Education Committee on Data Practices and Security Anne Taylor Testimony – February 25th, 2016 @ 1PM
Thank you to Anne Taylor for offering her testimony and personal story of data breaches in her own Minnetonka school district! This is one of three testimonies given by citizens before the Education House Policy Committee yesterday.
Thank you madam chair and members of the committee. I am here to bring awareness and concern surrounding data security in education. Data security in school is important this day and age.
I am a mom who experienced several data breaches in my child’s school district. In 2011 through a data breach at the Minnetonka school district I had access to 2 other children’s personal information – children whom I did not know, nor were related to. I was able to view their names, birthdates, projected graduation date, vaccination records and emergency contacts, as well as email addresses I did not provided to the district.
The second breach, again at the Minnetonka school district, occurred in the fall of 2014 during what’s called a ‘parse process’ when the district upgraded their on-line parent portal system. My email address and over 2000 parent email addresses – which the district considers to be private information – was shared district wide.
I have worked tirelessly to bring these matters to my districts attention. While there are prescribed procedures and processes in place, it is evident some districts – including my district, Minnetonka – are not following guidelines leaving many parents frustrated, angry and concerned. Often parents, because of time constraints and many, who may not know, are left with no other recourse than to file a written complaint with the Federal Department of Education.
Another glaring and scary concern with data privacy has to do with surveys administered through school issued technology devices. While I am speaking for myself in my district, increasingly there are growing numbers of parents in both our state and nationwide who share concerns about their children’s lack of privacy. This increase is caused by technology use in the classrooms.
Often it is not made clear to a parent who is vetting apps and websites for on-line supplementary classroom use. Many parents, including myself and teachers, are not informed on FERPA, PPRA, the right to opt-out as well as a clear explanation where our children’s data is going, how it is stored and how long it is used.
Through surveys children as early as Kindergarten, thru age 18, are being asked information not just on themselves, but their parent’s information without notification or permission. Many of these surveys violate PPRA. While some surveys are connected to the school’s curriculum portal site, others are not disclosed at all and without explanation for its use in the classroom. These surveys ask things from political affiliation and mental health to identifying students who have the worst road rage in a school parking lot. For elementary students, “Class Dojo” app is being used to track student behaviors which many parents statewide have expressed concerns over lack of privacy and data sharing to a 3rd party company.
Cumulatively, these surveys take up valuable classroom time, violate student and parent privacy, and are frequently accessed by use of logging into their school issued iPad or chrome book with their student ID number.
This metadata over time creates a picture of a child without ever looking at the individual – similar to creating someone’s health profile without ever looking at patient records. We question how legal, ethical and accurate this is. What are the damages of that child and their family if inaccurately profiled, without their knowledge or consent? What are the damages of that information being shared in multiple data bases hundreds of times over.
These bills we are proposing are to help provide staff with necessary tools in order to abide by current law while keeping transparency and informing parents and/or a child’s legal guardian.