Right now, the Federal Trade Commission is collecting comments from the public about how their oversight of the use of personal data by commercial enterprises can be improved. As you know, many parents are rightly concerned that too many vendors that collect personal student data at the behest of schools and districts have recklessly allowed that data to breach, and/or have used it for advertising, sale, or other commercial purposes. The comment period to the FTC has been extended through this Monday, Nov. 21, 2022, and we encourage all parents to submit comments by the end of that day.

Since the pandemic, the risky use of digital programs and apps in schools has soared. Most of these programs are operated and owned by for-profit companies who have been collecting personal student data without parental consent, sufficient oversight, restrictions, and/or security protections. As a result, the number of student data breaches has exploded.

This is in part because the existing data security provisions in federal law are weak or non-existent. The Children’s Online Privacy Protection Act, or COPPA, only requires “reasonable” security without the FTC having defined that term, while FERPA does not specify any security standards at all. And too many vendors are using personal data to target ads to students or their families, and/or to build new programs and services around, which are clearly commercial and not educational purposes.

We encourage you to submit your comments here; no later than this Monday at 11:59 pm. Let the FTC know that they should use all their authority to ensure that student data is safe and secure and used ONLY for educational purposes. A sample email is below, but please edit it any way you like. MOST important is for you to add any examples of when your children’s data was breached or improperly used. Please also share any such experiences with us, to aid us in our work going forward, by emailing us at [email protected]

A sample email message is below. Thanks!

______

To the FTC:

I am a parent and am very concerned about how the number of student data breaches has skyrocketed in recent years, through hacking, ransomware, and other cybersecurity events. Moreover, too often school vendors are also using and abusing student data for commercial uses. I urge you to require enforceable contracts that require encryption, as well as other strong security standards for the collection, disclosure, and use of student data. Also, these contracts must prohibit vendors from accessing or using any data they do not need for the purposes of carrying out their contracted services, and the information they do collect should be deleted as soon as possible, preferably at the conclusion of each school year or at the very least, when students graduate or leave the district.

I also urge you to strongly prohibit the use of student data for any commercial purpose, including allowing vendors to sell it, to use it to target ads, and/or to use it to develop new products or services.

Yours sincerely [ add your name here].

—

And have a great Thanksgiving!

Leonie Haimson & Cassie Creswell, co-chairs
Parent Coalition for Student Privacy
124 Waverly Pl.
New York, NY 10011
[email protected]
Follow @parents4privacy
Subscribe to Parent Coalition for Student Privacy newsletter at https://www.studentprivacymatters.org/join-us

I just gave a brief presentation at the 1st International Congress on Democratic Digital Education and Open Edtech in Barcelona (remotely), on how the Parent Coalition began and how our fight continues.

We also engaged in a brief discussion about how the pandemic has undermined student learning & privacy thru the expanded use of online products – but push to privatize schooling via ed tech started before pandemic & sadly will continue long after its over.

My presentation is below.

A presentation we recently gave to the Data Privacy Advisory Committee of the NY State Education Department on the history of the NY State student privacy law, Education Law 2d, beginning with inBloom Inc. and the continuing problems  with lack of compliance and enforcement.

The fight for student privacy post-inBloom DPAC 6.15.22

On May 6, the NY Post revealed that about two million students in NY State alone may have had their privacy violated by the massive Illuminate data breach; students in CT and CO were also affected.

This is an update from reporting in  The Journal, based on FOILed records from NYSED that found at least one million students affected, across  24 school districts and 18 charter schools in New York, plus one Board of Cooperative Educational Service .

The NY State Education Dept. and the NYC DOE need to do a far better job protected personal student data and complying with the NY State Student privacy law 2D, which was passed in 2014, and to minimize the sharing of student data, ensuring strict security standards including encryption, and requiring that vendors delete it as soon as possible and at the very least when students graduate, none of which happened here.

Illuminate has reported that the hackers accessed a ” database storing some information in unencrypted format “, according to  the The Record news site, and that the data may have included student and parent names, email addresses, grades, attendance, birth dates, ID numbers, genders, race and ethnicity, languages spoken at home, Title I and disability status and more.  Data from the records of students in Colorado and Connecticut may also have breached.

Last weekend, Leonie Haimson, co-chair of the Parent Coalition for Student Privacy and Doug Levin, Co-Founder and National Director, K12 Security Information Exchange and a national expert on student data breaches,  gave  presentations at the Network for Public Education national conference in Philadelphia, in which we discussed the Illuminate Breach and the how districts and schools can better protect the privacy of their students and teachers.

Below are the videos of the this session, separated into Part I and Part II, along with questions and comments from the audience, and their power point presentations.

March 14, 2022

If you’d like to send your own letter to your members of Congress, urging them to oppose this privacy-invasive data collection by the federal government, please do so now by clicking here.

With little public notice and no hearings, the US House of Representatives passed the College Transparency Act on Feb. 4, embedded in a much larger bill called the America Competes Act.  The bill will now go to conference with the Senate.  You can read the bill here, starting on p. 30.    The CTA would authorize the federal government to collect the personal information of every student enrolled in college or another higher education institution, and track them through life.

Today, the Parent Coalition for Student Privacy, along with several other prominent privacy and education groups listed below, sent the following letter to Congress, urging them not to approve this bill which would create an invasive and risky federal surveillance system, without any ability for students to opt out of the system or have their data deleted.  If you’d like to send your own letter to your members of Congress, please do so now by clicking here.