, 2009 03:16 PM
GAO -- Recommendation: The Secretary of Education should take additional action to assist districts in understanding that they are required to have specific policies in place for the collection, disclosure, and use of student information for marketing and selling purposes by disseminating its guidance to state school boards associations.

Legislation

CPO for Education in NY
Date CapturedSaturday March 29, 2014 10:24 AM

Opt out: What you need to know

NCES 2011-602 Data Stewardship: Managing Personally Identifiable Information in Electronic Student Education Records
Date CapturedTuesday January 04, 2011 09:55 PM
SLDS Technical Brief - Guidance for Statewide Longitudinal Data Systems (SLDS) [A privacy and data protection program for student education records must include an array of rules and procedures for protecting PII held in the record system. It also must include a full set of public disclosures of the existence and uses of the information included in the data system, a description of all parents’ or eligible students’ rights to review and appeal the contents of an individual education record and of their rights and the procedures to appeal a violation. ]*****[A school directory may include PII such as a student’s name, grade level, and contact information. Taken by itself, the release of this information is not harmful to a student. However, when combined with the student’s Social Security Number or another identifier and the student’s education record, this information has the potential for violating a student’s right to privacy. The release of this combined record could lead to harm or embarrassment. Thus, the privacy and data protection program should focus on PII that will be maintained in the electronic student record system with its likely wealth of student data.2}

Opt-Out

OPT-OUT PROTECT KIDS bracelets
Date CapturedTuesday January 01, 2013 12:23 PM
FREE!
OPT-OUT PROTECT KIDS
Date CapturedSunday December 30, 2012 03:21 PM
Model State Law: Student Privacy Protection Act
Date CapturedTuesday December 25, 2012 08:36 AM
This Act shall be known and cited as the “Student Privacy Protection Act.” This Act shall be liberally and remedially construed to effectuate its purpose. The purpose of the Act is to protect the privacy of students by establishing standards for the disclosure of directory information about students by schools.
FTC Alerta para Consumidores: Cómo proteger la información personal de su hijo en la escuela
Date CapturedSunday September 11, 2011 07:37 PM
Pregunte en la escuela de su hijo cuál es la política aplicable al directorio de información de los estudiantes. En el directorio de información de los estudiantes se pueden listar el nombre, domicilio, fecha de nacimiento, número de teléfono, domicilio de email y foto de su hijo. La ley FERPA establece que las escuelas deben notificar a los padres y tutores sus respectivas políticas aplicables al directorio de información de los estudiantes, y darle el derecho de optar por que no se suministre esa información a terceros. Es mejor que presente su solicitud por escrito y que guarde una copia para sus archivos. Si usted no ejerce su derecho de optar por que no se comparta la información de su hijo, los datos listados en el directorio de la escuela pueden estar a disposición no sólo de los compañeros de clase y personal de la escuela de su hijo, sino también del público en general.
FTC CONSUMER ALERT: Protecting Your Child's Personal Information at School
Date CapturedFriday September 02, 2011 06:10 PM
[Ask your child's school about its directory information policy. Student directory information can include your child's name, address, date of birth, telephone number, email address, and photo. FERPA requires schools to notify parents and guardians about their school directory policy, and give you the right to opt-out of the release of directory information to third parties. It's best to put your request in writing and keep a copy for your files. If you don't opt-out, directory information may be available not only to the people in your child's class and school, but also to the general public.]

PPRA

Protecting Student Privacy While Using Online Educational Services
Date CapturedTuesday February 25, 2014 02:51 PM

Privacy

PogoWasRight.org
Date CapturedTuesday November 27, 2012 11:41 AM
Youth privacy & breaches.
EPIC: Student Privacy
Date CapturedSaturday November 24, 2012 10:59 AM

School Safety

Addressing Emergencies on Campus June 2011
Date CapturedTuesday June 28, 2011 06:32 PM
United States Department of Education (USED) : Summary of two applicable Federal education laws administered by the Department of Education (Department): the Family Educational Rights and Privacy Act (FERPA) and the Higher Education Act of 1965 (HEA), as amended. This Federal component is only one piece of what is necessary to consider in ensuring the safety of our Nation’s students, faculty, and school staff. A comprehensive and effective campus policy must incorporate all Federal and State policies regarding health and safety emergencies, education, student privacy, civil rights, and law enforcement, as well as specific local community needs.

SLDS

How Much Data Is Enough Data? What happens to privacy when bureaucracies exceed their scope
Date CapturedThursday October 18, 2012 04:38 PM
The following is a detailed account of Oklahoma’s P20 Council (that organization dedicated to the collection of “educational data” as prescribed by the Obama Administration through development of a State Longitudinal Data System (SLDS))- their operation, goals and function in the state of Oklahoma. This is, in fact, very important information, as EVERY STATE IN THE UNION is to have a similar council. Not all SLDS development groups are called, P20 (which stands for pre-K to 20 years of age – the time span over which this data is to be collected and accrued). Some other acronyms are P12, P20 Workforce and SLDS.
P-20 Data System with Instructional Reporting
Date CapturedThursday March 10, 2011 09:18 PM
2010 SLDS P-20 Best Practice Conference - Summary: The Statewide Longitudinal Data Systems Grant Program (SLDS) hosted the 2010 SLDS P-20 Best Practice Conference on November 16–17, 2010, in Washington, DC. The meeting served as a forum for dialogue, collaboration, and the sharing of best practices, providing the opportunity for more than 150 representatives from forty-nine states and the District of Columbia. FY 2006, FY 2007, FY 2009, and FY 2009 ARRA grantee states shared solutions and ideas with one another and took home information on topics identified as critical to their projects in the upcoming year.
Basic Concepts and Definitions for Privacy and Confidentiality in Student Education Records
Date CapturedThursday March 03, 2011 01:21 PM
NCES 2011-601 This first brief discusses basic concepts and definitions that establish a common set of terms related to the protection of personally identifiable information, especially in education records.
CHILDREN’S EDUCATIONAL RECORDS AND PRIVACY -- A STUDY OF ELEMENTARY AND SECONDARY SCHOOL STATE REPORTING SYSTEMS -- October 28, 2009
Date CapturedFriday October 30, 2009 09:44 AM
[The Study reports on the results of a survey of all fifty states and finds that state educational databases across the country ignore key privacy protections for the nation's K-12 children. The Study finds that large amounts of personally identifiable data and sensitive personal information about children are stored by the state departments of education in electronic warehouses or for the states by third party vendors. These data warehouses typically lack adequate privacy protections, such as clear access and use restrictions and data retention policies, are often not compliant with the Family Educational Rights and Privacy Act, and leave K-12 children unprotected from data misuse, improper data release, and data breaches. The Study provides recommendations for best practices and legislative reform to address these privacy problems.] Joel R. Reidenberg, Professor of Law and Founding Academic Director of CLIP Jamela Debelak, Esq., Executive Director of CLIP

US Education Department

EPIC v US ED Reply
Date CapturedWednesday March 06, 2013 12:02 PM
2/15/13
EPIC v US ED
Date CapturedMonday January 21, 2013 01:46 PM
PLAINTIFFS’ CROSS-MOTION FOR SUMMARY JUDGMENT AND MEMORANDUM OPPOSING DEFENDANT’S MOTION TO DISMISS AND MOTION FOR SUMMARY JUDGMENT

Who Is Watching Your Children?

It's 3PM: Who's Watching Your Children?
Date CapturedWednesday December 12, 2012 05:48 PM
Parents concerned about their children's privacy should be aware of how easily personally identifiable information can be bought and sold by marketers as well as by identity thieves. FERPA was enacted in 1974 to protect the privacy of education records and directory information -- including name, address, phone number, date of birth, and e-mail address, among other personally identifiable information. Parents should be aware that under FERPA, directory information can be disclosed without parental consent. If you do not opt-out of directory information personal and identifiable information about your children may be public.

Back to Top of Page


Protecting Children's Privacy | Information Policy News | FERPA | Learning Links | Attendance | about | contact edny | site map