Privacy in the 21st Century: Issues for Schools

1 / 30
About This Presentation
Title:

Privacy in the 21st Century: Issues for Schools

Description:

All student records in public schools are confidential, including: ... 2 legal battles over whether Internet logs are public records and available ... – PowerPoint PPT presentation

Number of Views:101
Avg rating:3.0/5.0
Slides: 31
Provided by: BobBo7

less

Transcript and Presenter's Notes

Title: Privacy in the 21st Century: Issues for Schools


1
Privacy in the 21st Century Issues for Schools
Libraries
2003 WEMA Conference
Bob Bocher robert.bocher_at_dpi.state.wi.us Dept.
of Public Instruction
  • Helen Adams
  • hadams_at_coredcs.com
  • Rosholt School District


www.dpi.state.wi.us/dltcl/pld/privacy.html
2
Topics to Cover
  • An overview of privacy issues
  • Federal and state protections and actions
  • Tips on online privacy
  • Privacy issues in schools
  • Privacy resources

3
Privacy Concerns and PII(Personally Identifiable
Information)
  • Privacy concerns are high on consumer polls.
    Key concerns include
  • Identity theft and fraud
  • .Coms selling your PII
  • Government misuse of your PII
  • Security of your medical and financial data
  • Privacy concerns increase as
  • More people are online
  • Residential broadband access increases (now 20)
  • Use of wireless communication increases
  • More people shop and conduct business online

Identity theft is one of the fastest growing
crimes in the state. Its about time law
enforcement officials had the tools to bring down
these high tech con artists. State Rep Mark
Gundrum (R-New Berlin), Chair, Assembly TF on
Identity Theft (April 8, 2003)
4
Personally Identifiable Information (PII)
  • Typical PII includes
  • Name
  • Address (work, residence)
  • Email address
  • Telephone number
  • Other ID (SSN, etc.)
  • Non-PII includes
  • Demographic
  • Age, gender, race/ethnicity
  • Education level, job, income
  • Preferences, interests, hobbies

How much of this data is in your schools
database?
5
Federal Protections and Action
  • 4th and 5th amendments
  • Federal Trade Commission (FTC) is lead privacy
    agency
  • Many federal laws have privacy provisions,
    including
  • Gramm-Leach-Bliley Act (GLB, 1999)
  • Health Insurance Portability and Accountability
    Act (HIPAA, 1996)
  • Rules (93 pages) effective, April 14
  • USA Patriot Act (2001)
  • Childrens Online Privacy Protection Act (COPPA,
    1998)
  • Family Educational Rights and Privacy Act
    (FERPA, 1974)
  • 34 privacy-related bills are pending in Congress

6
FTCs Fair Information Practice Principles (FIPPs)
"The key to privacy protection is enforcement.
Now, there's no financial harm for not having or
following a privacy policy." Andrew Shen, EPIC
7
USA Patriot Act (PL10756, Sections 214216)
  • Quickly passed following Sept 11, 2001
  • 342 pages that revises more than 15 other laws
  • Expands Foreign Intelligence Surveillance Act
    (FISA)
  • Provisions extend beyond terrorism
  • Increases counterfeiting penalties
  • Russ Feingold was only senator to vote no
  • Patriot II act has been drafted
  • Total Information Awareness (TIA) system,
    research continues

In our haste to develop legislation to help
America, we went too far. Sen. Feingold, 9-02
8
USA Patriot Act Some Privacy Issues
  • Expands monitoring laws (beyond phone taps) to
    include Internet traffic
  • Email addresses, IP addresses/routing, Web search
    terms
  • Monitoring at various levels, from PC to the ISP
  • Allows nationwide monitoring
  • Expands surveillance with less judicial review
  • Former probable cause was higher legal bar than
    new relevant to an ongoing investigation
  • ALA advises librarians to avoid creating
    unnecessary records
  • Is this a new Library Awareness Program?

9
State Protections and Action
  • Student privacy protections are in state statutes
  • WI library privacy law
  • DPI approves school district technology plans
  • Plans often include privacy provisions in
    relation to NCIPA

10
WI Library Privacy Law
  • Library privacy law (43.30(1)) covers the
    following
  • Any library supported by public funds
  • Any information indicating the identity of an
    individual
  • Any use of a librarys materials or other
    resources or services may not be disclosed except
    by court order. (emphasis added)

Includes public libraries, public K-12 schools,
UW and WTCS libraries.
Includes any individual, regardless of age,
residence, etc.
Includes circulation records, Internet use
(email, Web logs, history files, sign-up sheets)
meeting room use, etc.
11
Tips on Personal Privacy
  • Read closely any Websites privacy policy
  • Keep a clean email address
  • Home cable and DSL users are especially
    vulnerable
  • Never enter sensitive PII without a secure
    connection
  • Enter only minimal data, look for opt-out check
    boxes
  • Look for compliance with groups like BBBOnline,
    TRUSTe and HON
  • Be aware of your surroundings
  • Security cameras in Times Square

12
Schools and Privacy 12 Issues Answers
Helen Adams hadams_at_coredcs.com Rosholt School
District
13
Privacy in Schools Issue 1Confidentiality of
Student Records (federal law)
  • Family Educational Rights and Privacy Act (FERPA,
    1974)
  • Applies to schools accepting DOE funds
  • Requires districts to establish written policies
    and procedures protecting student PII
  • Defines educational records and who has access
  • Parental permission required to disclose student
    PII

14
Privacy in Schools Issue 1Confidentiality of
Student Records (state law)
  • Chapter 118.125 WI State Statutes
  • All student records in public schools are
    confidential, including
  • Behavioral, directory data, progress records,
    physical health
  • Access to records granted
  • To parents
  • To staff with legitimate educational interest
  • For legal reasons
  • For an audit of state or federal program

15
Privacy in Schools Issue 2Privacy Language in
the AUP
  • Addressing privacy in the AUP
  • N-CIPA requires schools receiving E-rate
    discounts to adopt an Internet Safety Policy
  • Must address unauthorized disclosure, use, and
    dissemination of PII regarding minors.
  • Minor defined as someone less than 17 years old
  • Requires public hearing and formal Board adoption

16
Privacy in Schools Issue 3Privacy Policy on a
Districts Website
  • All school sites should post a privacy policy
  • Present on every major page of site
  • Examples
  • Anchorage (Alaska) School District
  • www.asd.k12.org/privacy.asp
  • School District of Greenville County (SC)
  • www.greenville.k12.sc.us/district/web/policy/priva
    cy.htm
  • Valley Elementary School (Utah)
  • www.weber.k12.ut.us/LegalNotice/privacy.html

17
Privacy in Schools Issue 4Identifying Students
on the Districts Website
  • FBI recommends districts not publish student
    photos
  • Increased arrests of pedophiles
  • Study 12 of kids meet unknown person
  • Districts approach the issue in different ways
  • Pictures and names
  • Pictures with no names
  • Pictures and names separated
  • No photos or names
  • Mankato (MN) S.D. 77
  • www.isd77.k12.mn.us/webguide.php

18
Privacy in Schools Issue 5Protecting the
Confidentiality of Library Records
  • Records kept for library management
  • No federal law protects confidentiality
  • Legislation in 48 states and DC varies
  • Wisconsin Library Privacy Law covers
  • Patron information, circulation records
  • Records associated with use of the Internet
  • Use of in-house databases
  • Can release only by court order

19
Privacy in Schools Issue 6Privacy and Security
of Electronic Student Records
  • Student management systems allow access to
    records via LAN and WAN
  • Include directory, attendance, grade,
    disciplinary, and other records
  • Levels of security for data
  • Confidentiality and privacy policies
  • LAN/WAN network security procedures
  • Teacher access
  • Parents access childs records via Web
  • Grades, attendance, discipline, and health records

20
Privacy in Schools Issue 7Conducting Market
Research on Students
  • Companies have offered districts incentives for
    info on student use of the Internet
  • Equipment, email accounts, host Website
  • Student Privacy Protection Act (Dec. 2001)
  • Requires schools to develop and adopt policies
  • Collection, disclosure, or use of personal
    information collected from students for the
    purpose of marketing or selling

21
Privacy in Schools Issue 8Students Providing
PII About Themselves
  • Students have little concept of privacy
  • Annenberg The Internet and the Family 2000
    study
  • Teenagers more likely to give information
  • Teach Stranger danger online and off
  • Wisconsin Rapids (WI) School District AUP
  • No PII transmitted from district computers

22
Privacy in Schools Issue 9Access to Student
Information by Military Recruiters
  • NCLB Act 2001 requirement
  • H.S.s must supply military recruiters with
    students names, addresses, and phone numbers
    (including unlisted s)
  • District policies keep student information
    confidential under Family Educational Rights and
    Privacy Act (1974)
  • Oct. 2002 letter sent to districts by federal
    officials
  • Parents can opt out

23
Privacy in Schools Issue 10Internet Use Logs
as Public Record
  • 2 legal battles over whether Internet logs are
    public records and available
  • 1998 Utah Supreme Court granted right to review
    logs of Utah Educational Network
  • 2000 New Hampshire judge ruled Internet
    history logs of 2 school districts are public
    records and may be reviewed
  • Student PII must be removed first
  • Person requesting logs bears the cost for removal
  • WiscNets policy

24
Privacy in Schools Issue 11Use of Email to
Conduct School Business
  • Monitoring of employees
  • 63 monitor email and Internet use
  • Personal email and recreational surfing cost
    money
  • Employers have the right to monitor without
    informing employees
  • Court cases
  • No legal or factual basis for extending right of
    privacy to cover business-related
    communications.
  • Employers should establish use policy
  • Reasonable use vs. abuse

25
Privacy in Schools Issue 11Use of Email to
Conduct School Business
  • Email communication by administration and school
    boards
  • email issues discussion may violate open records
    and open meetings laws
  • Archiving district email
  • Content, not format, determines if
    documentsrequire archiving and length of time
  • Madison (WI) School District case 2001
  • Oshkosh (WI) School District case 2002

It is the public policy of this state that all
persons are entitled to the greatest possible
information regarding the affairs of government.
WI Stat. 19.31
26
Privacy in Schools Issue 12Use of Surveillance
Cameras
  • Dept. of Justice Safe Schools Manual
  • Allows use of surveillance technology to protect
    health, welfare, and safety of students and
    staff
  • Generally in places students and staff lack
    reasonable expectation of privacy
  • Hallways, cafeteria, stairways, parking lot,
    entrances
  • School libraries and computer labs
  • Installed to prevent vandalism, enforce school
    rules, provide security
  • Notification of public
  • Signs on doors, notice in district newsletter,
    letters to parents, highlighted in orientation
    meetings

27
Actions Schools Can Take
  • Add privacy language to Internet AUP
  • Add privacy statement to district Website
  • Review how Internet logs are archived
  • Maintain minimal library records
  • Provide staff training on privacy issues
  • Teach students about privacy issues
  • Students should know their rights
  • They should learn to protect their own privacy
  • Inform parents of district policies related to
    privacy

28
Privacy in the 21st Century Issues for Schools
Libraries
? Questions ?
Bob Bocher robert.bocher_at_dpi.state.wi.us Dept. of
Public Instruction
  • Helen Adams
  • hadams_at_coredcs.com
  • Rosholt School District


www.dpi.state.wi.us/dltcl/pld/privacy.html
29
Map showing over 120 security cameras in Times
Square area. Most predate Sept 11. As
Security Cameras Sprout, Someones Always
Watching, NYT Sept. 29, 2002
return
30
Monday, Feb. 10, 2003 FRANKFORT, Kentucky (AP)
Over 2,000 state PCs sold as surplus still
had confidential files on them naming thousands
of people with AIDS and other STDs. "It's a lot
of information with lots of names and things like
the sexual partners of those diagnosed with AIDS.
It's a terrible security breach."
KY State Auditor Ed Hatchett KY Health
Services Secretary Marcia Morgan has ordered an
investigation.
B.J. Bellamy from the Kentucky Auditor's Dept.
checks a hard drive on a PC owned by the state.
return
Write a Comment
User Comments (0)