Title: Privacy in the 21st Century: Issues for Schools
1Privacy in the 21st Century Issues for Schools
Libraries
2003 WEMA Conference
Bob Bocher robert.bocher_at_dpi.state.wi.us Dept.
of Public Instruction
- Helen Adams
- hadams_at_coredcs.com
- Rosholt School District
-
www.dpi.state.wi.us/dltcl/pld/privacy.html
2Topics to Cover
- An overview of privacy issues
- Federal and state protections and actions
- Tips on online privacy
- Privacy issues in schools
- Privacy resources
3Privacy Concerns and PII(Personally Identifiable
Information)
- Privacy concerns are high on consumer polls.
Key concerns include - Identity theft and fraud
- .Coms selling your PII
- Government misuse of your PII
- Security of your medical and financial data
- Privacy concerns increase as
- More people are online
- Residential broadband access increases (now 20)
- Use of wireless communication increases
- More people shop and conduct business online
Identity theft is one of the fastest growing
crimes in the state. Its about time law
enforcement officials had the tools to bring down
these high tech con artists. State Rep Mark
Gundrum (R-New Berlin), Chair, Assembly TF on
Identity Theft (April 8, 2003)
4Personally Identifiable Information (PII)
- Typical PII includes
- Name
- Address (work, residence)
- Email address
- Telephone number
- Other ID (SSN, etc.)
- Non-PII includes
- Demographic
- Age, gender, race/ethnicity
- Education level, job, income
- Preferences, interests, hobbies
How much of this data is in your schools
database?
5Federal Protections and Action
- 4th and 5th amendments
- Federal Trade Commission (FTC) is lead privacy
agency - Many federal laws have privacy provisions,
including - Gramm-Leach-Bliley Act (GLB, 1999)
- Health Insurance Portability and Accountability
Act (HIPAA, 1996) - Rules (93 pages) effective, April 14
- USA Patriot Act (2001)
- Childrens Online Privacy Protection Act (COPPA,
1998) - Family Educational Rights and Privacy Act
(FERPA, 1974) - 34 privacy-related bills are pending in Congress
6FTCs Fair Information Practice Principles (FIPPs)
"The key to privacy protection is enforcement.
Now, there's no financial harm for not having or
following a privacy policy." Andrew Shen, EPIC
7USA Patriot Act (PL10756, Sections 214216)
- Quickly passed following Sept 11, 2001
- 342 pages that revises more than 15 other laws
- Expands Foreign Intelligence Surveillance Act
(FISA) - Provisions extend beyond terrorism
- Increases counterfeiting penalties
- Russ Feingold was only senator to vote no
- Patriot II act has been drafted
- Total Information Awareness (TIA) system,
research continues
In our haste to develop legislation to help
America, we went too far. Sen. Feingold, 9-02
8USA Patriot Act Some Privacy Issues
- Expands monitoring laws (beyond phone taps) to
include Internet traffic - Email addresses, IP addresses/routing, Web search
terms - Monitoring at various levels, from PC to the ISP
- Allows nationwide monitoring
- Expands surveillance with less judicial review
- Former probable cause was higher legal bar than
new relevant to an ongoing investigation - ALA advises librarians to avoid creating
unnecessary records - Is this a new Library Awareness Program?
9State Protections and Action
- Student privacy protections are in state statutes
- WI library privacy law
- DPI approves school district technology plans
- Plans often include privacy provisions in
relation to NCIPA
10WI Library Privacy Law
- Library privacy law (43.30(1)) covers the
following - Any library supported by public funds
- Any information indicating the identity of an
individual - Any use of a librarys materials or other
resources or services may not be disclosed except
by court order. (emphasis added)
Includes public libraries, public K-12 schools,
UW and WTCS libraries.
Includes any individual, regardless of age,
residence, etc.
Includes circulation records, Internet use
(email, Web logs, history files, sign-up sheets)
meeting room use, etc.
11Tips on Personal Privacy
- Read closely any Websites privacy policy
- Keep a clean email address
- Home cable and DSL users are especially
vulnerable - Never enter sensitive PII without a secure
connection - Enter only minimal data, look for opt-out check
boxes - Look for compliance with groups like BBBOnline,
TRUSTe and HON - Be aware of your surroundings
- Security cameras in Times Square
12Schools and Privacy 12 Issues Answers
Helen Adams hadams_at_coredcs.com Rosholt School
District
13Privacy in Schools Issue 1Confidentiality of
Student Records (federal law)
- Family Educational Rights and Privacy Act (FERPA,
1974) - Applies to schools accepting DOE funds
- Requires districts to establish written policies
and procedures protecting student PII - Defines educational records and who has access
- Parental permission required to disclose student
PII
14Privacy in Schools Issue 1Confidentiality of
Student Records (state law)
- Chapter 118.125 WI State Statutes
- All student records in public schools are
confidential, including - Behavioral, directory data, progress records,
physical health - Access to records granted
- To parents
- To staff with legitimate educational interest
- For legal reasons
- For an audit of state or federal program
15Privacy in Schools Issue 2Privacy Language in
the AUP
- Addressing privacy in the AUP
- N-CIPA requires schools receiving E-rate
discounts to adopt an Internet Safety Policy - Must address unauthorized disclosure, use, and
dissemination of PII regarding minors. - Minor defined as someone less than 17 years old
- Requires public hearing and formal Board adoption
16Privacy in Schools Issue 3Privacy Policy on a
Districts Website
- All school sites should post a privacy policy
- Present on every major page of site
- Examples
- Anchorage (Alaska) School District
- www.asd.k12.org/privacy.asp
- School District of Greenville County (SC)
- www.greenville.k12.sc.us/district/web/policy/priva
cy.htm - Valley Elementary School (Utah)
- www.weber.k12.ut.us/LegalNotice/privacy.html
17Privacy in Schools Issue 4Identifying Students
on the Districts Website
- FBI recommends districts not publish student
photos - Increased arrests of pedophiles
- Study 12 of kids meet unknown person
- Districts approach the issue in different ways
- Pictures and names
- Pictures with no names
- Pictures and names separated
- No photos or names
- Mankato (MN) S.D. 77
- www.isd77.k12.mn.us/webguide.php
18Privacy in Schools Issue 5Protecting the
Confidentiality of Library Records
- Records kept for library management
- No federal law protects confidentiality
- Legislation in 48 states and DC varies
- Wisconsin Library Privacy Law covers
- Patron information, circulation records
- Records associated with use of the Internet
- Use of in-house databases
- Can release only by court order
19Privacy in Schools Issue 6Privacy and Security
of Electronic Student Records
- Student management systems allow access to
records via LAN and WAN - Include directory, attendance, grade,
disciplinary, and other records - Levels of security for data
- Confidentiality and privacy policies
- LAN/WAN network security procedures
- Teacher access
- Parents access childs records via Web
- Grades, attendance, discipline, and health records
20Privacy in Schools Issue 7Conducting Market
Research on Students
- Companies have offered districts incentives for
info on student use of the Internet - Equipment, email accounts, host Website
- Student Privacy Protection Act (Dec. 2001)
- Requires schools to develop and adopt policies
- Collection, disclosure, or use of personal
information collected from students for the
purpose of marketing or selling
21Privacy in Schools Issue 8Students Providing
PII About Themselves
- Students have little concept of privacy
- Annenberg The Internet and the Family 2000
study - Teenagers more likely to give information
- Teach Stranger danger online and off
- Wisconsin Rapids (WI) School District AUP
- No PII transmitted from district computers
22Privacy in Schools Issue 9Access to Student
Information by Military Recruiters
- NCLB Act 2001 requirement
- H.S.s must supply military recruiters with
students names, addresses, and phone numbers
(including unlisted s) - District policies keep student information
confidential under Family Educational Rights and
Privacy Act (1974) - Oct. 2002 letter sent to districts by federal
officials - Parents can opt out
23Privacy in Schools Issue 10Internet Use Logs
as Public Record
- 2 legal battles over whether Internet logs are
public records and available - 1998 Utah Supreme Court granted right to review
logs of Utah Educational Network - 2000 New Hampshire judge ruled Internet
history logs of 2 school districts are public
records and may be reviewed - Student PII must be removed first
- Person requesting logs bears the cost for removal
- WiscNets policy
24Privacy in Schools Issue 11Use of Email to
Conduct School Business
- Monitoring of employees
- 63 monitor email and Internet use
- Personal email and recreational surfing cost
money - Employers have the right to monitor without
informing employees - Court cases
- No legal or factual basis for extending right of
privacy to cover business-related
communications. - Employers should establish use policy
- Reasonable use vs. abuse
25Privacy in Schools Issue 11Use of Email to
Conduct School Business
- Email communication by administration and school
boards - email issues discussion may violate open records
and open meetings laws - Archiving district email
- Content, not format, determines if
documentsrequire archiving and length of time - Madison (WI) School District case 2001
- Oshkosh (WI) School District case 2002
It is the public policy of this state that all
persons are entitled to the greatest possible
information regarding the affairs of government.
WI Stat. 19.31
26Privacy in Schools Issue 12Use of Surveillance
Cameras
- Dept. of Justice Safe Schools Manual
- Allows use of surveillance technology to protect
health, welfare, and safety of students and
staff - Generally in places students and staff lack
reasonable expectation of privacy - Hallways, cafeteria, stairways, parking lot,
entrances - School libraries and computer labs
- Installed to prevent vandalism, enforce school
rules, provide security - Notification of public
- Signs on doors, notice in district newsletter,
letters to parents, highlighted in orientation
meetings
27Actions Schools Can Take
- Add privacy language to Internet AUP
- Add privacy statement to district Website
- Review how Internet logs are archived
- Maintain minimal library records
- Provide staff training on privacy issues
- Teach students about privacy issues
- Students should know their rights
- They should learn to protect their own privacy
- Inform parents of district policies related to
privacy
28Privacy in the 21st Century Issues for Schools
Libraries
? Questions ?
Bob Bocher robert.bocher_at_dpi.state.wi.us Dept. of
Public Instruction
- Helen Adams
- hadams_at_coredcs.com
- Rosholt School District
-
www.dpi.state.wi.us/dltcl/pld/privacy.html
29Map showing over 120 security cameras in Times
Square area. Most predate Sept 11. As
Security Cameras Sprout, Someones Always
Watching, NYT Sept. 29, 2002
return
30Monday, Feb. 10, 2003 FRANKFORT, Kentucky (AP)
Over 2,000 state PCs sold as surplus still
had confidential files on them naming thousands
of people with AIDS and other STDs. "It's a lot
of information with lots of names and things like
the sexual partners of those diagnosed with AIDS.
It's a terrible security breach."
KY State Auditor Ed Hatchett KY Health
Services Secretary Marcia Morgan has ordered an
investigation.
B.J. Bellamy from the Kentucky Auditor's Dept.
checks a hard drive on a PC owned by the state.
return