Category Archives: Blog

How a parent discovered a huge breach by Chicago public schools– of private school students with special needs

UPDATE (3/8/17): Chicago parents -check out Cassie’s advice at the end to find out if your child’s information was breached.

The following post is by Cassie Creswell, a Chicago parent activist from Raise Your Hand Illinois and a key member of our Parent Coalition for Student Privacy.  In January, Cassie also testified on our behalf at the Chicago hearings of the Commission for Evidence-Based Policy against overturning the ban to enable the federal government to create a comprehensive student database of personally identifiable information.

More recently, upon examining expenditure files on the Chicago Public School website,  Cassie discovered the names of hundreds of students along with the disability services they received at numerous private and parochial schools. She immediately contacted  several reporters, and though an article in the Sun-Times subsequently briefly reported on this breach,  the reporter did not mention that it was primarily private and parochial students whose data was exposed.   In addition, legal claims for special education services that CPS had originally rejected were included along with student names.  Cassie’s fuller explanation of this troubling violation of student privacy is below — as well as the fact that at least some of these schools and families have still not been alerted to the breach by CPS.

Once again, Chicago Public Schools has improperly shared sensitive student data, the Chicago Sun-Times reported on February 25th.

Medical data about students used to administer outsourced nursing services was stored on an unsecured Google doc available to anyone with the link.  And personally-identifiable information (PII) about students with Individualized Education Programs (IEPs), including their name, student identification numbers and information about services and diagnoses related to their disabilities, were included in files of detailed vendor payments posted on the district’s public website.

I discovered this latter information in the vendor payment data, while in the course of searching for information about standardized testing expenditures. The files covered seven fiscal years, 2011-2016, but were only posted on the CPS website this past summer. Noticing what appeared to be a student name and ID number listed in the file struck me as surprising and likely a privacy violation. All in all, there were more than 4500 instances in the files where students’ names appeared along with the special education services they received.

Upon closer examination, it was clear to me that there was a great deal of highly sensitive student personal information that had been disclosed, with payments made from CPS to educational service providers assigned to hundreds of students with special needs attending private schools as well as public schools. Included were the name of the students, the schools in which they were enrolled, their ID numbers, the vendors who had been hired and the services they provided according to the students’ diagnoses. The funds for the payments came from public funds routed through the students’ home districts, CPS, to fulfill requirements of the federal Individuals with Disabilities Education Act (IDEA) for spending on special education students enrolled in private schools.

This breach has since been confirmed as violating federal and state privacy laws — at least in the case of the public school students whose personal information was disclosed and likely the private school students as well.

The records include descriptions of services along with the students’ names and schools that would clearly be considered highly confidential. Some descriptions related to academic services (e.g. “Direct Instruction – Reading, Writing and Math”) or speech and language therapy; others were even more sensitive, for example:

  • “direct therapeutic activities to address sensory processing and regulation emotional regulation [sic] fine motor”
  • “direct session once a week focusing on anxiety mood and social skills”
  • “direct services to develop strategies to work through anxiety other issues that interfere with her learning”
  • “Instruction by School Psychologist according to Special Education Service Plan”

In addition, the names and student id numbers of homeless CPS students were included in some of the earlier vendor payment files because of payments related to fee waivers.

The list of the 50 private and parochial schools and three school consortia whose student information was breached is below.

Or you can can click here to see a list of these schools with the number of instances for each one.

The vendor payment files also included instances of payments made to cover services mandated as the result of a due process hearing settlements. (Such a hearing is held when parents request a state-level resolution of a dispute over services for students with disabilities.) These included student names, case number and description of services (e.g. “[name redacted] – ISBE CASE NO. 20XX-00XX per order the district shall fund psychological evaluation services rendered [dates redacted]”)

Although the Sun-Times article quotes CPS officials saying that “affected families will be notified by CPS, ” I reached out to some of the schools, and they had not yet received notification as of Friday, March 3rd.

These are not the first student data breaches CPS has had this year. This past fall, a CPS employee was fired for unauthorized sharing of personal information of more than 28,000 students with a charter management organization, which then used the data for marketing.

Prior breaches (as documented here) in the last decade include:

Dozens of software and hardware vendors have products in use in the Chicago Public Schools. Payments to vendors of ed tech software alone have totaled at least $80 million in the last five years.  The data generated by ed tech software is almost always tied to a student’s personally identifiable information.

Regardless of the significance of the information shared about any individual student in this breach, the apparent negligence with which the district has treated confidential student data in these most recent breaches brings up significant questions:  What care is being taken to protect student privacy and comply with federal and state privacy laws? Who is looking out for our kids to ensure that these violations don’t recur repeatedly?

Parents and students should be justifiably concerned about how secure student data is. Taxpayers should be concerned about what legal liability the district is opening itself up to in an era of big data.

*****

Advice for parents whose children’s data may have breached

If your child is/was enrolled at a Chicago private school and receiving services for a disability paid for by CPS to a private vendor of proportionate share services since fall of 2012, then your child’s  data may have been breached.

CPS says they will contact the family of every child whose data was exposed. We recommend calling the CPS Law Department to ask: 773-553-1700  Also, contact your school administrator; they may not have been notified yet of this breach.

You can also file complaints with the ACLU of IL, the IL Attorney General—including their civil rights bureau and disability rights bureau, and the CPS Inspector General.

If your child has only been enrolled in CPS, it is unlikely their information was part of this vendor payment data breach. One exception is if you had a due process settlement with CPS in which they agreed to cover services. In that case, it would be a good idea to contact your advocate or lawyer if you had one to notify them that this information may have been shared publicly. They should have advice for you. — Cassie Creswell

Creswell follow-up responses to Commission in opposition to a comprehensive federal student database

Following Cassie Creswell’s testimony on behalf of our Coalition on January 5, 2017 to the Commission on Evidence-Based Policy, the Commission sent her some follow-up questions.  Here are her responses.

10 February 2017

Commission on Evidence-Based Policymaking

Washington, DC

 

Dear Commission Members:

Thank you for requesting additional information about the Parent Coalition on Student Privacy’s position on unit record systems. Below we address all three of the Commission’s follow-up questions:

  • Can you please clarify whether your objection is to unit record systems for elementary and secondary school students or if you also object to unit record systems for postsecondary students?

See the discussion of this issue below.

  • You argue for local control of student data and specifically for parental and teacher data stewardship. At what point should adult students in postsecondary education become the stewards of their own data?

The control of their data should pass to post-secondary students when they become adults, as occurs currently in Federal law.

  • Would your concerns about the intrusiveness of a student-unit record system be mitigated if the data were only maintained without personal identifiers that could be used to track an individual student, and if there were statutory protections that guaranteed that the data could only be used for aggregate, statistical analysis?

No, because data can easily be re-identified. If only aggregate data is used, only aggregate data should be collected.

We have significant reservations about the creation of any universal unit record system for students, whether for elementary, secondary or post-secondary students.

Elementary and secondary student unit record systems present a particular set of risks because the majority of information in a child’s K12 educational record should not be made “permanent.” Childhood is a time of growth, experimentation and development; and mistakes and challenges should not be part of a record that could follow one into adulthood and hamper a child’s chance of future success.

A unit record system for post-secondary education does not present an identical set of concerns. Students in post-secondary institutions do expect that some aspects of their transcript, including grades and credits, will persist into adulthood with the expectation of being  shared with employers and other educational institutions—with their consent. Yet other contents of their education records should never be made public.

Records from these years may also contain sensitive information about immigration status, counseling records, mental and physical health and disabilities, etc. At the age of 18, control of the record is transferred from a parent or guardian to the students themselves, but, crucially, privacy controls are still maintained.

We have several concerns about the need for and use of any universal post-secondary unit record system:

  1. The efficacy of methods to de-identify or anonymize personally-identifiable data is questionable. De-identified data can often be re-identified and exposed.[1]
  2. The government should not have access to a comprehensive database for all post-secondary students as this information could be easily abused for political or immigration reasons.  This is especially of concern given the current political climate. The Home Office in Great Britain has now requested access to a similar government student database for the purposes of “immigration control” that was promised to only be used for research.[2]
  3. Once the federal government starts collecting post-secondary data, this could easily lead to a creeping expansion of data collection from K12 institutions and districts.
  4. The quality of research based on large-scale correlational studies is of greatly varying quality[3] and does not justify the risks of universal tracking.
  5. Large amounts of data used for the purposes of evaluating post-secondary institutions’ effectiveness are already available, including the Department of Education’s College Scorecard, the Mobility Report Card Project—a collaboration of the US Treasury and the Department of Education, and the privately-run National Student Clearinghouse.
  6. Extensive regulations have already been implemented to ensure that post-secondary institutions are protecting student’s long-term financial interests, e.g. Negotiated Rulemaking on Gainful Employment implemented in Fall 2014.

We acknowledge that given the investment of taxpayer funds that support institutions of higher education, the federal government has a strong practical interest to make certain that those funds are being used efficiently and effectively.

We do not, however, think that a universal student record system created and administered by the federal government is a necessary component of fulfilling that interest and duty.

The federal government spends billions of dollars in medical research and health care as well, and yet there has been no proposal that we know of for the federal government to collect the personal health data for every person in the United States.

We support only the use of aggregated student data for the evaluation of postsecondary institutions. The collection of such data must include asking for consent for participation from either a parent/guardian or the students themselves if over the age of 18. Clear, transparent information about how any data is to be used and who it may be shared with must be presented before asking for consent. And, there should be no financial benefit or loss contingent on granting the consent.

We continue to urge the Commission to recommend against the creation of any universal federal student unit record system.

On behalf of the Parent Coalition for Student Privacy,

Sincerely,

Cassandre Creswell, PhD

Co-executive director

Raise Your Hand Action

Chicago IL

_____

[1] See, for example, the research of Latanya Sweeney on identifiability.

[2]The Home Office are turning teachers into immigration officers” G. Bhattacharyya. Politics.co.uk.

[3] See discussion from a variety of fields (medicine, psychology and linguistics) in “Data dredging, bias, or confounding.” Smith, G.D. and S. Ebrahim. BMJ. 2002; “Why Most Published Research Findings Are False.” Ioannidis, J. P. A. PLOS Medicine. 2005; “False-Positive Psychology: Undisclosed Flexibility in Data Collection and Analysis Allows Presenting Anything as Significant.” Simmons, J.P., L.D. Nelson and U. Simonsohn. Psychological Science. 2011; and “Linguistic Diversity and Traffic Accidents: Lessons from Statistical Studies of Cultural Traits.” PLoS ONE. 2013. Roberts S. and J. Winters.

 

Help us fight to protect children’s privacy on #GivingTuesday

The Parent Coalition for Student Privacy is thrilled to take part in #GivingTuesday on November 29, 2016, a day dedicated to kick off the charitable season. We realize there are many causes worthy of your support but this year, we hope you will consider helping us so we can continue our urgent work.

If you look at a typical American classroom today, you will see students using laptops, tablets, smartboards and other devices. What you won’t see is the hundreds or more pieces of student data being collected by this technology and put at risk from breach, hack, misuse and commercialization. Federal and state laws too often lack the guardrails necessary to protect this treasure trove of student data. And boy is it valuable — worth an estimated $8 billion dollars per year.

While the software industry and organizations like the Gates Foundation give millions of dollars to dozens of professional organizations to promote the increased use of ed tech and collection of student data, our Coalition works on a shoe-string budget and need your support to keep going.

Since forming in Summer of 2014, we’ve been busy:

  • testifying before the U.S. House Education & the Workforce Committee on the need to require more transparency around disclosure and security protections for student data;
  • speaking at state forums and national conferences to promote our privacy principles;
  • coordinating with advocates across the country to introduce strong state-level and federal legislation;
  • providing fact sheets on student privacy rights under existing  law;
  • helping parents write FERPA complaints when their schools violate those rights;
  • raising awareness through articles and op-eds; and
  • alerting parents on how to comment on new policies that further threaten student privacy — like the revived push to overturn the ban on the federal collection of personal student data.

Right now, we’re working on a Parent Student Privacy Toolkit, to be released early next year in partnership with the Campaign for a Commercial-Free Childhood – which will include practical steps and best practices to ensure that your child’s personal information is protected while at school and at home.

Please give to the Parent Coalition for Student Privacy, so we can keep fighting to protect every child’s most precious possession – his or her privacy.

You can donate online here or send a check to:

Class Size Matters  •  124 Waverly Place  •  New York, NY 10011

*Please be sure to write “Designated to PCSP” on the check or the online form. Your contribution is fully tax-deductible.

Thank you for all that you do to support student privacy,

Leonie and Rachael

How and why to send your comments in opposition to a federal student data system

See also our press release and our letter to the Commission, sent Nov. 14, 2016.

Recently Dan Greenstein, director of the Gates Foundation ‘s Postsecondary Division, released the Foundation’s top advocacy priorities for 2017.  Chief among them was to “push Congress” to overturn the prohibition against the federal collection of personal data of all students, called the federal student-unit record system.   More on this here.  The ban on the federal government collecting the personal data on all students has existed since the Higher Education Opportunity Act of 2008, in 20 U.S.C. sec. 1001.

The Commission on Evidence-Based Policymaking (CEP) was established by Congress last year.  One of the goals of this Commission is to consider “whether a Federal clearinghouse should be created for government survey and administrative data.”  The Commission held hearings in DC on October 21, 2016.   At the hearing, several Gates-funded groups testified, including New America, Data Quality Campaign, Education Trust and Young Invincibles.

All these organizations testified in favor of overturning the ban on federal student-unit record system, or to weaken the ban. Though they said the purpose of this would be to allow for “improvements in information on postsecondary progress and outcomes, but the actual goal of the Gates Foundation and their allies is far more ambitious: to allow for the creation of a “national data infrastructure” that would incorporate the personal data on all public school students, starting in preK through high school, college and beyond, and to connect all data now held by different state and federal agencies.  This was revealed in the summary and chart in the Gates Foundation’s recent report on their top advocacy priorities:

GOAL

Support the development of a comprehensive national data infrastructure that enables the secure and consistent collection and reporting of key performance metrics for all students in all institutions. These data are essential for supporting the change needed to close persistent attainment gaps and produce an educated and diverse workforce with career-relevant credentials for the 21st century.

A chart was included to demonstrate the overarching and comprehensive nature of the data infrastructure envisioned:

gates-foundation-chart-data-flow

On November 14, the Parent Coalition for Student Privacy sent a letter to the Commission to strongly oppose the overturning of the ban on a proposed federal student-unit record system.  Groups that signed  include the ACLU, Network for Public Education, NPE Action, Parents Across America, and NY State Allies for Public Education. We believe that the potential risks to student privacy that such a centralized, comprehensive federal database are enormous, as expressed in our press release.

Please send your own comments to the Commission, in opposition to allowing the federal government to collect personal data and track every public school student in the nation.

The deadline for comment is December 14, 2016 at 11:59 PM.

Below are instructions on how to submit your comments, as well as a sample comment you can use,  but please feel free write your own and/or edit this any way  you wish.

Thanks!  Rachael and Leonie, Parent Coalition for Student Privacy

Instructions:

  1. Visit the Federal Register at: https://www.regulations.gov/docket?D=USBC-2016-0003
  2. Click on the “Comment Now” button in the upper right hand corner.
  3. Copy our “Sample comment” below and paste it into the window on the Federal Register webpage.
  4. If you would like to write your own comments, don’t forget to add to the start of your message: Docket ID USBC-2016-0003-0001 “Commission on Evidence-Based Policymaking Comments”
  5. Enter your name and check the box if you would like to add your contact information.
  6. Encourage others to submit their comments too!

Sample comment:

Docket ID USBC-2016-0003-0001 “Commission on Evidence-Based Policymaking Comments”

I strongly oppose any proposal that would lead to the creation of a centralized, federal clearinghouse of the personally identifiable information of all students, commonly referred to as a student unit-record system or national database.

The risk that such a federal database would pose to student privacy is immense; including the very real possibility of breach, malicious attack, or the use of this information for purposes not initially intended.  Ever since a federal student unit-record system was banned by the Higher Education Act in 2008, the reasons against creating it have only become more compelling.

In the past few years, much highly personal data held by federal agencies has been hacked, including the release of the records of the Office of Personnel Management involving more than 22 million individuals, not only federal employees and contractors but also their families and friends.

The US Department of Education has been found to have especially weak security standards in its collection and storage of student data, and received a grade of D for its security protections.

In addition, preK-12 student data currently collected by state departments of education that would potentially be shared with the federal government include upwards of 700 highly sensitive personal data elements, including students’ immigrant status, disabilities, disciplinary records, and homelessness data.

I am also very concerned about recent revelations of the widespread surveillance on ordinary citizens by the federal government, and the way in which a national student data system would be used to expand the tracking of students from PreK into high school, college, the workforce and beyond. A federal data clearinghouse of student information could effectively create life-long dossiers on nearly every individual in the nation.

I urge you to strongly oppose the creation of any centralized federal data system holding students’ personally identifiable information and to support the continuation of the  ban in the report you provide to Congress.

Yours,  [name, state, and organization affiliation if any]