education new york online education new york online education new york online
NYS & NATIONAL Education Data Management & Information Policy
Today's Info Policy News
Weekly Archive
Information Policy
FERPA
Protecting your children's privacy: The Facts
Student Lobbyists
STOP Common Core
Parents 4 Privacy
WHO'S WATCHING YOUR CHILDREN?
about
contact us
site map

Tweet This!:

Follow Us: Follow EducationNY on Twitter

Search

FERPA

compiled by education new york online

Scroll down to read entries organized by topic alphabetically OR use the topic links at the right to jump to categories of interest.

Updated Thursday November 27, 2014 07:31 AM

A LETTER TO PARENTS

Opt-Out 2014: Protect Children
Date CapturedTuesday August 12, 2014 06:10 PM
National Opt-Out Campaign Informs Parents How to Protect the Privacy of their Children's School Records
Date CapturedTuesday September 20, 2011 04:53 PM
Parents have rights under the Family Educational Rights Privacy Act (FERPA) to restrict access to their children's personal information.

ACLU

ACLU: Social Networking, your privacy rights explained
Date CapturedThursday March 08, 2012 09:05 AM
The vast majority of young people living in the United States go online daily and use social networking sites like Twitter, Facebook and YouTube. With all this information-sharing, many questions about ownership of personal information and possible discipline for postings arise. This guide will answer some of those questions so that you can better understand the rights you have when using social networking both in and out of school.
Digital Due Process
Date CapturedWednesday March 31, 2010 04:23 PM
[A powerful collection of organizations has formed a new coalition to push for an update to the Electronic Communications Privacy Act (ECPA). Members of the coalition include Google, Microsoft, AT&T, AOL, Intel, the ACLU and the Electronic Frontier Foundation. The guidance from the coalition would enshrine principles for “digital due process,” online privacy and data protection in the age of cloud computing within an updated ECPA.]

Authentication

Happy Birthday, Internet
Date CapturedFriday October 30, 2009 08:22 PM
NPR interview -- authentication and privacy concerns mentioned. October 30, 2009 [On Oct. 29, 1969, around 10:30 P.M., a message from one computer was sent over a modified phone line to another computer hundreds of miles away. Some say the Internet was born that day. UCLA computer scientist Leonard Kleinrock, who was there, gives his account.] IMPORTANT EXCERPT: [Dr. KLEINROCK: Yes. In fact, in those early days, the culture of the Internet was one of trust, openness, shared ideas. You know, I knew everybody on the Internet in those days and I trusted them all. And everybody behaved well, so we had a very easy, open access. We did not introduce any limitations nor did we introduce what we should have, which was the ability to do strong user authentication and strong file authentication. So I know that if you are communicating with me, it's you, Ira Flatow, and not someone else. And if you send me a file, I receive the file you intended me to receive. We should've installed that in the architecture in the early days. And the first thing we should've done with it is turn it off, because we needed this open, trusted, available, shared environment, which was the culture, the ethics of the early Internet. And then when we approach the late 1980s and the early 1990s and spam, and viruses, and pornography and eventually the identity theft and the fraud, and the botnets and the denial of service we see today, as that began to emerge, we should then slowly have turned on that authentication process, which is part of what your other caller referred to is this IPV6 is an attempt to bring on and patch on some of this authentication capability. But it's very hard now that it's not built deep into the architecture of the Internet.]

Big Data

"Big Data and the Future of Privacy"
Date CapturedMonday April 07, 2014 11:09 AM
EPIC comments to the White House on topic.

Blogs

MISSOURI EDUCATION WATCHDOG
Date CapturedThursday February 02, 2012 11:25 AM

BMI: Body Mass Index

Applications for New Awards; Carol M. White Physical Education Program
Date CapturedWednesday March 21, 2012 04:55 PM
Federal Register/Vol. 76, No. 60/Tuesday, March 29, 2011/Notices

Breaches

One in four data breaches involves schools
Date CapturedThursday March 12, 2009 03:02 PM
Wednesday, May 14, 2008 --Meris Stansbury, Assistant Editor, eSchool News writes - [One in four data breaches involves schools 'You're losing the cyber security battle,' experts warn during a higher-education computer-security conference near Washington, D.C.]

Campus Life

Balancing Student Privacy and School Safety: A Guide to the Family Educational Rights and Privacy Act for Elementary and Secondary Schools
Date CapturedMonday July 25, 2011 01:51 PM
Many school districts employ security staff to monitor safety and security in and around schools. Some schools employ off-duty police officers as school security officers, while others designate a particular school official to be responsible for referring potential or alleged violations of law to local police authorities. Under FERPA, investigative reports and other records created and maintained by these "law enforcement units" are not considered "education records" subject to FERPA. Accordingly, schools may disclose information from law enforcement unit records to anyone, including outside law enforcement authorities, without parental consent. See 34 CFR § 99.8. While a school has flexibility in deciding how to carry out safety functions, it must also indicate to parents in its school policy or information provided to parents which office or school official serves as the school's "law enforcement unit." (The school's notification to parents of their rights under FERPA can include this designation. As an example, the U.S. Department of Education has posted a model notification on the Web at: http://www.ed.gov /policy/gen/guid/fpco/ferpa/lea-officials.html.) Law enforcement unit officials who are employed by the school should be designated in its FERPA notification as "school officials" with a "legitimate educational interest." As such, they may be given access to personally identifiable information from students' education records. The school's law enforcement unit officials must protect the privacy of education records it receives and may disclose them only in compliance with FERPA. For that reason, it is advisable that law enforcement unit records be maintained separately from education records.
Addressing Emergencies on Campus June 2011
Date CapturedTuesday June 28, 2011 06:32 PM
United States Department of Education (USED) : Summary of two applicable Federal education laws administered by the Department of Education (Department): the Family Educational Rights and Privacy Act (FERPA) and the Higher Education Act of 1965 (HEA), as amended. This Federal component is only one piece of what is necessary to consider in ensuring the safety of our Nation’s students, faculty, and school staff. A comprehensive and effective campus policy must incorporate all Federal and State policies regarding health and safety emergencies, education, student privacy, civil rights, and law enforcement, as well as specific local community needs.

CDT

Refocusing the FTC’s Role in Privacy Protection
Date CapturedMonday December 14, 2009 05:31 PM
Comments of the Center for Democracy & Technology (CDT) in regards to the FTC Consumer Privacy Roundtable.

Child identity theft

A Better Start: Clearing Up Credit Records for California Foster Children
Date CapturedTuesday September 13, 2011 01:16 PM
This report summarizes the result of the project team’s work on behalf of over 2,110 foster children in Los Angeles County, and it also recommends new procedures for use in helping this vulnerable population statewide. Key Findings of the Pilot Project • The project team successfully cleared all negative items from the credit reports of 104 foster children. • These 104 children (5% of the pilot project sample) had 247 separate accounts reported in their names, as the result of errors or identity theft. • The average account balance was $1,811, with the largest being a home loan of over $200,000. • The accounts found were two to three years old, opened when the child was 14 years old on average. • 12% of the children had records loosely linked to them by Social Security number only, which while not affecting their credit ratings could nevertheless pose problems for them in the future.

Civil Liberties

Coalition pushes ECPA update for online privacy in cloud computing age
Date CapturedWednesday March 31, 2010 04:46 PM
[A powerful collection of organizations has formed a new coalition to push for an update to the Electronic Communications Privacy Act (ECPA). Members of the coalition include Google, Microsoft, AT&T, AOL, Intel, the ACLU and the Electronic Frontier Foundation. The guidance from the coalition would enshrine principles for “digital due process,” online privacy and data protection in the age of cloud computing within an updated ECPA.]
Digital Due Process
Date CapturedWednesday March 31, 2010 04:23 PM
[A powerful collection of organizations has formed a new coalition to push for an update to the Electronic Communications Privacy Act (ECPA). Members of the coalition include Google, Microsoft, AT&T, AOL, Intel, the ACLU and the Electronic Frontier Foundation. The guidance from the coalition would enshrine principles for “digital due process,” online privacy and data protection in the age of cloud computing within an updated ECPA.]

Civil Rights

Revealing New Truths About Our Nation's Schools
Date CapturedTuesday March 06, 2012 05:54 PM
CRDC makes public long-hidden data about which students are suspended, expelled, and arrested in school.

Clery

Addressing Emergencies on Campus June 2011
Date CapturedTuesday June 28, 2011 06:32 PM
United States Department of Education (USED) : Summary of two applicable Federal education laws administered by the Department of Education (Department): the Family Educational Rights and Privacy Act (FERPA) and the Higher Education Act of 1965 (HEA), as amended. This Federal component is only one piece of what is necessary to consider in ensuring the safety of our Nation’s students, faculty, and school staff. A comprehensive and effective campus policy must incorporate all Federal and State policies regarding health and safety emergencies, education, student privacy, civil rights, and law enforcement, as well as specific local community needs.
The Handbook for Campus Safety and Security Reporting
Date CapturedFriday March 11, 2011 07:35 PM
FERPA does not preclude an institution’s compliance with the timely warning provision of the campus security regulations. FERPA recognizes that information can, in case of an emergency, be released without consent when needed to protect the health and safety of others. In addition, if institutions utilize information from the records of a campus law enforcement unit to issue a timely warning, FERPA is not implicated as those records are not protected by FERPA. U.S. Department of Education, Office of Postsecondary Education, The Handbook for Campus Safety and Security Reporting, Washington, D.C., 2011.

Cloud Computing

IN THE CLOUD
Date CapturedWednesday February 06, 2013 02:14 PM
News & policy about the CLOUD. Check paper archives. Updated regularly.
SPOTLIGHT ON CLOUD COMPUTING: IF IN THE CLOUD, GET IT ON PAPER: CLOUD COMPUTING CONTRACT ISSUES
Date CapturedFriday February 01, 2013 11:30 PM
SPOTLIGHT ON CLOUD COMPUTING: IF IT'S IN THE CLOUD, GET IT EDUCAUSE WEBINAR ON CLOUD COMPUTING CONTRACT ISSUES Friday, December 10, 2010 Author(s) Thomas Trappler (UCLA) Source(s) EDUCAUSE Live! Webinars, Webinars
FERPA and the Cloud: Why FERPA Desperately Needs Reform
Date CapturedTuesday December 11, 2012 06:51 AM
SOLOVE: Parents should lobby Congress and their state legislatures to pass laws providing better protections of their children’s data. This is an issue that should be of great concern to parents since educational institutions possess a staggering amount of personal data about students, and this data can currently be outsourced to nearly any company anywhere – even to a cloud computing provider in the most totalitarian country in the world!
Frequently Asked Questions—Cloud Computing
Date CapturedMonday September 24, 2012 10:25 AM
FERPA does not prohibit the use of cloud computing solutions for the purpose of hosting education records; rather, FERPA requires States to use reasonable methods to ensure the security of their information technology (IT) solutions.
Guidelines on Security and Privacy in Public Cloud Computing
Date CapturedFriday February 04, 2011 03:36 PM
Cloud computing can and does mean different things to different people. The common characteristics most share are on-demand scalability of highly available and reliable pooled computing resources, secure access to metered services from nearly anywhere, and dislocation of data from inside to outside the organization. While aspects of these characteristics have been realized to a certain extent, cloud computing remains a work in progress. This publication provides an overview of the security and privacy challenges pertinent to public cloud computing and points out considerations organizations should take when outsourcing data, applications, and infrastructure to a public cloud environment. Draft Special Publication 800-144
REPORT: FUTURE OF THE INTERNET, CLOUD COMPUTING - The future of cloud computing
Date CapturedTuesday June 15, 2010 10:50 PM
[The future of cloud computing Technology experts and stakeholders say they expect they will ‘live mostly in the cloud’ in 2020 and not on the desktop, working mostly through cyberspace-based applications accessed through networked devices. This will substantially advance mobile connectivity through smartphones and other internet appliances. Many say there will be a cloud-desktop hybrid. Still, cloud computing has many difficult hurdles to overcome, including concerns tied to the availability of broadband spectrum, the ability of diverse systems to work together, security, privacy, and quality of service. ] Janna Quitney Anderson, Elon University; Lee Rainie, Pew Research Center’s Internet & American Life Project
Coalition pushes ECPA update for online privacy in cloud computing age
Date CapturedWednesday March 31, 2010 04:46 PM
[A powerful collection of organizations has formed a new coalition to push for an update to the Electronic Communications Privacy Act (ECPA). Members of the coalition include Google, Microsoft, AT&T, AOL, Intel, the ACLU and the Electronic Frontier Foundation. The guidance from the coalition would enshrine principles for “digital due process,” online privacy and data protection in the age of cloud computing within an updated ECPA.]
Sunguard
Date CapturedSaturday November 21, 2009 01:02 PM
[Student Information Management -- eSchoolPLUS is a student management system that helps educators and parents by providing them direct, real-time access to the most relevant student information available. Teachers and administrators can easily manage day-to-day student information and data such as demographics, scheduling, attendance, discipline, standardized tests, report cards and transcripts. With eSchoolPLUS, parents gain the ability to be more informed as to their child’s grades, attendance, assignments and discipline information. Superintendents, principals and other district administrators and school board members can track daily school status, student performance and progress.]

Common Core

Race to the Top Reform Flow Chart
Date CapturedSaturday September 29, 2012 10:04 AM
CED Family Elements
Date CapturedWednesday May 02, 2012 08:28 PM
Family income & source
CEDS Elements Screen Shot
Date CapturedWednesday May 02, 2012 08:19 PM
Weeks of gestation, birthweight
SLC, Common Core, LRMI NYSED
Date CapturedSunday April 29, 2012 05:45 PM
Common Core & metatags

Cómo proteger la información personal de su hijo en la escuela

FTC Alerta para Consumidores: Cómo proteger la información personal de su hijo en la escuela
Date CapturedSunday September 11, 2011 07:37 PM
Pregunte en la escuela de su hijo cuál es la política aplicable al directorio de información de los estudiantes. En el directorio de información de los estudiantes se pueden listar el nombre, domicilio, fecha de nacimiento, número de teléfono, domicilio de email y foto de su hijo. La ley FERPA establece que las escuelas deben notificar a los padres y tutores sus respectivas políticas aplicables al directorio de información de los estudiantes, y darle el derecho de optar por que no se suministre esa información a terceros. Es mejor que presente su solicitud por escrito y que guarde una copia para sus archivos. Si usted no ejerce su derecho de optar por que no se comparta la información de su hijo, los datos listados en el directorio de la escuela pueden estar a disposición no sólo de los compañeros de clase y personal de la escuela de su hijo, sino también del público en general.

Confidentiality

Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)
Date CapturedMonday May 03, 2010 11:04 AM
Recommendations of the National Institute of Standards and Technology - [The escalation of security breaches involving personally identifiable information (PII) has contributed to the loss of millions of records over the past few years. Breaches involving PII are hazardous to both individuals and organizations. Individual harms may include identity theft, embarrassment, or blackmail. Organizational harms may include a loss of public trust, legal liability, or remediation costs. To appropriately protect the confidentiality of PII, organizations should use a risk-based approach; as McGeorge Bundy once stated, "If we guard our toothbrushes and diamonds with equal zeal, we will lose fewer toothbrushes and more diamonds." This document provides guidelines for a risk-based approach to protecting the confidentiality of PII. The recommendations in this document are intended primarily for U.S. Federal government agencies and those who conduct business on behalf of the agencies, but other organizations may find portions of the publication useful. Each organization may be subject to a different combination of laws, regulations, and other mandates related to protecting PII, so an organization‘s legal counsel and privacy officer should be consulted to determine the current obligations for PII protection. For example, the Office of Management and Budget (OMB) has issued several memoranda with requirements for how Federal agencies must handle and protect PII. To effectively protect PII, organizations should implement the following recommendations.]

Consumer Privacy

Directory Information Part 1 (WAV file, no text -- it's audio)
Date CapturedSunday December 26, 2010 05:36 PM
EDNY comments on Data Quality Campaign webcast with US ED response. See Part 2 for continuation of conversation.
Directory Information Part 2 (This file is an audio 'wav' file)
Date CapturedSunday December 26, 2010 05:23 PM
Part 2 of EDNY comments on Data Quality Campaign webcast with US ED response.
COMMERCIAL DATA PRIVACY AND INNOVATION IN THE INTERNET ECONOMY: A DYNAMIC POLICY FRAMEWORK
Date CapturedThursday December 16, 2010 01:16 PM
US DEPT OF COMMERCE REPORT says the principles "should promote increased transparency through simple notices, clearly articulated purposes for data collection, commitments to limit data uses to fulfill these purposes, and expanded use of robust audit systems to bolster accountability." NO RECOMMENDATIONS REGARDING EDUCATION AND FERPA DIRECTORY INFORMATION.
Letter to: Chairman Boucher and Ranking Member Stearns
Date CapturedMonday June 07, 2010 06:26 PM
Mike Sachoff -- [In response to a discussion draft of a new privacy bill now under consideration by the House Subcommittee on Communications, Technology and the Internet, ten privacy and consumer groups today called for stronger measures to protect consumer privacy both online and off. The organizations including the Consumer Federation of America, Electronic Frontier Foundation, Consumer Watchdog, World Privacy Forum, Consumer Action, USPIRG, Privacy Rights Clearinghouse, Privacy Times, Privacy Lives, and the Center for Digital Democracy, raised their concerns in a letter to Subcommittee Chairman Rick Boucher and Ranking Member Cliff Stearns. The groups recommended the following: *The bill should incorporate the Fair Information Practice Principles that have long served as the bedrock of consumer privacy protection in the U.S., including the principle of not collecting more data than is necessary for the stated purposes, limits on how long data should be retained, and a right to access and correct one's data. *The bill's definitions of what constitutes "sensitive information" need to be expanded; for instance, to include health-related information beyond just "medical records." *The bill should require strict "opt-in" procedures for the collection and use of covered data and should prohibit the collection and use of any sensitive information except for the transactions for which consumers provided it.]
FACEBOOK - Complaint, Request for Investigation, Injunction, and Other Relief
Date CapturedMonday May 10, 2010 09:54 AM
[This complaint concerns material changes to privacy settings made by Facebook, the largest social network service in the United States, that adversely impact the users of the service. Facebook now discloses personal information to the public that Facebook users previously restricted. Facebook now discloses personal information to third parties that Facebook users previously did not make available. These changes violate user expectations, diminish user privacy, and contradict Facebook’s own representations. These business practices are Unfair and Deceptive Trade Practices, subject to review by the Federal Trade Commission (the “Commission”) under section 5 of the Federal Trade Commission Act.]
DRAFT - Boucher bill
Date CapturedThursday May 06, 2010 08:34 AM
A BILL : To require notice to and consent of an individual prior to the collection and disclosure of certain personal informa- tion relating to that individual.
Proposed Privacy Legislation Wins Few Fans
Date CapturedThursday May 06, 2010 08:24 AM
WSJ : [ The goal for the legislation is to set a standard for consumer privacy protections and also provide consumers with more transparency and control regarding the collection, use and sharing of their information, said Rep. Rick Boucher (D., Va.). Mr. Boucher released a draft of the bill for discussion on Tuesday along with Rep. Cliff Stearns (R., Fla.). The bill stipulates that as a general rule companies can collect information about consumers unless a person opts out of that data collection — a point of contention among privacy advocates. The regulation also specifies standards for the collection and use of personally identifiable information. Companies must disclose to consumers if they are collecting personally identifiable information and how they are using that data. Consumers must give a company permission to share that personally identifiable information with outside companies. ]
THE FAILURE OF FAIR INFORMATION PRACTICE PRINCIPLES forthcoming in Consumer Protection in the Age of the ‘Information Economy’
Date CapturedSunday January 31, 2010 10:03 PM
Fred H. Cate - [The key is refocusing FIPPS on substantive tools for protecting privacy, and away from notice and consent; leveling the playing field between information processors and data subjects; and created sufficient, but limited, liability so that data processors will have meaningful incentives, rather than bureaucratic regulations, to motivate appropriate behavior, and that individuals will be compensated when processing results in serious harm. This is only a first step. These proposed Consumer Privacy Protection Principles are undoubtedly incomplete and imperfect, but they are an effort to return to a more meaningful dialogue about the legal regulation of privacy and the value of information flows in the face of explosive growth in technological capabilities in an increasingly global society.]
Comments of the World Privacy Forum to FTC, Nov. 6, 2009
Date CapturedThursday December 17, 2009 10:58 PM
Pam Dixon Executive Director, World Privacy Forum -- Re: Privacy Roundtables – Comment, Project No. P095416 - [The World Privacy Forum understands that businesses have a right to exist and to make money, and that advertising and marketing is part of the marketplace. But we also believe that there is not a reasonable balance right now between what data is being collected and used, and what consumers can do to manage that data and their privacy. There are no perfect solutions, but we think that a rights-based framework based on approaches contained in the Fair Credit Reporting Act and on Fair Information Practices will address many of the problems and help create solutions that are equitable for all stakeholders.]
Refocusing the FTC’s Role in Privacy Protection
Date CapturedMonday December 14, 2009 05:31 PM
Comments of the Center for Democracy & Technology (CDT) in regards to the FTC Consumer Privacy Roundtable.
DOD nixes vendor of online monitoring software over privacy concerns
Date CapturedMonday December 07, 2009 08:53 PM
Jaikumar Vijayan writes [In September, EPIC, a Washington-based privacy advocacy group, filed a complaint against EchoMetrix with the Federal Trade Commission. EPIC claimed that EchoMetrix was violating the provisions of the Children's Online Privacy Protection Act (COPPA) by collecting personally identifiable information about children and their browsing habits and online chats. EPIC claimed that EchoMetrix used the information to deliver targeted advertising to children and also sold that information to third-party marketers. In its complaint, EPIC pointed to a separate service offered by EchoMetrix called Pulse, which analyzes data gathered from multiple sources including instant messages, blogs and chat rooms. The information is sold as market research intelligence to marketing companies, the EPIC complaint said.] [
Ad Industry Works on Ads About Ads
Date CapturedTuesday November 24, 2009 03:07 PM
Wall Street Journal Emily Steel writes -- [At issue is the practice of tracking consumers’ Web activities — from the searches they make to the sites they visit and the products they buy — for the purpose of targeting ads. The efforts follow calls from the FTC earlier this year for Web advertisers and Internet companies to do a better job explaining how they track and use information about consumers’ Web activities and creating a simple way consumers can opt out of being tracked.]
Lawmakers probe deeper into privacy
Date CapturedSaturday November 21, 2009 01:16 PM
By Kim Hart - 11/19/09 04:00 PM ET - [Jennifer Barrett, an executive with Acxiom, a marketing company, said the firm could collect 1,500 possible data points about individual consumers, such as age, hobbies, address, occupation and recent purchases. Acxiom typically maintains 20-40 data points on the average person. Acxiom receives that information from public records, surveys consumers fill out voluntarily (such as warranty cards) and information from other companies. In response to questions from Rep. Mike Doyle (D-Penn.), Barrett said consumers can see what data has been stored about them and can change or delete information used for marketing purposes. But consumers cannot find out who else has bought their data from Axciom.]
Federal data breach notification standard must pre-empt state laws
Date CapturedMonday November 16, 2009 08:33 PM
Nextgov Jill R. Aitoro writes -- [The Data Breach Notification Act, introduced in January by Sen. Dianne Feinstein, D-Calif., would authorize the attorney general to bring civil actions against firms that failed to notify people whose personal information had been compromised in a breach and would extend notification requirements to government agencies. The Personal Data Privacy and Security Act, introduced in July by Sen. Patrick Leahy, D-Vt., also would set notification requirements and tighter criminal penalties for identity theft and willful concealment of a breach, and would require businesses to implement preventive security standards to guard against threats to their databases.] [Two states are credited for having breach notification laws with the most teeth, said Peter McLaughlin, senior counsel with Foley & Lardner LLP and a member of the law firm's privacy, security and information management practice. Foley & Lardner released a report on Monday that provides in-depth coverage of all major aspects of U.S. and international security breach laws.]
Refocusing the FTC’s Role in Privacy Protection
Date CapturedTuesday November 10, 2009 03:33 PM
Center for Technology in Government (CDT) Policy Post 15.17, November 10, 2009. [ A Briefing On Public Policy Issues Affecting Civil Liberties Online from The Center For Democracy and Technology Refocusing the FTC’s Role in Privacy Protection 1) CDT Submits Comments in regards to the FTC Consumer Privacy Roundtable 2) The Significance of a Comprehensive Set of Fair Information Practice Principles 3) Examining FIPs at Work: Recent FTC Enforcement Actions Demonstrate a Path Forward 4) CDT Recommendations for Future FTC Action
PUBLIC Law, Chapter 230 LD 1183, item 1, 124th Maine State Legislature
Date CapturedSunday November 08, 2009 10:35 PM
SP0431, LR 597, item 1, Signed on 2009-06-02 00:00:00.0 - First Regular Session - 124th Maine Legislature, page 1 - 2. Marketing purposes. "Marketing purposes," with respect to the use of health-related information or personal information, means the purposes of marketing or advertising products, goods or services to individuals. 3. Person. "Person" includes an individual, firm, partnership, corporation, association, syndicate, organization, society, business trust, attorney-in-fact and every natural or artificial legal entity. 4. Personal information. "Personal information" means individually identifiable information, including: A. An individual's first name, or first initial, and last name; B. A home or other physical address; C. A social security number; D. A driver's license number or state identification card number; and E. Information concerning a minor that is collected in combination with an identifier described in this subsection. 5. Verifiable parental consent. "Verifiable parental consent" means any reasonable effort, taking into consideration available technology, including a request for authorization for future collection, use and disclosure described in the notice, to ensure that a parent of a minor receives notice of the PUBLIC Law, Chapter 230 LD 1183, item 1, 124th Maine State Legislature An Act To Prevent Predatory Marketing Practices against Minors collection of personal information, use and disclosure practices and authorizes the collection, use and disclosure, as applicable, of personal information and the subsequent use of that information before that information is collected from that minor. § 9552. Unlawful collection and use of data from minors
201 CMR 17.00: STANDARDS FOR THE PROTECTION OF PERSONAL INFORMATION OF RESIDENTS OF THE COMMONWEALTH
Date CapturedSaturday November 07, 2009 04:49 PM
(1) Purpose This regulation implements the provisions of M.G.L. c. 93H relative to the standards to be met by persons who own or license personal information about a resident of the Commonwealth of Massachusetts. This regulation establishes minimum standards to be met in connection with the safeguarding of personal information contained in both paper and electronic records. The objectives of this regulation are to insure the security and confidentiality of customer information in a manner fully consistent with industry standards; protect against anticipated threats or hazards to the security or integrity of such information; and protect against unauthorized access to or use of such information that may result in substantial harm or inconvenience to any consumer.
Kids' Privacy
Date CapturedSunday November 01, 2009 09:40 PM
[Thanks to COPPA, sites have to get a parent’s permission if they want to collect or share your kids’ personal information, with only a few exceptions. That goes for information sites ask for up-front, and information your kids choose to post about themselves. Personal information includes your child’s full name, address, email address, or cell phone number. Under COPPA, sites also have to post privacy policies that give details about what kind of information they collect from kids — and what they might do with it (say, to send a weekly newsletter, direct advertising to them, or give the information to other companies). If a site plans to share the child’s information with another company, the privacy policy must say what that company will do with it. Links to the policies should be in places where they’re easy to spot. What Can You Do? Your kids’ personal information and privacy are valuable —to you, to them, and to marketers.] *****NOTE DISPARITY WITH PROTECTION PROVIDED UNDER FERPA.

COPPA

COMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER to THE FEDERAL TRADE COMMISSION
Date CapturedMonday March 07, 2011 06:04 PM
Marc Rotenberg, EPIC testimony to FTC: COPPA currently defines PI as: Personal information means individually identifiable information about an individual collected online, including: (a) A first and last name; (b) A home or other physical address including street name and name of a city or town; (c) An e-mail address or other online contact information, including but not limited to an instant messaging user identifier, or a screen name that reveals an individual's e-mail address; (d) A telephone number; (e) A Social Security number; (f) A persistent identifier, such as a customer number held in a cookie or a processor serial number, where such identifier is associated with individually identifiable information; or a combination of a last name or photograph of the individual with other information such that the combination permits physical or online contacting; or (g) Information concerning the child or the parents of that child that the operator collects online from the child and combines with an identifier described in this definition.
COPPA Rulemaking and Rule Reviews
Date CapturedMonday March 07, 2011 05:46 PM
Includes public testimony and roundtable. March 24, 2010
How Different are Young Adults from Older Adults When it Comes to Information Privacy Attitudes and Policies?
Date CapturedThursday April 15, 2010 06:12 PM
Chris Jay Hoofnagle - University of California, Berkeley - School of Law, Berkeley Center for Law & Technology; Jennifer King -UC Berkeley School of Information; Berkeley Center for Law & Technology; Su Li- University of California, Berkeley- School of Law, Center for the Study of Law and Society; Joseph Turow - University of Pennsylvania - Annenberg School for Communication: [Abstract: Media reports teem with stories of young people posting salacious photos online, writing about alcohol-fueled misdeeds on social networking sites, and publicizing other ill-considered escapades that may haunt them in the future. These anecdotes are interpreted as representing a generation-wide shift in attitude toward information privacy. Many commentators therefore claim that young people “are less concerned with maintaining privacy than older people are.” Surprisingly, though, few empirical investigations have explored the privacy attitudes of young adults. This report is among the first quantitative studies evaluating young adults’ attitudes. It demonstrates that the picture is more nuanced than portrayed in the popular media. ] [Among the findings: _ Eighty-eight percent of people of all ages said they have refused to give out information to a business because they thought it was too personal or unnecessary. Among young adults, 82 percent have refused, compared with 85 percent of those over 65. _ Most people — 86 percent — believe that anyone who posts a photo or video of them on the Internet should get their permission first, even if that photo was taken in public. Among young adults 18 to 24, 84 percent agreed — not far from the 90 percent among those 45 to 54. _ Forty percent of adults ages 18 to 24 believe executives should face jail time if their company uses someone's personal information illegally — the same as the response among those 35 to 44 years old.]
FTC Seeks Comment on Children's Online Privacy Protections; Questions Whether Changes to Technology Warrant Changes to Agency Rule.
Date CapturedTuesday April 06, 2010 02:51 PM
[In a Federal Register notice to be published shortly, the FTC poses its standard regulatory review questions and identifies several areas where public comment would be especially useful. Among other things, the FTC asks: What implications for COPPA enforcement are raised by mobile communications, interactive television, interactive gaming, or other similar interactive media. For input on the use of automated systems – those that filter out any personally identifiable information prior to posting – to review children’s Web submissions. Whether operators have the ability to contact specific individuals using information collected from children online, such as persistent IP addresses, mobile geolocation data, or information collected in connection with behavioral advertising, and whether the Rule’s definition of “personal information” should be expanded accordingly. Whether there are additional technological methods to obtain verifiable parental consent that should be added to the COPPA Rule, and whether any of the methods currently included should be removed. Whether parents are exercising their right under the Rule to review or delete personal information collected from their children, and what challenges operators face in authenticating parents. Whether the Rule’s process for FTC approval of self-regulatory guidelines – known as safe harbor programs – has enhanced compliance, and whether the criteria for FTC approval and oversight of the guidelines should be modified in any way.]
DOD nixes vendor of online monitoring software over privacy concerns
Date CapturedMonday December 07, 2009 08:53 PM
Jaikumar Vijayan writes [In September, EPIC, a Washington-based privacy advocacy group, filed a complaint against EchoMetrix with the Federal Trade Commission. EPIC claimed that EchoMetrix was violating the provisions of the Children's Online Privacy Protection Act (COPPA) by collecting personally identifiable information about children and their browsing habits and online chats. EPIC claimed that EchoMetrix used the information to deliver targeted advertising to children and also sold that information to third-party marketers. In its complaint, EPIC pointed to a separate service offered by EchoMetrix called Pulse, which analyzes data gathered from multiple sources including instant messages, blogs and chat rooms. The information is sold as market research intelligence to marketing companies, the EPIC complaint said.] [
Kids' Privacy
Date CapturedSunday November 01, 2009 09:40 PM
[Thanks to COPPA, sites have to get a parent’s permission if they want to collect or share your kids’ personal information, with only a few exceptions. That goes for information sites ask for up-front, and information your kids choose to post about themselves. Personal information includes your child’s full name, address, email address, or cell phone number. Under COPPA, sites also have to post privacy policies that give details about what kind of information they collect from kids — and what they might do with it (say, to send a weekly newsletter, direct advertising to them, or give the information to other companies). If a site plans to share the child’s information with another company, the privacy policy must say what that company will do with it. Links to the policies should be in places where they’re easy to spot. What Can You Do? Your kids’ personal information and privacy are valuable —to you, to them, and to marketers.] *****NOTE DISPARITY WITH PROTECTION PROVIDED UNDER FERPA.

Current law & proposed legislation

NY Assembly bill A.8474 same as NY Senate bill S.2357B
Date CapturedMonday January 23, 2012 12:38 PM
Requires active parental consent to release personal and sensitive information (categorized as directory information under FERPA) about students. This bill passed the NY Senate 62-0 in the 2011 session. It has been sponsored & reintroduced in the Assembly by Assemblywoman Linda Rosenthal & in the Senate by Sen. Suzi Oppenheimer for the 2012 legislative session.
APPENDIX A: FERPA Guidance for Reasonable Methods and Written Agreements
Date CapturedThursday January 05, 2012 05:57 PM
FERPA represents the floor for protecting [student] privacy, not the ceiling. PAGE A-5 Federal Register/Vol. 76, No. 232/Friday, December 2, 2011/Rules and Regulations.
DEPARTMENT OF EDUCATION 34 CFR Part 99 in the Federal Register (76 FR 19726)
Date CapturedMonday December 05, 2011 11:20 AM
SUMMARY: The Secretary of Education (Secretary) amends the regulations implementing section 444 of the General Education Provisions Act (GEPA), which is commonly referred to as the Family Educational Rights and Privacy Act (FERPA). These amendments are needed to ensure that the U.S. Department of Education (Department or we) continues to implement FERPA in a way that protects the privacy of education records while allowing for the effective use of data. Improved access to data will facilitate States’ ability to evaluate education programs, to ensure limited resources are invested effectively, to build upon what works and discard what does not, to increase accountability and transparency, and to contribute to a culture of innovation and continuous improvement in education.

Cyber Bullying

CYBERBULLYING: A Report on Bullying in a Digital Age
Date CapturedTuesday December 27, 2011 02:28 PM
NY Senate Independent Democratic Conference Sept. 2011 report.

Data Broker

Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers
Date CapturedMonday March 26, 2012 11:16 AM
The final report calls on companies handling consumer data to implement recommendations for protecting privacy, including: Privacy by Design - companies should build in consumers' privacy protections at every stage in developing their products. These include reasonable security for consumer data, limited collection and retention of such data, and reasonable procedures to promote data accuracy; Simplified Choice for Businesses and Consumers - companies should give consumers the option to decide what information is shared about them, and with whom. This should include a Do-Not-Track mechanism that would provide a simple, easy way for consumers to control the tracking of their online activities. Greater Transparency - companies should disclose details about their collection and use of consumers' information, and provide consumers access to the data collected about them. *****Data Brokers - The Commission calls on data brokers to make their operations more transparent by creating a centralized website to identify themselves, and to disclose how they collect and use consumer data. In addition, the website should detail the choices that data brokers provide consumers about their own information.
CA: State colleges, alumni groups reap $6.6M in credit card royalties
Date CapturedFriday September 02, 2011 08:29 PM
Erica Perez; Under the agreements, banks typically get exclusive rights to market credit cards to university students and alumni, and they pay royalties to the universities or related organizations based on the number of new credit card accounts opened.] Excerpt from source linked to entry: [university must give the bank mailing lists for alumni, faculty, staff, fans, ticket holders, donors, undergraduates and graduate students. The lists include postal addresses, telephone numbers and e-mail addresses.]
American Student List (ASL)
Date CapturedMonday March 07, 2011 05:39 PM
Student data for sale ONLINE. College Bound High School Students - Over 3 million high school juniors and seniors who have indicated an interest in higher education. Selectable by class year, age, head of household, income, geography and more; Teenage Lifestyle Interests - 5 million individuals ages 14-19. Selectable by self-reported interests in specific areas including sports, scholastic activities, careers, computers and more; College Students - Approximately 5 million students attending numerous colleges and universities. Home and/or school addresses and phone numbers are available. Selectable by class year, field of study, college attended, tuition level, competitive rank and more; College Grads And Alumni - Approximately 17 million College Grads/Alumni. Selectable by school last attended, household income, home ownership and more; Families With Children - 20 million households with the presence of children, tweens and teens (newborn through age 19). Selectable by head of household, income, gender, ethnicity, geography and more. Ethnic Lists - Over 3 million Ethnic Teens, 4.5 million Ethnic Families and 15 million Ethnic Young Adults. Numerous backgrounds are available including Hispanic/Latino, Asian-American, Native-American, African-American and more. Also available — Foreign-Speaking Teens — first- or second-generation teens who speak the language of their ethnic group.
Directory Information Part 1 (WAV file, no text -- it's audio)
Date CapturedSunday December 26, 2010 05:36 PM
EDNY comments on Data Quality Campaign webcast with US ED response. See Part 2 for continuation of conversation.
Directory Information Part 2 (This file is an audio 'wav' file)
Date CapturedSunday December 26, 2010 05:23 PM
Part 2 of EDNY comments on Data Quality Campaign webcast with US ED response.
Schools Selling Students' Personal Information
Date CapturedWednesday October 06, 2010 03:17 PM
Link to stories about schools selling student information
Comments of the World Privacy Forum to FTC, Nov. 6, 2009
Date CapturedThursday December 17, 2009 10:58 PM
Pam Dixon Executive Director, World Privacy Forum -- Re: Privacy Roundtables – Comment, Project No. P095416 - [The World Privacy Forum understands that businesses have a right to exist and to make money, and that advertising and marketing is part of the marketplace. But we also believe that there is not a reasonable balance right now between what data is being collected and used, and what consumers can do to manage that data and their privacy. There are no perfect solutions, but we think that a rights-based framework based on approaches contained in the Fair Credit Reporting Act and on Fair Information Practices will address many of the problems and help create solutions that are equitable for all stakeholders.]
DOD nixes vendor of online monitoring software over privacy concerns
Date CapturedMonday December 07, 2009 08:53 PM
Jaikumar Vijayan writes [In September, EPIC, a Washington-based privacy advocacy group, filed a complaint against EchoMetrix with the Federal Trade Commission. EPIC claimed that EchoMetrix was violating the provisions of the Children's Online Privacy Protection Act (COPPA) by collecting personally identifiable information about children and their browsing habits and online chats. EPIC claimed that EchoMetrix used the information to deliver targeted advertising to children and also sold that information to third-party marketers. In its complaint, EPIC pointed to a separate service offered by EchoMetrix called Pulse, which analyzes data gathered from multiple sources including instant messages, blogs and chat rooms. The information is sold as market research intelligence to marketing companies, the EPIC complaint said.] [
GOOD STUDENT LIST FOR SALE
Date CapturedSaturday November 21, 2009 01:57 PM
See lists for sale.
Lawmakers probe deeper into privacy
Date CapturedSaturday November 21, 2009 01:16 PM
By Kim Hart - 11/19/09 04:00 PM ET - [Jennifer Barrett, an executive with Acxiom, a marketing company, said the firm could collect 1,500 possible data points about individual consumers, such as age, hobbies, address, occupation and recent purchases. Acxiom typically maintains 20-40 data points on the average person. Acxiom receives that information from public records, surveys consumers fill out voluntarily (such as warranty cards) and information from other companies. In response to questions from Rep. Mike Doyle (D-Penn.), Barrett said consumers can see what data has been stored about them and can change or delete information used for marketing purposes. But consumers cannot find out who else has bought their data from Axciom.]
Federal data breach notification standard must pre-empt state laws
Date CapturedMonday November 16, 2009 08:33 PM
Nextgov Jill R. Aitoro writes -- [The Data Breach Notification Act, introduced in January by Sen. Dianne Feinstein, D-Calif., would authorize the attorney general to bring civil actions against firms that failed to notify people whose personal information had been compromised in a breach and would extend notification requirements to government agencies. The Personal Data Privacy and Security Act, introduced in July by Sen. Patrick Leahy, D-Vt., also would set notification requirements and tighter criminal penalties for identity theft and willful concealment of a breach, and would require businesses to implement preventive security standards to guard against threats to their databases.] [Two states are credited for having breach notification laws with the most teeth, said Peter McLaughlin, senior counsel with Foley & Lardner LLP and a member of the law firm's privacy, security and information management practice. Foley & Lardner released a report on Monday that provides in-depth coverage of all major aspects of U.S. and international security breach laws.]
PUBLIC Law, Chapter 230 LD 1183, item 1, 124th Maine State Legislature
Date CapturedSunday November 08, 2009 10:35 PM
SP0431, LR 597, item 1, Signed on 2009-06-02 00:00:00.0 - First Regular Session - 124th Maine Legislature, page 1 - 2. Marketing purposes. "Marketing purposes," with respect to the use of health-related information or personal information, means the purposes of marketing or advertising products, goods or services to individuals. 3. Person. "Person" includes an individual, firm, partnership, corporation, association, syndicate, organization, society, business trust, attorney-in-fact and every natural or artificial legal entity. 4. Personal information. "Personal information" means individually identifiable information, including: A. An individual's first name, or first initial, and last name; B. A home or other physical address; C. A social security number; D. A driver's license number or state identification card number; and E. Information concerning a minor that is collected in combination with an identifier described in this subsection. 5. Verifiable parental consent. "Verifiable parental consent" means any reasonable effort, taking into consideration available technology, including a request for authorization for future collection, use and disclosure described in the notice, to ensure that a parent of a minor receives notice of the PUBLIC Law, Chapter 230 LD 1183, item 1, 124th Maine State Legislature An Act To Prevent Predatory Marketing Practices against Minors collection of personal information, use and disclosure practices and authorizes the collection, use and disclosure, as applicable, of personal information and the subsequent use of that information before that information is collected from that minor. § 9552. Unlawful collection and use of data from minors
201 CMR 17.00: STANDARDS FOR THE PROTECTION OF PERSONAL INFORMATION OF RESIDENTS OF THE COMMONWEALTH
Date CapturedSaturday November 07, 2009 04:49 PM
(1) Purpose This regulation implements the provisions of M.G.L. c. 93H relative to the standards to be met by persons who own or license personal information about a resident of the Commonwealth of Massachusetts. This regulation establishes minimum standards to be met in connection with the safeguarding of personal information contained in both paper and electronic records. The objectives of this regulation are to insure the security and confidentiality of customer information in a manner fully consistent with industry standards; protect against anticipated threats or hazards to the security or integrity of such information; and protect against unauthorized access to or use of such information that may result in substantial harm or inconvenience to any consumer.
‘‘Building Effective Strategies To Promote Responsibility Accountability Choice Transparency Innovation Consumer Expectations and Safeguards Act’’ or the ‘‘BEST PRACTICES Act’’
Date CapturedThursday November 05, 2009 03:19 PM
H. R. 5777 -- To foster transparency about the commercial use of personal information, provide consumers with meaningful choice about the collection, use, and disclosure of such information, and for other purposes. [Requires information brokers to: (1) establish procedures to verify the accuracy of information that identifies individuals; (2) provide to individuals whose personal information it maintains a means to review it; (3) place notice on the Internet instructing individuals how to request access to such information; and (4) correct inaccurate information. Directs the FTC to require information brokers to establish measures which facilitate the auditing or retracing of access to, or transmissions of, electronic data containing personal information. Prohibits information brokers from obtaining or disclosing personal information by false pretenses (pretexting).]
Target-Marketing Becomes More Communal
Date CapturedThursday November 05, 2009 10:45 AM
WSJ Emily Steel writes [["The data is becoming the most important component for marketers and Web sites. It tells them who their audience is," says Omar Tawakol, chief executive at Blue Kai. Some lawmakers, concerned about Internet privacy, are preparing legislation to make more transparent Web sites' tactics for collecting information on their users. In an effort to fend off legislation, data brokers say, they abide by industry standards and do not collect any personally identifiable information and sensitive data, such as health information. They also tout efforts to make their business practices more transparent to consumers.]
‘‘Personal Data Privacy and Security Act of 2009’’ S. 1490
Date CapturedWednesday November 04, 2009 02:19 PM
11TH CONGRESS - 1ST SESSION -- S. 1490: To prevent and mitigate identity theft, to ensure privacy, to provide notice of security breaches, and to enhance criminal penalties, law enforcement assistance, and other protections against security breaches, fraudulent access, and misuse of personally identifiable information.
State says Cambridge Public Schools can't charge $14K for public records
Date CapturedFriday February 13, 2009 03:12 PM
David L. Harris -- GateHouse News Service - [On Nov. 30, 2007, the Chronicle sent a letter requesting directory information, but the request was later denied in a three-page letter from the school’s legal department. After appealing to the state’s supervisor of public records, Alan Cote, the school department sent a letter dated July 11, explaining that the work to compile the directory information would cost $14,426.88. The Chronicle’s sister paper, the Newton TAB, requested the same information from Newton Public Schools around the same time. The school department, which sent the data within three weeks of the request, did not charge the TAB for the information.]
Student Information Not For Sale At UW- Marathon County
Date CapturedWednesday February 11, 2009 07:06 PM
Wsaw.com reporter: Margo Spann -- [Private companies looking to sell or market products to college students are buying information about them directly from their schools. The Assistant Director of Student Services at UW Marathon County Annette Hackbarth-Onson says federal law allows colleges to sell information about their students. She says companies are often looking to buy students names, birth-dates, and email addresses.]

Data Mining

CA: State colleges, alumni groups reap $6.6M in credit card royalties
Date CapturedFriday September 02, 2011 08:29 PM
Erica Perez; Under the agreements, banks typically get exclusive rights to market credit cards to university students and alumni, and they pay royalties to the universities or related organizations based on the number of new credit card accounts opened.] Excerpt from source linked to entry: [university must give the bank mailing lists for alumni, faculty, staff, fans, ticket holders, donors, undergraduates and graduate students. The lists include postal addresses, telephone numbers and e-mail addresses.]
Education New York comments re Student Privacy submitted to FERPA NPRM - May 23, 2011
Date CapturedMonday May 23, 2011 09:22 PM
Document ID: ED-2011-OM-0002-0001: Family Educational Rights and Privacy. The proposed changes to FERPA do not adequately address the capacity of marketers and other commercial enterprises to capture, use, and re-sell student information. Even with privacy controls in place, it is also far too easy for individuals to get a hold of student information and use it for illegal purposes, including identity theft, child abduction in custody battles, and domestic violence. Few parents are aware, for example, that anyone can request -- and receive -- a student directory from a school. Data and information breaches occur every day in Pre-K-20 schools across the country, so that protecting student privacy has become a matter of plugging holes in a dyke rather than advancing a comprehensive policy that makes student privacy protection the priority.
Guidelines on Security and Privacy in Public Cloud Computing
Date CapturedFriday February 04, 2011 03:36 PM
Cloud computing can and does mean different things to different people. The common characteristics most share are on-demand scalability of highly available and reliable pooled computing resources, secure access to metered services from nearly anywhere, and dislocation of data from inside to outside the organization. While aspects of these characteristics have been realized to a certain extent, cloud computing remains a work in progress. This publication provides an overview of the security and privacy challenges pertinent to public cloud computing and points out considerations organizations should take when outsourcing data, applications, and infrastructure to a public cloud environment. Draft Special Publication 800-144
Directory Information Part 1 (WAV file, no text -- it's audio)
Date CapturedSunday December 26, 2010 05:36 PM
EDNY comments on Data Quality Campaign webcast with US ED response. See Part 2 for continuation of conversation.
Directory Information Part 2 (This file is an audio 'wav' file)
Date CapturedSunday December 26, 2010 05:23 PM
Part 2 of EDNY comments on Data Quality Campaign webcast with US ED response.
Many States Collect Graduates’ Employment Information, but Clearer Guidance on Student Privacy Requirements Is Needed
Date CapturedMonday December 13, 2010 09:17 AM
GAO-10-927 - GAO recommends that Education clarify means by which states can collect and share graduates’ employment information under the Family Educational Rights and Privacy Act (FERPA) and establish a time frame for doing so. Education agreed with the recommendation.
DOD nixes vendor of online monitoring software over privacy concerns
Date CapturedMonday December 07, 2009 08:53 PM
Jaikumar Vijayan writes [In September, EPIC, a Washington-based privacy advocacy group, filed a complaint against EchoMetrix with the Federal Trade Commission. EPIC claimed that EchoMetrix was violating the provisions of the Children's Online Privacy Protection Act (COPPA) by collecting personally identifiable information about children and their browsing habits and online chats. EPIC claimed that EchoMetrix used the information to deliver targeted advertising to children and also sold that information to third-party marketers. In its complaint, EPIC pointed to a separate service offered by EchoMetrix called Pulse, which analyzes data gathered from multiple sources including instant messages, blogs and chat rooms. The information is sold as market research intelligence to marketing companies, the EPIC complaint said.] [
GOOD STUDENT LIST FOR SALE
Date CapturedSaturday November 21, 2009 01:57 PM
See lists for sale.
‘‘Building Effective Strategies To Promote Responsibility Accountability Choice Transparency Innovation Consumer Expectations and Safeguards Act’’ or the ‘‘BEST PRACTICES Act’’
Date CapturedThursday November 05, 2009 03:19 PM
H. R. 5777 -- To foster transparency about the commercial use of personal information, provide consumers with meaningful choice about the collection, use, and disclosure of such information, and for other purposes. [Requires information brokers to: (1) establish procedures to verify the accuracy of information that identifies individuals; (2) provide to individuals whose personal information it maintains a means to review it; (3) place notice on the Internet instructing individuals how to request access to such information; and (4) correct inaccurate information. Directs the FTC to require information brokers to establish measures which facilitate the auditing or retracing of access to, or transmissions of, electronic data containing personal information. Prohibits information brokers from obtaining or disclosing personal information by false pretenses (pretexting).]

Data Stewardship

NYS Sen. Oppenheimer and Sen. Montgomery on S.2357
Date CapturedTuesday June 21, 2011 04:25 PM
Sen. Oppenheimer and Sen. Montgomery on S.2357 @ 36:30 minutes. Senators demonstrate responsible data stewardship. S.2357 excerpt: [(C) UNLESS OTHERWISE ALLOWED BY LAW, A SCHOOL MAY NOT, EVEN WITH THE AFFIRMATIVE CONSENT OF THE PARENT OF THE STUDENT IN ATTENDANCE OR THE ELIGIBLE STUDENT IN ATTENDANCE, DISCLOSE PERSONALLY IDENTIFIABLE STUDENT INFORMATION FOR A COMMERCIAL, FOR-PROFIT ACTIVITY INCLUDING BUT NOT LIMITED TO USE FOR: (I) MARKETING PRODUCTS OR SERVICES; (II) SELLING PERSONALLY IDENTIFIABLE STUDENT INFORMATION FOR USE IN MARKETING PRODUCTS OR SERVICES; (III) CREATING OR CORRECTING AN INDIVIDUAL OR HOUSEHOLD PROFILE; (IV) COMPILATION OF A STUDENT LIST; (V) SALE OF THE INFORMATION FOR ANY COMMERCIAL PURPOSE; OR (VI) ANY OTHER PURPOSE CONSIDERED BY THE SCHOOL AS LIKELY TO BE A COMMERCIAL, FOR-PROFIT ACTIVITY. (D) IN MAKING AN ALLOWABLE DISCLOSURE UNDER THIS SUBDIVISION, A SCHOOL MAY ONLY DISCLOSE THE MINIMUM AMOUNT OF INFORMATION NECESSARY TO ACCOM PLISH THE PURPOSE OF THE DISCLOSURE.]
Education New York comments re Student Privacy submitted to FERPA NPRM - May 23, 2011
Date CapturedMonday May 23, 2011 09:22 PM
Document ID: ED-2011-OM-0002-0001: Family Educational Rights and Privacy. The proposed changes to FERPA do not adequately address the capacity of marketers and other commercial enterprises to capture, use, and re-sell student information. Even with privacy controls in place, it is also far too easy for individuals to get a hold of student information and use it for illegal purposes, including identity theft, child abduction in custody battles, and domestic violence. Few parents are aware, for example, that anyone can request -- and receive -- a student directory from a school. Data and information breaches occur every day in Pre-K-20 schools across the country, so that protecting student privacy has become a matter of plugging holes in a dyke rather than advancing a comprehensive policy that makes student privacy protection the priority.
Basic Concepts and Definitions for Privacy and Confidentiality in Student Education Records
Date CapturedThursday March 03, 2011 01:21 PM
NCES 2011-601 This first brief discusses basic concepts and definitions that establish a common set of terms related to the protection of personally identifiable information, especially in education records.
NCES 2011-602 Data Stewardship: Managing Personally Identifiable Information in Electronic Student Education Records
Date CapturedTuesday January 04, 2011 09:55 PM
SLDS Technical Brief - Guidance for Statewide Longitudinal Data Systems (SLDS) [A privacy and data protection program for student education records must include an array of rules and procedures for protecting PII held in the record system. It also must include a full set of public disclosures of the existence and uses of the information included in the data system, a description of all parents’ or eligible students’ rights to review and appeal the contents of an individual education record and of their rights and the procedures to appeal a violation. ]*****[A school directory may include PII such as a student’s name, grade level, and contact information. Taken by itself, the release of this information is not harmful to a student. However, when combined with the student’s Social Security Number or another identifier and the student’s education record, this information has the potential for violating a student’s right to privacy. The release of this combined record could lead to harm or embarrassment. Thus, the privacy and data protection program should focus on PII that will be maintained in the electronic student record system with its likely wealth of student data.2}

Data-driven Education

Directory Information Part 2 (This file is an audio 'wav' file)
Date CapturedSunday December 26, 2010 05:23 PM
Part 2 of EDNY comments on Data Quality Campaign webcast with US ED response.

Deidentification

Best Practices for Access Controls and Disclosure Avoidance Techniques
Date CapturedThursday November 27, 2014 07:31 AM
Webinar Nov 7, 2012
Case Study #5: Minimizing Access to PII: Best Practices for Access Controls and Disclosure Avoidance Techniques (Oct 2012)
Date CapturedThursday November 27, 2014 07:14 AM
is case study illustrates best practices for minimizing access to sensitive information with education data maintained in a Statewide Longitudinal Data System.
Data De-identification: An Overview of Basic Terms
Date CapturedWednesday January 16, 2013 01:35 PM
PTAC-GL, Oct 2012: In addition to defining and clarifying the distinction among several key terms, the paper provides general best practice suggestions regarding data de-identification strategies for different types of data. The information is presented in the form of an alphabetized list of definitions, followed at the end by additional resources on FERPA requirements and statistical techniques that can be used to protect student data against disclosures

Directory Information

Opt-Out 2014: Protect Children video
Date CapturedTuesday August 12, 2014 06:39 PM
Opt-Out 2014: Protect Children
Date CapturedTuesday August 12, 2014 06:10 PM
Testimony of Pam Dixon Executive Director, World Privacy Forum Before the Senate Committee on Commerce, Science, and Transportation What Information Do Data Brokers Have on Consumers, and How Do They Use It?
Date CapturedSaturday December 21, 2013 09:13 AM
The data broker industry has not shown restraint. Nothing is out of bounds. No list is too obnoxious to sell. Data brokers sell lists that allow for the use of racial, ethnic and other factors that would be illegal or unacceptable in other circumstances. These lists and scores are used everyday to make decisions about how consumers can participate in the economic marketplace. Their information determines who gets in and who gets shut out. All of this must change. I urge you to take action.
Model State Law: Student Privacy Protection Act
Date CapturedTuesday December 25, 2012 08:36 AM
This Act shall be known and cited as the “Student Privacy Protection Act.” This Act shall be liberally and remedially construed to effectuate its purpose. The purpose of the Act is to protect the privacy of students by establishing standards for the disclosure of directory information about students by schools.

eBehavioral Advertising

Proposed Privacy Legislation Wins Few Fans
Date CapturedThursday May 06, 2010 08:24 AM
WSJ : [ The goal for the legislation is to set a standard for consumer privacy protections and also provide consumers with more transparency and control regarding the collection, use and sharing of their information, said Rep. Rick Boucher (D., Va.). Mr. Boucher released a draft of the bill for discussion on Tuesday along with Rep. Cliff Stearns (R., Fla.). The bill stipulates that as a general rule companies can collect information about consumers unless a person opts out of that data collection — a point of contention among privacy advocates. The regulation also specifies standards for the collection and use of personally identifiable information. Companies must disclose to consumers if they are collecting personally identifiable information and how they are using that data. Consumers must give a company permission to share that personally identifiable information with outside companies. ]
Ad Industry Works on Ads About Ads
Date CapturedTuesday November 24, 2009 03:07 PM
Wall Street Journal Emily Steel writes -- [At issue is the practice of tracking consumers’ Web activities — from the searches they make to the sites they visit and the products they buy — for the purpose of targeting ads. The efforts follow calls from the FTC earlier this year for Web advertisers and Internet companies to do a better job explaining how they track and use information about consumers’ Web activities and creating a simple way consumers can opt out of being tracked.]

Education Reporting Systems

Sunguard
Date CapturedSaturday November 21, 2009 01:02 PM
[Student Information Management -- eSchoolPLUS is a student management system that helps educators and parents by providing them direct, real-time access to the most relevant student information available. Teachers and administrators can easily manage day-to-day student information and data such as demographics, scheduling, attendance, discipline, standardized tests, report cards and transcripts. With eSchoolPLUS, parents gain the ability to be more informed as to their child’s grades, attendance, assignments and discipline information. Superintendents, principals and other district administrators and school board members can track daily school status, student performance and progress.]

Fair Information Practice

Some questions raised over release of student info (North Dakota)
Date CapturedTuesday March 08, 2011 04:54 PM
[North Dakota: High schools across the state would be required to give names, addresses and phone numbers of their students to the State Board of Higher Education under a proposed Senate bill.] [Several committee members expressed concern about the additional information and wanted to make sure parents would be fully aware of what information was being requested before opting out. That view also was shared by Bev Nielson of the North Dakota School Boards Association.]
NCES 2011-602 Data Stewardship: Managing Personally Identifiable Information in Electronic Student Education Records
Date CapturedTuesday January 04, 2011 09:55 PM
SLDS Technical Brief - Guidance for Statewide Longitudinal Data Systems (SLDS) [A privacy and data protection program for student education records must include an array of rules and procedures for protecting PII held in the record system. It also must include a full set of public disclosures of the existence and uses of the information included in the data system, a description of all parents’ or eligible students’ rights to review and appeal the contents of an individual education record and of their rights and the procedures to appeal a violation. ]*****[A school directory may include PII such as a student’s name, grade level, and contact information. Taken by itself, the release of this information is not harmful to a student. However, when combined with the student’s Social Security Number or another identifier and the student’s education record, this information has the potential for violating a student’s right to privacy. The release of this combined record could lead to harm or embarrassment. Thus, the privacy and data protection program should focus on PII that will be maintained in the electronic student record system with its likely wealth of student data.2}
Directory Information Part 1 (WAV file, no text -- it's audio)
Date CapturedSunday December 26, 2010 05:36 PM
EDNY comments on Data Quality Campaign webcast with US ED response. See Part 2 for continuation of conversation.
Directory Information Part 2 (This file is an audio 'wav' file)
Date CapturedSunday December 26, 2010 05:23 PM
Part 2 of EDNY comments on Data Quality Campaign webcast with US ED response.
Schools Selling Students' Personal Information
Date CapturedWednesday October 06, 2010 03:17 PM
Link to stories about schools selling student information
Congress Should Consider Alternatives for Strengthening Protection of Personally Identifiable Information
Date CapturedTuesday September 28, 2010 02:51 PM
GAO-08-795T : In its report GAO identified alternatives that the Congress should consider, including revising the scope of privacy laws to cover all personal information, requiring that the use of such information be limited to a specific purpose, and revising the structure and publication of privacy notices.
Delta College trustees won't add more student information to campus directory
Date CapturedThursday March 18, 2010 01:34 PM
By Andrew Dodson | The Bay City Times - [Currently, information on Delta College students that is readily available, unless they have opted out, includes their name, degree, address, awards, dates attended, program, participation in activities, enrollment, e-mail and weight and height for members of athletic teams. Higgs argued that the college should have more items on file, including a student photo, whether or not that student is full or part time and a phone number. "That's what the courts look to," said Higgs. "Our policy doesn't have those things and it should." Other board members disagreed, saying that more data collecting isn't required and isn't worth the time. They voted against the plan 8-1.]
CDT- Updating the Privacy Act of 1974 -
Date CapturedTuesday March 16, 2010 09:16 PM
[Updating the Privacy Act of 1974 June 5, 2009 government-wide push toward the development of policies and practices to protect the information of citizens and other individuals. While the underlying framework of the law, rooted in the principles of Fair Information Practices (FIPs), is still sound, the thirty-five year-old wording of the Act renders it ill-equipped to meet many of the privacy challenges posed by modern information technology. 1) Updating the Privacy Act of 1974 2) Fair Information Practices are Central 3) The Creation of Federal Privacy Leadership 4) Updating Definitions to Match Changing Data Practices 5) Strengthening Privacy Notices
THE FAILURE OF FAIR INFORMATION PRACTICE PRINCIPLES forthcoming in Consumer Protection in the Age of the ‘Information Economy’
Date CapturedSunday January 31, 2010 10:03 PM
Fred H. Cate - [The key is refocusing FIPPS on substantive tools for protecting privacy, and away from notice and consent; leveling the playing field between information processors and data subjects; and created sufficient, but limited, liability so that data processors will have meaningful incentives, rather than bureaucratic regulations, to motivate appropriate behavior, and that individuals will be compensated when processing results in serious harm. This is only a first step. These proposed Consumer Privacy Protection Principles are undoubtedly incomplete and imperfect, but they are an effort to return to a more meaningful dialogue about the legal regulation of privacy and the value of information flows in the face of explosive growth in technological capabilities in an increasingly global society.]
Summary of LD 1677 Bill Info LD 1677 (SP 649) "An Act To Protect Minors from Pharmaceutical Marketing Practices"
Date CapturedThursday January 07, 2010 06:04 PM
State of Maine Legislature - "An Act To Protect Minors from Pharmaceutical Marketing Practices" -- Sponsored by Senator Elizabeth Schneider. -- IAPP writes -- [The bill applies to online information only and is limited to pharmaceutical marketing. It gives the attorney general the power to adopt rules to determine its scope. Violation of the law would be considered an unfair trade practice.]
Comments of the World Privacy Forum to FTC, Nov. 6, 2009
Date CapturedThursday December 17, 2009 10:58 PM
Pam Dixon Executive Director, World Privacy Forum -- Re: Privacy Roundtables – Comment, Project No. P095416 - [The World Privacy Forum understands that businesses have a right to exist and to make money, and that advertising and marketing is part of the marketplace. But we also believe that there is not a reasonable balance right now between what data is being collected and used, and what consumers can do to manage that data and their privacy. There are no perfect solutions, but we think that a rights-based framework based on approaches contained in the Fair Credit Reporting Act and on Fair Information Practices will address many of the problems and help create solutions that are equitable for all stakeholders.]
Refocusing the FTC’s Role in Privacy Protection
Date CapturedMonday December 14, 2009 05:31 PM
Comments of the Center for Democracy & Technology (CDT) in regards to the FTC Consumer Privacy Roundtable.
Refocusing the FTC’s Role in Privacy Protection
Date CapturedTuesday November 10, 2009 03:33 PM
Center for Technology in Government (CDT) Policy Post 15.17, November 10, 2009. [ A Briefing On Public Policy Issues Affecting Civil Liberties Online from The Center For Democracy and Technology Refocusing the FTC’s Role in Privacy Protection 1) CDT Submits Comments in regards to the FTC Consumer Privacy Roundtable 2) The Significance of a Comprehensive Set of Fair Information Practice Principles 3) Examining FIPs at Work: Recent FTC Enforcement Actions Demonstrate a Path Forward 4) CDT Recommendations for Future FTC Action
Kids' Privacy
Date CapturedSunday November 01, 2009 09:40 PM
[Thanks to COPPA, sites have to get a parent’s permission if they want to collect or share your kids’ personal information, with only a few exceptions. That goes for information sites ask for up-front, and information your kids choose to post about themselves. Personal information includes your child’s full name, address, email address, or cell phone number. Under COPPA, sites also have to post privacy policies that give details about what kind of information they collect from kids — and what they might do with it (say, to send a weekly newsletter, direct advertising to them, or give the information to other companies). If a site plans to share the child’s information with another company, the privacy policy must say what that company will do with it. Links to the policies should be in places where they’re easy to spot. What Can You Do? Your kids’ personal information and privacy are valuable —to you, to them, and to marketers.] *****NOTE DISPARITY WITH PROTECTION PROVIDED UNDER FERPA.
South Dakota Superintendent Thinks Info Policy Will Pass Tonight
Date CapturedFriday October 30, 2009 05:37 PM
[Over the past month some parents have voiced their concerns to the school board over what they consider the selling of their children's contact information. Some say they don't want it to land in the wrong hands. Pam Homan says parents have known about the information policy for some time. "On the blue card as we call it parents have been informed of the FERPA requirement and whether or not they wish to have their child's name included or excluded from information." Revisions have been made to the proposed policy. Allowing parents more control over where the information is given. It will allow four categories that are: school publications, directory information, SD board of regents, and military recruiters.]
FAIR INFORMATION PRACTICE PRINCIPLES
Date CapturedFriday October 30, 2009 11:08 AM
Over the past quarter century, government agencies in the United States, Canada, and Europe have studied the manner in which entities collect and use personal information -- their "information practices" -- and the safeguards required to assure those practices are fair and provide adequate privacy protection. The result has been a series of reports, guidelines, and model codes that represent widely-accepted principles concerning fair information practices. Common to all of these documents [hereinafter referred to as "fair information practice codes"] are five core principles of privacy protection: (1) Notice/Awareness; (2) Choice/Consent; (3) Access/Participation; (4) Integrity/Security; and (5) Enforcement/Redress.
Protection of Pupil Rights Amendment (PPRA)
Date CapturedFriday October 30, 2009 11:00 AM
Protection of Pupil Rights Amendment (PPRA) The Protection of Pupil Rights Amendment (PPRA) (20 U.S.C. § 1232h; 34 CFR Part 98) applies to programs that receive funding from the U.S. Department of Education (ED). PPRA is intended to protect the rights of parents and students .
Education Marketing Group/ECRA LAWSUIT RE: SALE OF STUDENT INFORMATION
Date CapturedFriday October 30, 2009 10:15 AM
Parties Subject to Order ORDERED, ADJUDGED AND DECREED that this Consent Order and Judgment shall extend to Student Marketing Group, Inc. (“SMG”) and Educational Research Center of America, Inc. (“ERCA”), their successors, assignees, officers, agents, representatives, affiliates and employees and any other person under their direction or control, whether acting individually or in concert with others or through any corporate entity or device through which they may now or hereafter act or conduct business (collectively “respondents”).
Commercial Activities in Schools: Use of Student Data is Limited and Additional Dissemination of Guidance Could Help Districts Develop Policies
Date CapturedThursday March 12, 2009 03:16 PM
GAO -- Recommendation: The Secretary of Education should take additional action to assist districts in understanding that they are required to have specific policies in place for the collection, disclosure, and use of student information for marketing and selling purposes by disseminating its guidance to state school boards associations.
Student Information Not For Sale At UW- Marathon County
Date CapturedWednesday February 11, 2009 07:06 PM
Wsaw.com reporter: Margo Spann -- [Private companies looking to sell or market products to college students are buying information about them directly from their schools. The Assistant Director of Student Services at UW Marathon County Annette Hackbarth-Onson says federal law allows colleges to sell information about their students. She says companies are often looking to buy students names, birth-dates, and email addresses.]

FERPA

FERPA Exceptions Summary
Date CapturedMonday April 14, 2014 09:03 AM
EPIC vs US ED reply
Date CapturedFriday February 22, 2013 09:30 AM
‘‘Uninterrupted Scholars Act (USA)
Date CapturedWednesday January 16, 2013 02:01 PM
Amends FERPA: ‘‘(L) an agency caseworker or other representative of a State or local child welfare agency, or tribal organization (as defined in section 4 of the Indian Self-Determination and Education Assistance Act (25 U.S.C. 450b)), who has the right to access a student’s case plan,
EPIC v US Department of Education
Date CapturedThursday March 01, 2012 09:08 AM
EPIC has filed a lawsuit under the Administrative Procedure Act against the Department of Education. EPIC's lawsuit argues that the agency's December 2011 regulations amending the Family Educational Rights and Privacy Act exceed the agency's statutory authority, and are contrary to law. The agency issued the revised regulations despite the fact that “numerous commenters . . . believe the Department lacks the statutory authority to promulgate the proposed regulations."
"What every school official should know about privacy"
Date CapturedThursday March 17, 2011 02:24 PM
Video of Daniel Solove on schools and privacy taped at Cornell University.
FERPA Myth Busters
Date CapturedFriday July 23, 2010 02:58 PM
Organization: Education Counsel -- Draft for WICHE Conference Use -- December 16, 2008
Family Educational Rights and Privacy Act (FERPA) and the Disclosure of Student Information Related to Emergencies and Disasters
Date CapturedThursday June 24, 2010 01:48 PM
The purpose of this guidance is to answer questions that have arisen about the sharing of personally identifiable information from students’ education records to outside parties when responding to emergencies, including natural or man-made disasters. Understanding how, what, and when information can be shared with outside parties is an important part of emergency preparedness.
Education and Workforce Data Connections: A Primer on States’ Status
Date CapturedWednesday April 14, 2010 06:16 PM
Data Quality Campaign - [States are currently working to connect education and workforce data, however, states are far from reaching the goal of having data systems that can link across the P-20/Workforce spectrum. To connect these education and workforce databases, states should engage a broad range of stakeholders to: 1. Prioritize, through broad-based stakeholder input, the critical policy questions to drive the development and use of longitudinal data systems. 2. Ensure data systems are interoperable within and across agencies and states by adopting or developing common data standards, definitions and language. 3. Protect personally identifiable information through governance policies and practices that promote the security of the information while allowing appropriate data access and sharing.]
Clash Over Student Privacy
Date CapturedTuesday March 09, 2010 05:05 PM
This document should not be shared due to copyright. Inside Higher Ed - [WASHINGTON -- The U.S. Education Department has fired the top federal official charged with protecting student privacy, in what the dismissed official says was a conflict with the agency's political leaders over their zeal to encourage the collection of data about students' academic performance. Paul Gammill says he was physically escorted out of the department's offices on a Friday morning last month after he refused to resign as director of the agency's Family Policy Compliance Office. Administration officials said that "[p]rivacy laws require us to keep certain employment matters confidential, so we cannot comment on Mr. Gammill. But Gammill, not so encumbered, maintains that he was dismissed because, on several occasions, he argued in internal meetings and documents that the department's approach to prodding states to expand their longitudinal student data systems violated the Family Educational Rights and Privacy Act, which protects the privacy of students' educational records.]
Federal Register: July 6, 2000 (Volume 65, Number 130)
Date CapturedTuesday March 09, 2010 04:56 PM
DEPARTMENT OF EDUCATION - 34 CFR Part 99 - Family Educational Rights and Privacy- AGENCY: Department of Education. ACTION: Final regulations. SUMMARY: The Secretary amends the regulations implementing the Family Educational Rights and Privacy Act (FERPA). The amendments are needed to implement sections 951 and 952 of the Higher Education Amendments of 1998 (HEA). These amendments permit postsecondary institutions to disclose certain information to the public and to parents of students. DATES: These regulations are effective August 7, 2000.
Putting Private Info on Government Database
Date CapturedTuesday March 09, 2010 04:34 PM
Phyllis Schlafly writes - [The Fordham report made numerous recommendations to beef up student privacy, such as collecting only information relevant to articulated purposes, purging unjustified data, enacting time limits for data retention and hiring a chief privacy officer for each state. There is no indication that these suggestions will be implemented. The Obama Department of Education officials believe that collecting personally identifiable data is "at the heart of improving schools and school districts." One of the four reform mandates of the Race to the Top competition is to establish pre-kindergarten to college-and-career data systems that "track progress and foster continuous improvement."]
Comments of the World Privacy Forum regarding Notice of Proposed Rulemaking, FERPA
Date CapturedTuesday February 02, 2010 08:28 PM
[Our comments focus on several aspects of the Notice of Proposed Rulemaking (NPRM), notably, the definition and handling of directory information and personally identifiable information. We also comment on the use of full tax returns to determine eligibility. And finally, we comment on the issue of outsourcing, including the need for audit trails in regards to the proposed expansion of the school official exemption.]
Family Policy Compliance Office (FPCO)
Date CapturedWednesday November 04, 2009 05:04 PM
The mission of the Family Policy Compliance Office (FPCO) is to meet the needs of the Department's primary customers--learners of all ages--by effectively implementing two laws that seek to ensure student and parental rights in education: the Family Educational Rights and Privacy Act (FERPA) and the Protection of Pupil Rights Amendment (PPRA).
Personal school data not always private
Date CapturedTuesday November 03, 2009 08:15 PM
SCOTT WALDMAN Staff Writer Section: Capital Region, Page: B1 Date: Saturday, February 9, 2008 [GUILDERLAND - Last year, the Guilderland Teachers Association got the address of every local family and sent those with school-age children postcards promoting the union's picks in the May school board election. But trying to get that kind of personal information from other school districts won't work. The issue shines a light on how school districts interpret a federal law that permits the disclosure of "directory" information - including student and parent names, addresses and phone numbers - without consent. The law leaves it up to individual districts to define what is considered directory information. The statute also stipulates that schools must tell residents they have the right to withhold the information.]
Use of parental list is faulted
Date CapturedTuesday November 03, 2009 08:06 PM
March 17, 2008 by Scott Waldman - [GUILDERLAND - Guilderland School District violated federal law when it provided the names and addresses of parents to the teachers union, according to the state's authority on open government. Last year, Guilderland Teachers Association used those names and addresses to send parents of school-aged children postcards promoting the union's picks in a school board election. School officials deny that any law was broken, but the district recently imposed a moratorium on releasing "directory" information after complaints by school board members and news coverage of the controversy.]
Kids' Privacy
Date CapturedSunday November 01, 2009 09:40 PM
[Thanks to COPPA, sites have to get a parent’s permission if they want to collect or share your kids’ personal information, with only a few exceptions. That goes for information sites ask for up-front, and information your kids choose to post about themselves. Personal information includes your child’s full name, address, email address, or cell phone number. Under COPPA, sites also have to post privacy policies that give details about what kind of information they collect from kids — and what they might do with it (say, to send a weekly newsletter, direct advertising to them, or give the information to other companies). If a site plans to share the child’s information with another company, the privacy policy must say what that company will do with it. Links to the policies should be in places where they’re easy to spot. What Can You Do? Your kids’ personal information and privacy are valuable —to you, to them, and to marketers.] *****NOTE DISPARITY WITH PROTECTION PROVIDED UNDER FERPA.
South Dakota Superintendent Thinks Info Policy Will Pass Tonight
Date CapturedFriday October 30, 2009 05:37 PM
[Over the past month some parents have voiced their concerns to the school board over what they consider the selling of their children's contact information. Some say they don't want it to land in the wrong hands. Pam Homan says parents have known about the information policy for some time. "On the blue card as we call it parents have been informed of the FERPA requirement and whether or not they wish to have their child's name included or excluded from information." Revisions have been made to the proposed policy. Allowing parents more control over where the information is given. It will allow four categories that are: school publications, directory information, SD board of regents, and military recruiters.]
Plano ISD: Redefining the student directory
Date CapturedFriday October 30, 2009 10:30 AM
[If the changes are approved, Plano ISD couldn't, without consent from the parents, print a student's address, telephone number or e-mail address in any district publication. Some school districts -- and I'm not sure about Plano -- sell directory information to third parties as a money-making operation. Companies, such as Coca-Cola or Citi Bank, could buy the directories and market products to students.] NOTE: CHANGES WERE APPROVED
CHILDREN’S EDUCATIONAL RECORDS AND PRIVACY -- A STUDY OF ELEMENTARY AND SECONDARY SCHOOL STATE REPORTING SYSTEMS -- October 28, 2009
Date CapturedFriday October 30, 2009 09:44 AM
[The Study reports on the results of a survey of all fifty states and finds that state educational databases across the country ignore key privacy protections for the nation's K-12 children. The Study finds that large amounts of personally identifiable data and sensitive personal information about children are stored by the state departments of education in electronic warehouses or for the states by third party vendors. These data warehouses typically lack adequate privacy protections, such as clear access and use restrictions and data retention policies, are often not compliant with the Family Educational Rights and Privacy Act, and leave K-12 children unprotected from data misuse, improper data release, and data breaches. The Study provides recommendations for best practices and legislative reform to address these privacy problems.] Joel R. Reidenberg, Professor of Law and Founding Academic Director of CLIP Jamela Debelak, Esq., Executive Director of CLIP
National Forum on Education Statistics. Forum Guide to Protecting the Privacy of Student Information: State and Local Education Agencies
Date CapturedSaturday March 21, 2009 01:43 PM
National Forum on Education Statistics. Forum Guide to Protecting the Privacy of Student Information: State and Local Education Agencies, NCES 2004–330. Washington, DC: 2004.
Commercial Activities in Schools: Use of Student Data is Limited and Additional Dissemination of Guidance Could Help Districts Develop Policies
Date CapturedThursday March 12, 2009 03:16 PM
GAO -- Recommendation: The Secretary of Education should take additional action to assist districts in understanding that they are required to have specific policies in place for the collection, disclosure, and use of student information for marketing and selling purposes by disseminating its guidance to state school boards associations.
State says Cambridge Public Schools can't charge $14K for public records
Date CapturedFriday February 13, 2009 03:12 PM
David L. Harris -- GateHouse News Service - [On Nov. 30, 2007, the Chronicle sent a letter requesting directory information, but the request was later denied in a three-page letter from the school’s legal department. After appealing to the state’s supervisor of public records, Alan Cote, the school department sent a letter dated July 11, explaining that the work to compile the directory information would cost $14,426.88. The Chronicle’s sister paper, the Newton TAB, requested the same information from Newton Public Schools around the same time. The school department, which sent the data within three weeks of the request, did not charge the TAB for the information.]
Joint Guidance on the Application of the Family Educational Rights and Privacy Act (FERPA) And the Health Insurance Portability and Accountability Act of 1996 (HIPAA) To Student Health Records (ID: CSD5578)
Date CapturedThursday December 04, 2008 04:36 PM
The HIPAA Privacy Rule specifically excludes from its coverage those records that are protected by FERPA. At the elementary or secondary school level, students’ immunization and other health records that are maintained by a school district or individual school, including a school-operated health clinic, that receives funds under any program administered by the U.S. Department of Education are “education records” subject to FERPA, including health and medical records maintained by a school nurse who is employed by or under contract with a school or school district. Some schools may receive a grant from a foundation or government agency to hire a nurse. Notwithstanding the source of the funding, if the nurse is hired as a school official (or contractor), the records maintained by the nurse or clinic are “education records” subject to FERPA.
EDUCAUSE
Date CapturedTuesday June 03, 2008 08:26 PM
EDUCAUSE is a nonprofit association and good source of information about FERPA and higher education.
Family Educational Rights and Privacy Act (FERPA)
Date CapturedThursday July 27, 2006 09:36 PM
"The Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education. FERPA gives parents certain rights with respect to their children's education records. These rights transfer to the student when he or she reaches the age of 18 or attends a school beyond the high school level. Students to whom the rights have transferred are 'eligible students.'" parent or eligible student in order to release any information from a student's education record. However, FERPA allows schools to disclose those records, without consent, to the following parties or under the following conditions (34 CFR § 99.31): School officials with legitimate educational interest; Other schools to which a student is transferring; Specified officials for audit or evaluation purposes; Appropriate parties in connection with financial aid to a student; Organizations conducting certain studies for or on behalf of the school; Accrediting organizations; To comply with a judicial order or lawfully issued subpoena; Appropriate officials in cases of health and safety emergencies; and State and local authorities, within a juvenile justice system, pursuant to specific State law. Schools may disclose, without consent, "directory" information such as a student's name, address, telephone number, date and place of birth, honors and awards, and dates of attendance. However, schools must tell parents and eligible students about directory information and allow parents and eligible students a reasonable amount of time to request that the school not disclose directory information about them. Schools must notify parents and eligible students annually of their rights under FERPA. The actual means of notification (special letter, inclusion in a PTA bulletin, student handbook, or newspaper article) is left to the discretion of each school.

Fourth Amendment

Coalition pushes ECPA update for online privacy in cloud computing age
Date CapturedWednesday March 31, 2010 04:46 PM
[A powerful collection of organizations has formed a new coalition to push for an update to the Electronic Communications Privacy Act (ECPA). Members of the coalition include Google, Microsoft, AT&T, AOL, Intel, the ACLU and the Electronic Frontier Foundation. The guidance from the coalition would enshrine principles for “digital due process,” online privacy and data protection in the age of cloud computing within an updated ECPA.]
Digital Due Process
Date CapturedWednesday March 31, 2010 04:23 PM
[A powerful collection of organizations has formed a new coalition to push for an update to the Electronic Communications Privacy Act (ECPA). Members of the coalition include Google, Microsoft, AT&T, AOL, Intel, the ACLU and the Electronic Frontier Foundation. The guidance from the coalition would enshrine principles for “digital due process,” online privacy and data protection in the age of cloud computing within an updated ECPA.]

Freedom of Information (FOI)

NEW YORK PUBLIC OFFICERS LAW, ARTICLE 6 SECTIONS 84-90 FREEDOM OF INFORMATION LAW
Date CapturedMonday March 14, 2011 06:20 PM
Freedom of Information Law PUBLIC OFFICERS LAW, ARTICLE 6 SECTIONS 84-90 FREEDOM OF INFORMATION LAW: [iii. sale or release of lists of names and addresses if such lists would be used for solicitation or fund-raising purposes;]

FTC

Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers
Date CapturedMonday March 26, 2012 11:16 AM
The final report calls on companies handling consumer data to implement recommendations for protecting privacy, including: Privacy by Design - companies should build in consumers' privacy protections at every stage in developing their products. These include reasonable security for consumer data, limited collection and retention of such data, and reasonable procedures to promote data accuracy; Simplified Choice for Businesses and Consumers - companies should give consumers the option to decide what information is shared about them, and with whom. This should include a Do-Not-Track mechanism that would provide a simple, easy way for consumers to control the tracking of their online activities. Greater Transparency - companies should disclose details about their collection and use of consumers' information, and provide consumers access to the data collected about them. *****Data Brokers - The Commission calls on data brokers to make their operations more transparent by creating a centralized website to identify themselves, and to disclose how they collect and use consumer data. In addition, the website should detail the choices that data brokers provide consumers about their own information.
Stolen Futures: A Forum on Child Identity Theft July 12, 2011
Date CapturedMonday July 25, 2011 05:26 PM
Session 3 TRANSCRIPT - Securing Children’s Data in the Educational System: Steven Toporoff - Federal Trade Commission. PANELISTS: Kathleen Styles, U.S. Department of Education; Michael Borkoski, Howard County Maryland Public Schools; Larry Wong, Montgomery County Maryland Public Schools; Richard Boyle ECMC, Denny Shaw i-SAFE, Inc. [This panel will explore the Family Educational Rights and Privacy Act (FERPA) and initiatives to protect children’s personal information in school systems. We will also explore lessons learned from a high-profile data breach involving student information. Finally, the panel will discuss outreach efforts to teach children, teachers, youth counselors, and school administrators about privacy and securing children’s personal information.]
Stolen Futures: A Forum on Child Identity Theft July 12, 2011
Date CapturedMonday July 25, 2011 05:16 PM
Session 2 TRANSCRIPT intro [Linda Foley is the founder and research director of the Identity Theft Resource Center, a nationwide nonprofit, victim-services advocacy, and consumer-education program based in San Diego, California. Russell Butler is Executive Director of the Maryland Crime Victims Resource Center, which provides criminal justice information and education, support services, therapeutic individual, family, and group counseling, and legal information, referrals, and representation to victims of crime. And then I have Theresa Ronnebaum. Theresa is the Identity Theft Program Specialist for the Florida Attorney General's office with over 15 years experience in victim advocacy.]
COMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER to THE FEDERAL TRADE COMMISSION
Date CapturedMonday March 07, 2011 06:04 PM
Marc Rotenberg, EPIC testimony to FTC: COPPA currently defines PI as: Personal information means individually identifiable information about an individual collected online, including: (a) A first and last name; (b) A home or other physical address including street name and name of a city or town; (c) An e-mail address or other online contact information, including but not limited to an instant messaging user identifier, or a screen name that reveals an individual's e-mail address; (d) A telephone number; (e) A Social Security number; (f) A persistent identifier, such as a customer number held in a cookie or a processor serial number, where such identifier is associated with individually identifiable information; or a combination of a last name or photograph of the individual with other information such that the combination permits physical or online contacting; or (g) Information concerning the child or the parents of that child that the operator collects online from the child and combines with an identifier described in this definition.
COPPA Rulemaking and Rule Reviews
Date CapturedMonday March 07, 2011 05:46 PM
Includes public testimony and roundtable. March 24, 2010
FACEBOOK - Complaint, Request for Investigation, Injunction, and Other Relief
Date CapturedMonday May 10, 2010 09:54 AM
[This complaint concerns material changes to privacy settings made by Facebook, the largest social network service in the United States, that adversely impact the users of the service. Facebook now discloses personal information to the public that Facebook users previously restricted. Facebook now discloses personal information to third parties that Facebook users previously did not make available. These changes violate user expectations, diminish user privacy, and contradict Facebook’s own representations. These business practices are Unfair and Deceptive Trade Practices, subject to review by the Federal Trade Commission (the “Commission”) under section 5 of the Federal Trade Commission Act.]
FTC Seeks Comment on Children's Online Privacy Protections; Questions Whether Changes to Technology Warrant Changes to Agency Rule.
Date CapturedTuesday April 06, 2010 02:51 PM
[In a Federal Register notice to be published shortly, the FTC poses its standard regulatory review questions and identifies several areas where public comment would be especially useful. Among other things, the FTC asks: What implications for COPPA enforcement are raised by mobile communications, interactive television, interactive gaming, or other similar interactive media. For input on the use of automated systems – those that filter out any personally identifiable information prior to posting – to review children’s Web submissions. Whether operators have the ability to contact specific individuals using information collected from children online, such as persistent IP addresses, mobile geolocation data, or information collected in connection with behavioral advertising, and whether the Rule’s definition of “personal information” should be expanded accordingly. Whether there are additional technological methods to obtain verifiable parental consent that should be added to the COPPA Rule, and whether any of the methods currently included should be removed. Whether parents are exercising their right under the Rule to review or delete personal information collected from their children, and what challenges operators face in authenticating parents. Whether the Rule’s process for FTC approval of self-regulatory guidelines – known as safe harbor programs – has enhanced compliance, and whether the criteria for FTC approval and oversight of the guidelines should be modified in any way.]
Comments of the World Privacy Forum to FTC, Nov. 6, 2009
Date CapturedThursday December 17, 2009 10:58 PM
Pam Dixon Executive Director, World Privacy Forum -- Re: Privacy Roundtables – Comment, Project No. P095416 - [The World Privacy Forum understands that businesses have a right to exist and to make money, and that advertising and marketing is part of the marketplace. But we also believe that there is not a reasonable balance right now between what data is being collected and used, and what consumers can do to manage that data and their privacy. There are no perfect solutions, but we think that a rights-based framework based on approaches contained in the Fair Credit Reporting Act and on Fair Information Practices will address many of the problems and help create solutions that are equitable for all stakeholders.]
Refocusing the FTC’s Role in Privacy Protection
Date CapturedMonday December 14, 2009 05:31 PM
Comments of the Center for Democracy & Technology (CDT) in regards to the FTC Consumer Privacy Roundtable.
DOD nixes vendor of online monitoring software over privacy concerns
Date CapturedMonday December 07, 2009 08:53 PM
Jaikumar Vijayan writes [In September, EPIC, a Washington-based privacy advocacy group, filed a complaint against EchoMetrix with the Federal Trade Commission. EPIC claimed that EchoMetrix was violating the provisions of the Children's Online Privacy Protection Act (COPPA) by collecting personally identifiable information about children and their browsing habits and online chats. EPIC claimed that EchoMetrix used the information to deliver targeted advertising to children and also sold that information to third-party marketers. In its complaint, EPIC pointed to a separate service offered by EchoMetrix called Pulse, which analyzes data gathered from multiple sources including instant messages, blogs and chat rooms. The information is sold as market research intelligence to marketing companies, the EPIC complaint said.] [
Ad Industry Works on Ads About Ads
Date CapturedTuesday November 24, 2009 03:07 PM
Wall Street Journal Emily Steel writes -- [At issue is the practice of tracking consumers’ Web activities — from the searches they make to the sites they visit and the products they buy — for the purpose of targeting ads. The efforts follow calls from the FTC earlier this year for Web advertisers and Internet companies to do a better job explaining how they track and use information about consumers’ Web activities and creating a simple way consumers can opt out of being tracked.]
Federal data breach notification standard must pre-empt state laws
Date CapturedMonday November 16, 2009 08:33 PM
Nextgov Jill R. Aitoro writes -- [The Data Breach Notification Act, introduced in January by Sen. Dianne Feinstein, D-Calif., would authorize the attorney general to bring civil actions against firms that failed to notify people whose personal information had been compromised in a breach and would extend notification requirements to government agencies. The Personal Data Privacy and Security Act, introduced in July by Sen. Patrick Leahy, D-Vt., also would set notification requirements and tighter criminal penalties for identity theft and willful concealment of a breach, and would require businesses to implement preventive security standards to guard against threats to their databases.] [Two states are credited for having breach notification laws with the most teeth, said Peter McLaughlin, senior counsel with Foley & Lardner LLP and a member of the law firm's privacy, security and information management practice. Foley & Lardner released a report on Monday that provides in-depth coverage of all major aspects of U.S. and international security breach laws.]
Refocusing the FTC’s Role in Privacy Protection
Date CapturedTuesday November 10, 2009 03:33 PM
Center for Technology in Government (CDT) Policy Post 15.17, November 10, 2009. [ A Briefing On Public Policy Issues Affecting Civil Liberties Online from The Center For Democracy and Technology Refocusing the FTC’s Role in Privacy Protection 1) CDT Submits Comments in regards to the FTC Consumer Privacy Roundtable 2) The Significance of a Comprehensive Set of Fair Information Practice Principles 3) Examining FIPs at Work: Recent FTC Enforcement Actions Demonstrate a Path Forward 4) CDT Recommendations for Future FTC Action
‘‘Building Effective Strategies To Promote Responsibility Accountability Choice Transparency Innovation Consumer Expectations and Safeguards Act’’ or the ‘‘BEST PRACTICES Act’’
Date CapturedThursday November 05, 2009 03:19 PM
H. R. 5777 -- To foster transparency about the commercial use of personal information, provide consumers with meaningful choice about the collection, use, and disclosure of such information, and for other purposes. [Requires information brokers to: (1) establish procedures to verify the accuracy of information that identifies individuals; (2) provide to individuals whose personal information it maintains a means to review it; (3) place notice on the Internet instructing individuals how to request access to such information; and (4) correct inaccurate information. Directs the FTC to require information brokers to establish measures which facilitate the auditing or retracing of access to, or transmissions of, electronic data containing personal information. Prohibits information brokers from obtaining or disclosing personal information by false pretenses (pretexting).]
Kids' Privacy
Date CapturedSunday November 01, 2009 09:40 PM
[Thanks to COPPA, sites have to get a parent’s permission if they want to collect or share your kids’ personal information, with only a few exceptions. That goes for information sites ask for up-front, and information your kids choose to post about themselves. Personal information includes your child’s full name, address, email address, or cell phone number. Under COPPA, sites also have to post privacy policies that give details about what kind of information they collect from kids — and what they might do with it (say, to send a weekly newsletter, direct advertising to them, or give the information to other companies). If a site plans to share the child’s information with another company, the privacy policy must say what that company will do with it. Links to the policies should be in places where they’re easy to spot. What Can You Do? Your kids’ personal information and privacy are valuable —to you, to them, and to marketers.] *****NOTE DISPARITY WITH PROTECTION PROVIDED UNDER FERPA.
FAIR INFORMATION PRACTICE PRINCIPLES
Date CapturedFriday October 30, 2009 11:08 AM
Over the past quarter century, government agencies in the United States, Canada, and Europe have studied the manner in which entities collect and use personal information -- their "information practices" -- and the safeguards required to assure those practices are fair and provide adequate privacy protection. The result has been a series of reports, guidelines, and model codes that represent widely-accepted principles concerning fair information practices. Common to all of these documents [hereinafter referred to as "fair information practice codes"] are five core principles of privacy protection: (1) Notice/Awareness; (2) Choice/Consent; (3) Access/Participation; (4) Integrity/Security; and (5) Enforcement/Redress.
Education Marketing Group/ECRA LAWSUIT RE: SALE OF STUDENT INFORMATION
Date CapturedFriday October 30, 2009 10:15 AM
Parties Subject to Order ORDERED, ADJUDGED AND DECREED that this Consent Order and Judgment shall extend to Student Marketing Group, Inc. (“SMG”) and Educational Research Center of America, Inc. (“ERCA”), their successors, assignees, officers, agents, representatives, affiliates and employees and any other person under their direction or control, whether acting individually or in concert with others or through any corporate entity or device through which they may now or hereafter act or conduct business (collectively “respondents”).

GAO

K-12 Education: Many Challenges Arise in Educating Students Who Change Schools Frequently
Date CapturedMonday December 20, 2010 09:20 PM
GAO-11-40 November 18, 2010 - The recent economic downturn, with foreclosures and homelessness, may be increasing student mobility.
Many States Collect Graduates’ Employment Information, but Clearer Guidance on Student Privacy Requirements Is Needed
Date CapturedMonday December 13, 2010 09:17 AM
GAO-10-927 - GAO recommends that Education clarify means by which states can collect and share graduates’ employment information under the Family Educational Rights and Privacy Act (FERPA) and establish a time frame for doing so. Education agreed with the recommendation.
Congress Should Consider Alternatives for Strengthening Protection of Personally Identifiable Information
Date CapturedTuesday September 28, 2010 02:51 PM
GAO-08-795T : In its report GAO identified alternatives that the Congress should consider, including revising the scope of privacy laws to cover all personal information, requiring that the use of such information be limited to a specific purpose, and revising the structure and publication of privacy notices.
Commercial Activities in Schools: Use of Student Data is Limited and Additional Dissemination of Guidance Could Help Districts Develop Policies
Date CapturedThursday March 12, 2009 03:16 PM
GAO -- Recommendation: The Secretary of Education should take additional action to assist districts in understanding that they are required to have specific policies in place for the collection, disclosure, and use of student information for marketing and selling purposes by disseminating its guidance to state school boards associations.

Higher Education

The Handbook for Campus Safety and Security Reporting
Date CapturedFriday March 11, 2011 07:35 PM
FERPA does not preclude an institution’s compliance with the timely warning provision of the campus security regulations. FERPA recognizes that information can, in case of an emergency, be released without consent when needed to protect the health and safety of others. In addition, if institutions utilize information from the records of a campus law enforcement unit to issue a timely warning, FERPA is not implicated as those records are not protected by FERPA. U.S. Department of Education, Office of Postsecondary Education, The Handbook for Campus Safety and Security Reporting, Washington, D.C., 2011.
Some questions raised over release of student info (North Dakota)
Date CapturedTuesday March 08, 2011 04:54 PM
[North Dakota: High schools across the state would be required to give names, addresses and phone numbers of their students to the State Board of Higher Education under a proposed Senate bill.] [Several committee members expressed concern about the additional information and wanted to make sure parents would be fully aware of what information was being requested before opting out. That view also was shared by Bev Nielson of the North Dakota School Boards Association.]
Identifying Violence-prone Students
Date CapturedThursday January 13, 2011 02:02 PM
The fine line higher education officials walk in dealing with troubled students is discussed.
Many States Collect Graduates’ Employment Information, but Clearer Guidance on Student Privacy Requirements Is Needed
Date CapturedMonday December 13, 2010 09:17 AM
GAO-10-927 - GAO recommends that Education clarify means by which states can collect and share graduates’ employment information under the Family Educational Rights and Privacy Act (FERPA) and establish a time frame for doing so. Education agreed with the recommendation.
Delta College trustees won't add more student information to campus directory
Date CapturedThursday March 18, 2010 01:34 PM
By Andrew Dodson | The Bay City Times - [Currently, information on Delta College students that is readily available, unless they have opted out, includes their name, degree, address, awards, dates attended, program, participation in activities, enrollment, e-mail and weight and height for members of athletic teams. Higgs argued that the college should have more items on file, including a student photo, whether or not that student is full or part time and a phone number. "That's what the courts look to," said Higgs. "Our policy doesn't have those things and it should." Other board members disagreed, saying that more data collecting isn't required and isn't worth the time. They voted against the plan 8-1.]

HIPAA

Identifying Violence-prone Students
Date CapturedThursday January 13, 2011 02:02 PM
The fine line higher education officials walk in dealing with troubled students is discussed.
Joint Guidance on the Application of the Family Educational Rights and Privacy Act (FERPA) And the Health Insurance Portability and Accountability Act of 1996 (HIPAA) To Student Health Records (ID: CSD5578)
Date CapturedThursday December 04, 2008 04:36 PM
The HIPAA Privacy Rule specifically excludes from its coverage those records that are protected by FERPA. At the elementary or secondary school level, students’ immunization and other health records that are maintained by a school district or individual school, including a school-operated health clinic, that receives funds under any program administered by the U.S. Department of Education are “education records” subject to FERPA, including health and medical records maintained by a school nurse who is employed by or under contract with a school or school district. Some schools may receive a grant from a foundation or government agency to hire a nurse. Notwithstanding the source of the funding, if the nurse is hired as a school official (or contractor), the records maintained by the nurse or clinic are “education records” subject to FERPA.

Homeless Students

K-12 Education: Many Challenges Arise in Educating Students Who Change Schools Frequently
Date CapturedMonday December 20, 2010 09:20 PM
GAO-11-40 November 18, 2010 - The recent economic downturn, with foreclosures and homelessness, may be increasing student mobility.

Identity Theft

Identity Theft Reported by Households, 2005-2010
Date CapturedMonday December 05, 2011 11:06 AM
Lynn Langton - In 2010, 7.0% of households in the United States, or about 8.6 million households, had at least one member age 12 or older who experienced one or more types of identity theft victimization. Among households in which at least one member experienced one or more types of identity theft, 64.1% experienced the misuse or attempted misuse of an existing credit card account in 2010. From 2005 to 2010, the percentage of all households with one or more type of identity theft that suffered no direct financial loss increased from 18.5% to 23.7%.
PREPARED STATEMENT OF THE FEDERAL TRADE COMMISSION on CHILD IDENTITY THEFT
Date CapturedFriday September 02, 2011 09:38 PM
PREPARED STATEMENT OF THE FEDERAL TRADE COMMISSION Before the SUBCOMMITTEE ON SOCIAL SECURITY of the HOUSE COMMITTEE ON WAYS AND MEANS on Child Identity Theft Field Hearing Plano, Texas September 1, 2011; EXCERPT: A. The Child Identity Theft Forum Discussions [They noted that identity thieves often steal children’s information from schools, businesses, and government agencies.]
Stolen Futures: A Forum on Child Identity Theft July 12, 2011
Date CapturedMonday July 25, 2011 05:26 PM
Session 3 TRANSCRIPT - Securing Children’s Data in the Educational System: Steven Toporoff - Federal Trade Commission. PANELISTS: Kathleen Styles, U.S. Department of Education; Michael Borkoski, Howard County Maryland Public Schools; Larry Wong, Montgomery County Maryland Public Schools; Richard Boyle ECMC, Denny Shaw i-SAFE, Inc. [This panel will explore the Family Educational Rights and Privacy Act (FERPA) and initiatives to protect children’s personal information in school systems. We will also explore lessons learned from a high-profile data breach involving student information. Finally, the panel will discuss outreach efforts to teach children, teachers, youth counselors, and school administrators about privacy and securing children’s personal information.]
Stolen Futures: A Forum on Child Identity Theft July 12, 2011
Date CapturedMonday July 25, 2011 05:16 PM
Session 2 TRANSCRIPT intro [Linda Foley is the founder and research director of the Identity Theft Resource Center, a nationwide nonprofit, victim-services advocacy, and consumer-education program based in San Diego, California. Russell Butler is Executive Director of the Maryland Crime Victims Resource Center, which provides criminal justice information and education, support services, therapeutic individual, family, and group counseling, and legal information, referrals, and representation to victims of crime. And then I have Theresa Ronnebaum. Theresa is the Identity Theft Program Specialist for the Florida Attorney General's office with over 15 years experience in victim advocacy.]
Stolen Futures: A Forum on Child Identity Theft July 12, 2011
Date CapturedWednesday July 20, 2011 06:12 PM
TRANSCRIPT SESSION ONE: Stolen Futures: A Forum on Child Identity Theft July 12, 2011; The Federal Trade Commission (FTC) and the Office for Victims Rights (OVC), Office of Justice Programs, U.S. Department of Justice, will hold a forum to discuss child identity theft. Government, business, non-profit, legal service providers, and victim advocates will explore the nature of child identity theft, including foster care identity theft and identity theft within families, with the goal of advising parents and victims on how to prevent the crime and how to resolve child identity theft problems.

ILLINOIS

ABOUT ILLINOIS SHARED LEARNING ENVIRONMENT
Date CapturedSunday May 26, 2013 10:04 PM

Information Policy

Kindergarten Through 12 Grade Schools’ Collection and Use of Social Security Numbers (A-08-10-11057)
Date CapturedThursday December 23, 2010 09:53 AM
OFFICE OF THE INSPECTOR GENERAL SOCIAL SECURITY ADMINISTRATION - Despite the potential risks associated with using SSNs as primary student identifiers, many K-12 schools continue this practice. While we recognize that SSA cannot prohibit States or K-12 schools from collecting and using SSNs as student identifiers or for other purposes, we believe SSA can help reduce the threat of identity theft and SSN misuse by encouraging States and K-12 schools to reduce unnecessary collection of SSNs and improve protections and safeguards when collected.

Internet

Happy Birthday, Internet
Date CapturedFriday October 30, 2009 08:22 PM
NPR interview -- authentication and privacy concerns mentioned. October 30, 2009 [On Oct. 29, 1969, around 10:30 P.M., a message from one computer was sent over a modified phone line to another computer hundreds of miles away. Some say the Internet was born that day. UCLA computer scientist Leonard Kleinrock, who was there, gives his account.] IMPORTANT EXCERPT: [Dr. KLEINROCK: Yes. In fact, in those early days, the culture of the Internet was one of trust, openness, shared ideas. You know, I knew everybody on the Internet in those days and I trusted them all. And everybody behaved well, so we had a very easy, open access. We did not introduce any limitations nor did we introduce what we should have, which was the ability to do strong user authentication and strong file authentication. So I know that if you are communicating with me, it's you, Ira Flatow, and not someone else. And if you send me a file, I receive the file you intended me to receive. We should've installed that in the architecture in the early days. And the first thing we should've done with it is turn it off, because we needed this open, trusted, available, shared environment, which was the culture, the ethics of the early Internet. And then when we approach the late 1980s and the early 1990s and spam, and viruses, and pornography and eventually the identity theft and the fraud, and the botnets and the denial of service we see today, as that began to emerge, we should then slowly have turned on that authentication process, which is part of what your other caller referred to is this IPV6 is an attempt to bring on and patch on some of this authentication capability. But it's very hard now that it's not built deep into the architecture of the Internet.]

Juvenile Justice

TEXAS SB 1106
Date CapturedSaturday August 13, 2011 03:54 PM
AN ACT relating to the exchange of confidential information concerning certain juveniles.

Legislation

NYC Opposition to A.8474
Date CapturedThursday June 21, 2012 11:10 PM
California AB.143
Date CapturedSaturday September 03, 2011 02:40 PM
INTRODUCED BY Assembly Member Fuentes; This bill would redefine directory information to no longer include a pupil's place of birth and to also include a pupil's e-mail address.
NYS Sen. Oppenheimer and Sen. Montgomery on S.2357
Date CapturedTuesday June 21, 2011 04:25 PM
Sen. Oppenheimer and Sen. Montgomery on S.2357 @ 36:30 minutes. Senators demonstrate responsible data stewardship. S.2357 excerpt: [(C) UNLESS OTHERWISE ALLOWED BY LAW, A SCHOOL MAY NOT, EVEN WITH THE AFFIRMATIVE CONSENT OF THE PARENT OF THE STUDENT IN ATTENDANCE OR THE ELIGIBLE STUDENT IN ATTENDANCE, DISCLOSE PERSONALLY IDENTIFIABLE STUDENT INFORMATION FOR A COMMERCIAL, FOR-PROFIT ACTIVITY INCLUDING BUT NOT LIMITED TO USE FOR: (I) MARKETING PRODUCTS OR SERVICES; (II) SELLING PERSONALLY IDENTIFIABLE STUDENT INFORMATION FOR USE IN MARKETING PRODUCTS OR SERVICES; (III) CREATING OR CORRECTING AN INDIVIDUAL OR HOUSEHOLD PROFILE; (IV) COMPILATION OF A STUDENT LIST; (V) SALE OF THE INFORMATION FOR ANY COMMERCIAL PURPOSE; OR (VI) ANY OTHER PURPOSE CONSIDERED BY THE SCHOOL AS LIKELY TO BE A COMMERCIAL, FOR-PROFIT ACTIVITY. (D) IN MAKING AN ALLOWABLE DISCLOSURE UNDER THIS SUBDIVISION, A SCHOOL MAY ONLY DISCLOSE THE MINIMUM AMOUNT OF INFORMATION NECESSARY TO ACCOM PLISH THE PURPOSE OF THE DISCLOSURE.]
New York Senate; S.2357-B
Date CapturedTuesday June 07, 2011 12:07 PM
This bill, sponsored by Sen. Oppenheimer, restricts the sale of student PII and requires affirmative consent for the release of sensitive information.
U.S. Department of Education (USED) Safeguarding Student Privacy 
Date CapturedFriday April 08, 2011 06:38 PM
The use of data is vital to ensuring the best education for our children.  However, the benefits of using  student data must always be balanced with the need to protect students’ privacy rights.  Students and their  parents should expect that their personal information is safe, properly collected and maintained and that it is  used only for appropriate purposes and not improperly redisclosed.  It is imperative to protect students’  privacy to avoid discrimination, identity theft or other malicious and damaging criminal acts.  All education  data holders must act responsibly and be held accountable for safeguarding students’ personally identifiable  information – from practitioners of early learning to those developing systems across the education  continuum (P-20) and from schools to their contractors.  The need for articulated privacy protections and  data security continues to grow as Statewide Longitudinal Data Systems (SLDS) are built and more education  records are digitized and shared electronically.  As States develop and refine their information management  systems, it is critical that they ensure that student information continues to be protected and that students’  personally identifiable information is disclosed only for authorized purposes and under the circumstances  permitted by law.  All P-20 stakeholders should be involved in the development of these statewide systems  and protection policies.    
TITLE 20 > CHAPTER 31 > SUBCHAPTER III > Part 4 > § 1232g
Date CapturedTuesday March 15, 2011 12:47 PM
FERPA statute regarding directory information - note PICTURE and E-MAIL NOT in statute. US ED added through regulations -- they were not added by Congress: 5)(A) For the purposes of this section the term “directory information” relating to a student includes the following: the student’s name, address, telephone listing, date and place of birth, major field of study, participation in officially recognized activities and sports, weight and height of members of athletic teams, dates of attendance, degrees and awards received, and the most recent previous educational agency or institution attended by the student.
NEW YORK PUBLIC OFFICERS LAW, ARTICLE 6 SECTIONS 84-90 FREEDOM OF INFORMATION LAW
Date CapturedMonday March 14, 2011 06:20 PM
Freedom of Information Law PUBLIC OFFICERS LAW, ARTICLE 6 SECTIONS 84-90 FREEDOM OF INFORMATION LAW: [iii. sale or release of lists of names and addresses if such lists would be used for solicitation or fund-raising purposes;]
OHIO 3319.321 Confidentiality
Date CapturedThursday March 10, 2011 02:40 PM
Ohio Revised Code » Title [33] XXXIII EDUCATION (A) No person shall release, or permit access to, the directory information concerning any students attending a public school to any person or group for use in a profit-making plan or activity. Notwithstanding division (B)(4) of section 149.43 of the Revised Code, a person may require disclosure of the requestor’s identity or the intended use of the directory information concerning any students attending a public school to ascertain whether the directory information is for use in a profit-making plan or activity.
Letter to: Chairman Boucher and Ranking Member Stearns
Date CapturedMonday June 07, 2010 06:26 PM
Mike Sachoff -- [In response to a discussion draft of a new privacy bill now under consideration by the House Subcommittee on Communications, Technology and the Internet, ten privacy and consumer groups today called for stronger measures to protect consumer privacy both online and off. The organizations including the Consumer Federation of America, Electronic Frontier Foundation, Consumer Watchdog, World Privacy Forum, Consumer Action, USPIRG, Privacy Rights Clearinghouse, Privacy Times, Privacy Lives, and the Center for Digital Democracy, raised their concerns in a letter to Subcommittee Chairman Rick Boucher and Ranking Member Cliff Stearns. The groups recommended the following: *The bill should incorporate the Fair Information Practice Principles that have long served as the bedrock of consumer privacy protection in the U.S., including the principle of not collecting more data than is necessary for the stated purposes, limits on how long data should be retained, and a right to access and correct one's data. *The bill's definitions of what constitutes "sensitive information" need to be expanded; for instance, to include health-related information beyond just "medical records." *The bill should require strict "opt-in" procedures for the collection and use of covered data and should prohibit the collection and use of any sensitive information except for the transactions for which consumers provided it.]
DRAFT - Boucher bill
Date CapturedThursday May 06, 2010 08:34 AM
A BILL : To require notice to and consent of an individual prior to the collection and disclosure of certain personal informa- tion relating to that individual.
Proposed Privacy Legislation Wins Few Fans
Date CapturedThursday May 06, 2010 08:24 AM
WSJ : [ The goal for the legislation is to set a standard for consumer privacy protections and also provide consumers with more transparency and control regarding the collection, use and sharing of their information, said Rep. Rick Boucher (D., Va.). Mr. Boucher released a draft of the bill for discussion on Tuesday along with Rep. Cliff Stearns (R., Fla.). The bill stipulates that as a general rule companies can collect information about consumers unless a person opts out of that data collection — a point of contention among privacy advocates. The regulation also specifies standards for the collection and use of personally identifiable information. Companies must disclose to consumers if they are collecting personally identifiable information and how they are using that data. Consumers must give a company permission to share that personally identifiable information with outside companies. ]
FERPA Legislative History
Date CapturedWednesday May 05, 2010 10:21 AM
The Family Educational Rights and Privacy Act of 1974 (“FERPA”), § 513 of P.L. 93- 380 (The Education Amendments of 1974), was signed into law by President Ford on August 21, 1974, with an effective date of November 19, 1974, 90 days after enactment. FERPA was enacted as a new § 4381 of the General Education Provisions Act (GEPA) called “Protection of the Rights and Privacy of Parents and Students,” and codified at 20 U.S.C. § 1232g.2 It was also commonly referred to as the “Buckley Amendment” after its principal sponsor, Senator James Buckley of New York. FERPA was offered as an amendment on the Senate floor and was not the subject of Committee consideration. Accordingly, traditional legislative history for FERPA as first enacted is unavailable.
Federal Register: July 6, 2000 (Volume 65, Number 130)
Date CapturedTuesday March 09, 2010 04:56 PM
DEPARTMENT OF EDUCATION - 34 CFR Part 99 - Family Educational Rights and Privacy- AGENCY: Department of Education. ACTION: Final regulations. SUMMARY: The Secretary amends the regulations implementing the Family Educational Rights and Privacy Act (FERPA). The amendments are needed to implement sections 951 and 952 of the Higher Education Amendments of 1998 (HEA). These amendments permit postsecondary institutions to disclose certain information to the public and to parents of students. DATES: These regulations are effective August 7, 2000.
H.R.6. Higher Education Amendments of 1998
Date CapturedMonday March 08, 2010 06:54 PM
An Act - To extend the authorization of programs under the Higher Education Act of 1965, and for other purposes. Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled, SECTION 1. SHORT TITLE; TABLE OF CONTENTS. (a) SHORT TITLE.—This Act may be cited as the ‘‘Higher Education Amendments of 1998’’.
Summary of LD 1677 Bill Info LD 1677 (SP 649) "An Act To Protect Minors from Pharmaceutical Marketing Practices"
Date CapturedThursday January 07, 2010 06:04 PM
State of Maine Legislature - "An Act To Protect Minors from Pharmaceutical Marketing Practices" -- Sponsored by Senator Elizabeth Schneider. -- IAPP writes -- [The bill applies to online information only and is limited to pharmaceutical marketing. It gives the attorney general the power to adopt rules to determine its scope. Violation of the law would be considered an unfair trade practice.]
Lawmakers probe deeper into privacy
Date CapturedSaturday November 21, 2009 01:16 PM
By Kim Hart - 11/19/09 04:00 PM ET - [Jennifer Barrett, an executive with Acxiom, a marketing company, said the firm could collect 1,500 possible data points about individual consumers, such as age, hobbies, address, occupation and recent purchases. Acxiom typically maintains 20-40 data points on the average person. Acxiom receives that information from public records, surveys consumers fill out voluntarily (such as warranty cards) and information from other companies. In response to questions from Rep. Mike Doyle (D-Penn.), Barrett said consumers can see what data has been stored about them and can change or delete information used for marketing purposes. But consumers cannot find out who else has bought their data from Axciom.]
Federal data breach notification standard must pre-empt state laws
Date CapturedMonday November 16, 2009 08:33 PM
Nextgov Jill R. Aitoro writes -- [The Data Breach Notification Act, introduced in January by Sen. Dianne Feinstein, D-Calif., would authorize the attorney general to bring civil actions against firms that failed to notify people whose personal information had been compromised in a breach and would extend notification requirements to government agencies. The Personal Data Privacy and Security Act, introduced in July by Sen. Patrick Leahy, D-Vt., also would set notification requirements and tighter criminal penalties for identity theft and willful concealment of a breach, and would require businesses to implement preventive security standards to guard against threats to their databases.] [Two states are credited for having breach notification laws with the most teeth, said Peter McLaughlin, senior counsel with Foley & Lardner LLP and a member of the law firm's privacy, security and information management practice. Foley & Lardner released a report on Monday that provides in-depth coverage of all major aspects of U.S. and international security breach laws.]
PUBLIC Law, Chapter 230 LD 1183, item 1, 124th Maine State Legislature
Date CapturedSunday November 08, 2009 10:35 PM
SP0431, LR 597, item 1, Signed on 2009-06-02 00:00:00.0 - First Regular Session - 124th Maine Legislature, page 1 - 2. Marketing purposes. "Marketing purposes," with respect to the use of health-related information or personal information, means the purposes of marketing or advertising products, goods or services to individuals. 3. Person. "Person" includes an individual, firm, partnership, corporation, association, syndicate, organization, society, business trust, attorney-in-fact and every natural or artificial legal entity. 4. Personal information. "Personal information" means individually identifiable information, including: A. An individual's first name, or first initial, and last name; B. A home or other physical address; C. A social security number; D. A driver's license number or state identification card number; and E. Information concerning a minor that is collected in combination with an identifier described in this subsection. 5. Verifiable parental consent. "Verifiable parental consent" means any reasonable effort, taking into consideration available technology, including a request for authorization for future collection, use and disclosure described in the notice, to ensure that a parent of a minor receives notice of the PUBLIC Law, Chapter 230 LD 1183, item 1, 124th Maine State Legislature An Act To Prevent Predatory Marketing Practices against Minors collection of personal information, use and disclosure practices and authorizes the collection, use and disclosure, as applicable, of personal information and the subsequent use of that information before that information is collected from that minor. § 9552. Unlawful collection and use of data from minors
201 CMR 17.00: STANDARDS FOR THE PROTECTION OF PERSONAL INFORMATION OF RESIDENTS OF THE COMMONWEALTH
Date CapturedSaturday November 07, 2009 04:49 PM
(1) Purpose This regulation implements the provisions of M.G.L. c. 93H relative to the standards to be met by persons who own or license personal information about a resident of the Commonwealth of Massachusetts. This regulation establishes minimum standards to be met in connection with the safeguarding of personal information contained in both paper and electronic records. The objectives of this regulation are to insure the security and confidentiality of customer information in a manner fully consistent with industry standards; protect against anticipated threats or hazards to the security or integrity of such information; and protect against unauthorized access to or use of such information that may result in substantial harm or inconvenience to any consumer.
‘‘Building Effective Strategies To Promote Responsibility Accountability Choice Transparency Innovation Consumer Expectations and Safeguards Act’’ or the ‘‘BEST PRACTICES Act’’
Date CapturedThursday November 05, 2009 03:19 PM
H. R. 5777 -- To foster transparency about the commercial use of personal information, provide consumers with meaningful choice about the collection, use, and disclosure of such information, and for other purposes. [Requires information brokers to: (1) establish procedures to verify the accuracy of information that identifies individuals; (2) provide to individuals whose personal information it maintains a means to review it; (3) place notice on the Internet instructing individuals how to request access to such information; and (4) correct inaccurate information. Directs the FTC to require information brokers to establish measures which facilitate the auditing or retracing of access to, or transmissions of, electronic data containing personal information. Prohibits information brokers from obtaining or disclosing personal information by false pretenses (pretexting).]
‘‘Personal Data Privacy and Security Act of 2009’’ S. 1490
Date CapturedWednesday November 04, 2009 02:19 PM
11TH CONGRESS - 1ST SESSION -- S. 1490: To prevent and mitigate identity theft, to ensure privacy, to provide notice of security breaches, and to enhance criminal penalties, law enforcement assistance, and other protections against security breaches, fraudulent access, and misuse of personally identifiable information.

Longitudinal Database

How Much Data Is Enough Data? What happens to privacy when bureaucracies exceed their scope
Date CapturedThursday October 18, 2012 04:38 PM
The following is a detailed account of Oklahoma’s P20 Council (that organization dedicated to the collection of “educational data” as prescribed by the Obama Administration through development of a State Longitudinal Data System (SLDS))- their operation, goals and function in the state of Oklahoma. This is, in fact, very important information, as EVERY STATE IN THE UNION is to have a similar council. Not all SLDS development groups are called, P20 (which stands for pre-K to 20 years of age – the time span over which this data is to be collected and accrued). Some other acronyms are P12, P20 Workforce and SLDS.
Pivotal Role of Policymakers as Leaders of P–20/Workforce Data Governance
Date CapturedFriday September 21, 2012 01:40 PM
Outlines the actions policymakers can take to effectively develop and lead P–20W data governance and ensure that data systems meet stakeholder needs.
SHARED LEARNING INFRASTRUCTURE AND FERPA
Date CapturedWednesday April 25, 2012 04:02 PM
Updated Guidance on the Collection and Reporting of Teacher and Course Data in the Student Information Repository System (SIRS)
Date CapturedWednesday February 29, 2012 09:19 AM
This memorandum provides important updates on the implementation of federal and State requirements for reporting professional staff and course data for students. This guidance directly addresses three issues: (1) Federal and State requirements for charter and other public schools, school districts, and BOCES to report additional student data, including course enrollment and the teachers/principals responsible for a student’s instruction; (2) The timeline for reporting new data elements; and (3) Implementation strategies for collecting and reporting these data.
NEW YORK: RACE TO THE TOP ANNUAL PERFORMANCE REPORT
Date CapturedFriday January 20, 2012 02:57 PM
New York faces the ongoing challenge of communicating and collaborating with its various stakeholders. Similarly, the complexity of reviewing and approving Scopes of Work, budgets, expenditures, and evaluation plans for all of the State’s participating LEAs presented a formidable task that required a high level of strategic planning and logistical coordination by NYSED leadership. The State is working to overcome these challenges by investing in communication tools and leveraging other quality-control methods (such as a new online expenditure reporting tool) in order to increase its responsiveness and efficiency in the future.
S. 1464 - METRICS Act
Date CapturedSaturday August 13, 2011 03:10 PM
To enable States to implement integrated statewide education longitudinal data systems. This Act may be cited as the ``Measuring and Evaluating Trends for Reliability, Integrity, and Continued Success (METRICS) Act of 2011'' or the ``METRICS Act''.
NYS Sen. Oppenheimer and Sen. Montgomery on S.2357
Date CapturedTuesday June 21, 2011 04:25 PM
Sen. Oppenheimer and Sen. Montgomery on S.2357 @ 36:30 minutes. Senators demonstrate responsible data stewardship. S.2357 excerpt: [(C) UNLESS OTHERWISE ALLOWED BY LAW, A SCHOOL MAY NOT, EVEN WITH THE AFFIRMATIVE CONSENT OF THE PARENT OF THE STUDENT IN ATTENDANCE OR THE ELIGIBLE STUDENT IN ATTENDANCE, DISCLOSE PERSONALLY IDENTIFIABLE STUDENT INFORMATION FOR A COMMERCIAL, FOR-PROFIT ACTIVITY INCLUDING BUT NOT LIMITED TO USE FOR: (I) MARKETING PRODUCTS OR SERVICES; (II) SELLING PERSONALLY IDENTIFIABLE STUDENT INFORMATION FOR USE IN MARKETING PRODUCTS OR SERVICES; (III) CREATING OR CORRECTING AN INDIVIDUAL OR HOUSEHOLD PROFILE; (IV) COMPILATION OF A STUDENT LIST; (V) SALE OF THE INFORMATION FOR ANY COMMERCIAL PURPOSE; OR (VI) ANY OTHER PURPOSE CONSIDERED BY THE SCHOOL AS LIKELY TO BE A COMMERCIAL, FOR-PROFIT ACTIVITY. (D) IN MAKING AN ALLOWABLE DISCLOSURE UNDER THIS SUBDIVISION, A SCHOOL MAY ONLY DISCLOSE THE MINIMUM AMOUNT OF INFORMATION NECESSARY TO ACCOM PLISH THE PURPOSE OF THE DISCLOSURE.]
New York Senate; S.2357-B
Date CapturedTuesday June 07, 2011 12:07 PM
This bill, sponsored by Sen. Oppenheimer, restricts the sale of student PII and requires affirmative consent for the release of sensitive information.
Education New York comments re Student Privacy submitted to FERPA NPRM - May 23, 2011
Date CapturedMonday May 23, 2011 09:22 PM
Document ID: ED-2011-OM-0002-0001: Family Educational Rights and Privacy. The proposed changes to FERPA do not adequately address the capacity of marketers and other commercial enterprises to capture, use, and re-sell student information. Even with privacy controls in place, it is also far too easy for individuals to get a hold of student information and use it for illegal purposes, including identity theft, child abduction in custody battles, and domestic violence. Few parents are aware, for example, that anyone can request -- and receive -- a student directory from a school. Data and information breaches occur every day in Pre-K-20 schools across the country, so that protecting student privacy has become a matter of plugging holes in a dyke rather than advancing a comprehensive policy that makes student privacy protection the priority.
Supporting Data Use While Protecting the Privacy, Security and Confidentiality of Student Information
Date CapturedMonday May 02, 2011 06:28 PM
Data Quality Campaign: [Meet the moral and legal responsibility to respect the privacy and the confidentiality of students’ personally identifiable information; Mitigate risks related to the intentional and unintentional misuse of data, which are amplified by the digital nature of today’s society in which more information — in education and every sector — is housed and shared in electronic and web-based forms; and ensure clarity around roles and responsibilities, including states’ authority to share data, in what form the data can be shared, at what level of detail, with whom and with what protections in place.]
DQC: The American Recovery and Reinvestment Act (ARRA) Support for State Longitudinal Data Systems (SLDS)
Date CapturedFriday April 22, 2011 05:06 PM
Data Quality Campaign - The American Recovery and Reinvestment Act provides federal support to states to further build and promote the use of statewide longitudinal data systems. This document includes: 1. ARRA Overview and Data Systems; a. American Recovery and Reinvestment Act; b. America COMPETES Act; 2. State Stabilization Funds and Assurances 3. Institute of Education Sciences State Longitudinal Data Systems Grants: a. American Recovery and Reinvestment Act – IES Funding; 4. U.S. Department of Education Guidance on Implementation of ARRA : a. Fact sheet: The American Recovery and Reinvestment Act of 2009: Saving and Creating Jobs and Reforming Education; b. Letter to Governors from Secretary of Education Arne Duncan c. Implementing the American Recovery Act – Letter from Secretary of Education Arne Duncan
U.S. Department of Education (USED) Safeguarding Student Privacy 
Date CapturedFriday April 08, 2011 06:38 PM
The use of data is vital to ensuring the best education for our children.  However, the benefits of using  student data must always be balanced with the need to protect students’ privacy rights.  Students and their  parents should expect that their personal information is safe, properly collected and maintained and that it is  used only for appropriate purposes and not improperly redisclosed.  It is imperative to protect students’  privacy to avoid discrimination, identity theft or other malicious and damaging criminal acts.  All education  data holders must act responsibly and be held accountable for safeguarding students’ personally identifiable  information – from practitioners of early learning to those developing systems across the education  continuum (P-20) and from schools to their contractors.  The need for articulated privacy protections and  data security continues to grow as Statewide Longitudinal Data Systems (SLDS) are built and more education  records are digitized and shared electronically.  As States develop and refine their information management  systems, it is critical that they ensure that student information continues to be protected and that students’  personally identifiable information is disclosed only for authorized purposes and under the circumstances  permitted by law.  All P-20 stakeholders should be involved in the development of these statewide systems  and protection policies.    
United States House of Representatives Committee on Education and Labor Hearing on “How Data Can be Used to Inform Educational Outcomes” April 14, 2010
Date CapturedMonday March 14, 2011 07:36 PM
1. States are warehousing sensitive information about identifiable children. 2. The Fordham CLIP study documents that privacy protections are lacking and rules need to be developed and implemented to assure that children’s educational records are adequately protected. 3. As part of basic privacy standards, strong data security is necessary to minimize the risks of data invasions, scandals and melt-downs from centralized databases of children’s personal information. Statement of Joel R. Reidenberg, Professor of Law and Founding Academic Director Center on Law and Information Policy, Fordham University School of Law New York, NY
GAMMILL v USED - USA Merit System Board documents
Date CapturedMonday March 14, 2011 01:14 PM
Proposed regulatory (not statutory) change vastly expands term authorized representative well beyond these four 3 entities: Comptroller General of US, Secretary, Attorney General, and state or local education authorities. (See pages 10 and 11)
PAUL GAMMILL v U.S. DEPARTMENT OF EDUCATION
Date CapturedMonday March 14, 2011 12:44 PM
Whistleblower Retaliation lawsuit filed by Gammill against USED for retaliation of sharing an illegal attempt to circumvent FERPA. Case Number: 1:2011cv00409; Filed: February 18, 2011; Court: District Of Columbia District Court; Office: Washington, DC Office; County: 88888; Presiding Judge: John D. Bates
P-20 Data System with Instructional Reporting
Date CapturedThursday March 10, 2011 09:18 PM
2010 SLDS P-20 Best Practice Conference - Summary: The Statewide Longitudinal Data Systems Grant Program (SLDS) hosted the 2010 SLDS P-20 Best Practice Conference on November 16–17, 2010, in Washington, DC. The meeting served as a forum for dialogue, collaboration, and the sharing of best practices, providing the opportunity for more than 150 representatives from forty-nine states and the District of Columbia. FY 2006, FY 2007, FY 2009, and FY 2009 ARRA grantee states shared solutions and ideas with one another and took home information on topics identified as critical to their projects in the upcoming year.
Data Quality Campaign (DQC) archived webcasts/events
Date CapturedMonday March 07, 2011 06:20 PM
Amazing SLDS/longitudinal database resource.
Data Quality Campaign Release of Data for Action 2010: DQC's State Analysis
Date CapturedMonday March 07, 2011 06:15 PM
On February 16, 2011 DQC discussed the results of its sixth annual state analysis Data for Action 2010, a powerful policymaking tool to drive education leaders to use data in decision making. Data for Action is a series of analyses on states’ ability to collect and use data to improve student success. It provides transparency about state progress and priority actions they need to take to collect and use longitudinal data to improve student success.
Basic Concepts and Definitions for Privacy and Confidentiality in Student Education Records
Date CapturedThursday March 03, 2011 01:21 PM
NCES 2011-601 This first brief discusses basic concepts and definitions that establish a common set of terms related to the protection of personally identifiable information, especially in education records.
Recommendations on Data Security and Privacy Protections
Date CapturedSaturday February 19, 2011 11:00 PM
Excerpted from the Data Protections Report submitted to the U.S. Department of Education’s Performance Information Management Service by Highlight Technologies on June 16, 2010. (Where is original report and comments?)
NCES 2011-602 Data Stewardship: Managing Personally Identifiable Information in Electronic Student Education Records
Date CapturedTuesday January 04, 2011 09:55 PM
SLDS Technical Brief - Guidance for Statewide Longitudinal Data Systems (SLDS) [A privacy and data protection program for student education records must include an array of rules and procedures for protecting PII held in the record system. It also must include a full set of public disclosures of the existence and uses of the information included in the data system, a description of all parents’ or eligible students’ rights to review and appeal the contents of an individual education record and of their rights and the procedures to appeal a violation. ]*****[A school directory may include PII such as a student’s name, grade level, and contact information. Taken by itself, the release of this information is not harmful to a student. However, when combined with the student’s Social Security Number or another identifier and the student’s education record, this information has the potential for violating a student’s right to privacy. The release of this combined record could lead to harm or embarrassment. Thus, the privacy and data protection program should focus on PII that will be maintained in the electronic student record system with its likely wealth of student data.2}
Directory Information Part 1 (WAV file, no text -- it's audio)
Date CapturedSunday December 26, 2010 05:36 PM
EDNY comments on Data Quality Campaign webcast with US ED response. See Part 2 for continuation of conversation.
Directory Information Part 2 (This file is an audio 'wav' file)
Date CapturedSunday December 26, 2010 05:23 PM
Part 2 of EDNY comments on Data Quality Campaign webcast with US ED response.
New York State Student Information Repository System (SIRS) Manual
Date CapturedWednesday December 22, 2010 08:44 PM
New York State Student t Information Repository System (SIRS) Manual; Reporting Data for the 2010–11 School Year (SEE APPENDIX 19)
K-12 Education: Many Challenges Arise in Educating Students Who Change Schools Frequently
Date CapturedMonday December 20, 2010 09:20 PM
GAO-11-40 November 18, 2010 - The recent economic downturn, with foreclosures and homelessness, may be increasing student mobility.
Many States Collect Graduates’ Employment Information, but Clearer Guidance on Student Privacy Requirements Is Needed
Date CapturedMonday December 13, 2010 09:17 AM
GAO-10-927 - GAO recommends that Education clarify means by which states can collect and share graduates’ employment information under the Family Educational Rights and Privacy Act (FERPA) and establish a time frame for doing so. Education agreed with the recommendation.
Congress Should Consider Alternatives for Strengthening Protection of Personally Identifiable Information
Date CapturedTuesday September 28, 2010 02:51 PM
GAO-08-795T : In its report GAO identified alternatives that the Congress should consider, including revising the scope of privacy laws to cover all personal information, requiring that the use of such information be limited to a specific purpose, and revising the structure and publication of privacy notices.
Education and Workforce Data Connections: A Primer on States’ Status
Date CapturedWednesday April 14, 2010 06:16 PM
Data Quality Campaign - [States are currently working to connect education and workforce data, however, states are far from reaching the goal of having data systems that can link across the P-20/Workforce spectrum. To connect these education and workforce databases, states should engage a broad range of stakeholders to: 1. Prioritize, through broad-based stakeholder input, the critical policy questions to drive the development and use of longitudinal data systems. 2. Ensure data systems are interoperable within and across agencies and states by adopting or developing common data standards, definitions and language. 3. Protect personally identifiable information through governance policies and practices that promote the security of the information while allowing appropriate data access and sharing.]
Clash Over Student Privacy
Date CapturedTuesday March 09, 2010 05:05 PM
This document should not be shared due to copyright. Inside Higher Ed - [WASHINGTON -- The U.S. Education Department has fired the top federal official charged with protecting student privacy, in what the dismissed official says was a conflict with the agency's political leaders over their zeal to encourage the collection of data about students' academic performance. Paul Gammill says he was physically escorted out of the department's offices on a Friday morning last month after he refused to resign as director of the agency's Family Policy Compliance Office. Administration officials said that "[p]rivacy laws require us to keep certain employment matters confidential, so we cannot comment on Mr. Gammill. But Gammill, not so encumbered, maintains that he was dismissed because, on several occasions, he argued in internal meetings and documents that the department's approach to prodding states to expand their longitudinal student data systems violated the Family Educational Rights and Privacy Act, which protects the privacy of students' educational records.]
Putting Private Info on Government Database
Date CapturedTuesday March 09, 2010 04:34 PM
Phyllis Schlafly writes - [The Fordham report made numerous recommendations to beef up student privacy, such as collecting only information relevant to articulated purposes, purging unjustified data, enacting time limits for data retention and hiring a chief privacy officer for each state. There is no indication that these suggestions will be implemented. The Obama Department of Education officials believe that collecting personally identifiable data is "at the heart of improving schools and school districts." One of the four reform mandates of the Race to the Top competition is to establish pre-kindergarten to college-and-career data systems that "track progress and foster continuous improvement."]
Data Quality Campaign Quarterly Issue Meeting: Linking Data Across Agencies: States That Are Making It Work
Date CapturedMonday November 09, 2009 07:27 PM
The Data Quality Campaign (DQC) will host Linking Data Across Agencies: States That Are Making It Work on Thursday, November 12, 2009 from 2:30 to 4:30 P.M. (ET) in Washington, DC at the Hall of the States, 444 North Capitol Street, Room 233-235. This meeting will highlight leading states that are successfully linking data across systems and agencies to answer critical policy questions aimed at improving student achievement. A corresponding issue brief co-authored by the DQC and the Forum for Youth Investment will be released at the meeting that captures the current status of states’ ability to link data across agencies and provide several state case studies that capture promising strategies to sharing individual-level data across systems and agencies to improve student achievement. Registration to attend in person is required by Tuesday November 10, 2009 and strongly encouraged if participating in the interactive webcast. Seating is limited, so please sign up early! A video of this session and corresponding issue brief will be available at the campaign’s Web site after November 16, 2009.
CHILDREN’S EDUCATIONAL RECORDS AND PRIVACY -- A STUDY OF ELEMENTARY AND SECONDARY SCHOOL STATE REPORTING SYSTEMS -- October 28, 2009
Date CapturedFriday October 30, 2009 09:44 AM
[The Study reports on the results of a survey of all fifty states and finds that state educational databases across the country ignore key privacy protections for the nation's K-12 children. The Study finds that large amounts of personally identifiable data and sensitive personal information about children are stored by the state departments of education in electronic warehouses or for the states by third party vendors. These data warehouses typically lack adequate privacy protections, such as clear access and use restrictions and data retention policies, are often not compliant with the Family Educational Rights and Privacy Act, and leave K-12 children unprotected from data misuse, improper data release, and data breaches. The Study provides recommendations for best practices and legislative reform to address these privacy problems.] Joel R. Reidenberg, Professor of Law and Founding Academic Director of CLIP Jamela Debelak, Esq., Executive Director of CLIP

Migrant Education

K-12 Education: Many Challenges Arise in Educating Students Who Change Schools Frequently
Date CapturedMonday December 20, 2010 09:20 PM
GAO-11-40 November 18, 2010 - The recent economic downturn, with foreclosures and homelessness, may be increasing student mobility.

MOOC

What Campus Leaders Need to Know About MOOCs
Date CapturedFriday February 08, 2013 12:59 PM
MOOC ALERT
Date CapturedWednesday February 06, 2013 02:09 PM
MOOCs are MASSIVE OPEN ONLINE COURSES
What Campus Leaders Need to Know About MOOCs
Date CapturedFriday February 01, 2013 10:42 PM
An EDUCAUSE Executive Briefing on MASSIVE OPEN ONLINE COURSES (MOOCs)

NCLB

New York State Student Information Repository System (SIRS) Manual
Date CapturedWednesday December 22, 2010 08:44 PM
New York State Student t Information Repository System (SIRS) Manual; Reporting Data for the 2010–11 School Year (SEE APPENDIX 19)
Education and Workforce Data Connections: A Primer on States’ Status
Date CapturedWednesday April 14, 2010 06:16 PM
Data Quality Campaign - [States are currently working to connect education and workforce data, however, states are far from reaching the goal of having data systems that can link across the P-20/Workforce spectrum. To connect these education and workforce databases, states should engage a broad range of stakeholders to: 1. Prioritize, through broad-based stakeholder input, the critical policy questions to drive the development and use of longitudinal data systems. 2. Ensure data systems are interoperable within and across agencies and states by adopting or developing common data standards, definitions and language. 3. Protect personally identifiable information through governance policies and practices that promote the security of the information while allowing appropriate data access and sharing.]

New York State

NEW YORK PUBLIC OFFICERS LAW, ARTICLE 6 SECTIONS 84-90 FREEDOM OF INFORMATION LAW
Date CapturedMonday March 14, 2011 06:20 PM
Freedom of Information Law PUBLIC OFFICERS LAW, ARTICLE 6 SECTIONS 84-90 FREEDOM OF INFORMATION LAW: [iii. sale or release of lists of names and addresses if such lists would be used for solicitation or fund-raising purposes;]

NYC Schools

NYC Schools Parents Bill of Rights
Date CapturedMonday February 14, 2011 09:49 PM
Parents have the right to: 12. consent to disclosures of personally identifiable information contained in the student’s education records, except to the extent that Family Educational Rights and Privacy Act (FERPA) and Chancellor’s Regulation A-820 authorize disclose without consent.
NYC P-3 SCHOOL FAMILY HANDBOOK
Date CapturedSunday February 13, 2011 05:39 PM
See page 19 for information deemed appropriate to release about 4 year old CHILDREN.
CONFIDENTIALITY AND RELEASE OF STUDENT RECORDS; RECORDS RETENTION
Date CapturedSunday February 13, 2011 03:13 PM
This regulation supersedes New York City Chancellor’s Regulation A-820 dated July 8, 2008. Changes: • The regulation was revised to conform to amendments to federal regulations under the Family Educational Rights and Privacy Act (“FERPA”).

OMB

M-03-22, OMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002
Date CapturedTuesday March 15, 2011 10:00 PM
A. Definitions; Information in identifiable form- is information in an IT system or online collection: (i) that directly identifies an individual (e.g., name, address, social security number or other identifying number or code, telephone number, email address, etc.) or (ii) by which an agency intends to identify specific individuals in conjunction with other data elements, i.e., indirect identification. (These data elements may include a combination of gender, race, birth date, geographic indicator, and other descriptors).2Information in identifiable form is defined in section 208(d) of the Act as "any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means." Information "permitting the physical or online contacting of a specific individual" (see section 208(b)(1)(A)(ii)(II)) is the same as "information in identifiable form."

Opt-Out

Opt-Out 2014: Protect Children video
Date CapturedTuesday August 12, 2014 06:39 PM
DECEMBER 2011 – REVISED FERPA REGULATIONS: AN OVERVIEW FOR PARENTS AND STUDENTS
Date CapturedMonday November 12, 2012 11:00 AM
It is important for schools to have directory information policies, as schools may not do even mundane activities (such as publishing yearbooks or creating graduation programs) without having designated the items about the students contained in the publications as directory information. For example, without a directory information policy, FERPA would require schools to obtain consent for every student every time it wants to publish a yearbook. However, many schools have been forgoing designations of directory information, as they have concluded that such designations would put students at risk of becoming targets of marketing campaigns, the media, or even victims of criminal acts
New York State Sample Parental Notice Language for 2011-2012 School Year
Date CapturedTuesday January 24, 2012 01:44 PM
If you do not wish to have your child’s weight status group information included as part of the Health Department’s survey this year, please print and sign your name below and return this form:
FERPA: Guidance for Reasonable Methods & Agreements
Date CapturedTuesday December 20, 2011 04:45 PM
Example of customized opt-out form
Date CapturedSunday September 04, 2011 07:45 PM
COLLEGE OF CHARLESTON FERPA DIRECTORY INFORMATION OPT-OUT FORM - note parents or college students have choices as to which information they want to share.

Parent Involvement

FLORIDA HB 543
Date CapturedTuesday January 31, 2012 07:09 PM
Bill to be entitled: An act relating to parental involvement and accountability in public schools; creating s. 1008.347, F.S.; providing purpose to provide information and tools to parents of prekindergarten through grade 5 students and to set minimum standards for parental involvement; specifying causes for student underachievement; requiring shared information between teachers, schools, and parents; requiring prekindergarten through grade 5 teachers to evaluate parental involvement and send a parental involvement evaluation to parents under certain circumstances; requiring adoption of a process to dispute a parental involvement evaluation; requiring reports on parental involvement evaluations by district school boards and the Department of Education; providing for implementation;.

PPRA

Family Policy Compliance Office (FPCO)
Date CapturedWednesday November 04, 2009 05:04 PM
The mission of the Family Policy Compliance Office (FPCO) is to meet the needs of the Department's primary customers--learners of all ages--by effectively implementing two laws that seek to ensure student and parental rights in education: the Family Educational Rights and Privacy Act (FERPA) and the Protection of Pupil Rights Amendment (PPRA).
Protection of Pupil Rights Amendment (PPRA)
Date CapturedFriday October 30, 2009 11:00 AM
Protection of Pupil Rights Amendment (PPRA) The Protection of Pupil Rights Amendment (PPRA) (20 U.S.C. § 1232h; 34 CFR Part 98) applies to programs that receive funding from the U.S. Department of Education (ED). PPRA is intended to protect the rights of parents and students .

Privacy

“The Right to Privacy”
Date CapturedSaturday December 11, 2010 05:58 PM
Warren and Brandeis - Harvard Law Review. Vol. IV - December 15, 1890 - No. 5 [Recent inventions and business methods call attention to the next step which must be taken for the protection of the person, and for securing to the individual what Judge Cooley calls the right "to be let alone" [10] Instantaneous photographs and newspaper enterprise have invaded the sacred precincts of private and domestic life; and numerous mechanical devices threaten to make good the prediction that "what is whispered in the closet shall be proclaimed from the house-tops." For years there has been a feeling that the law must afford some remedy for the unauthorized circulation of portraits of private persons;[11] and the evil of invasion of privacy by the newspapers, long keenly felt, has been but recently discussed by an able writer.[12] The alleged facts of a somewhat notorious case brought before an inferior tribunal in New York a few months ago,[13] directly involved the consideration of the right of circulating portraits; and the question whether our law will recognize and protect the right to privacy in this and in other respects must soon come before our courts for consideration.]

Privacy Harm

The Problems Of Web Surveillance
Date CapturedTuesday January 11, 2011 08:54 AM
Clarification by Ryan Calo: 1) Consumers do not understand the circumstances under which the government may gain access to their data. 2) Electronic privacy laws are outdated and do not reflect contemporary technology or practices. 3) Regardless of the government’s motives, certain practices threaten to chill free speech and should be viewed with great skepticism.
The Boundaries of Privacy Harm
Date CapturedSaturday July 17, 2010 07:00 PM
M. Ryan Calo -- Stanford Law School -- July 16, 2010 -- Abstract: [This Essay describes the outer boundaries and core properties of privacy harm. Properly understood, privacy harm falls into just two categories. The subjective category of privacy harm is the unwanted perception of observation. This category describes unwelcome mental states—anxiety, embarrassment, fear—that stem from the belief that one is being watched or monitored. Examples include everything from a landlord listening in on his tenants to generalized government surveillance. The objective category of privacy harm is the unanticipated or coerced use of information concerning a person against that person. These are negative, external actions justified by reference to personal information. Examples include identity theft, the leaking of classified information that reveals an undercover agent, and the use of a drunk-driving suspect’s blood as evidence against him. The subjective and objective categories of privacy harm are distinct but related. Just as assault is the apprehension of battery, so is the unwanted perception of observation largely an apprehension of information-driven injury. The categories represent, respectively, the anticipation and consequence of a loss of control over personal information. The approach offers several advantages. It uncouples privacy harm from privacy violations, demonstrating that no person need commit a privacy violation for privacy harm to occur (and vice versa). It creates a “limiting principle” capable of revealing when another value—autonomy or equality, for instance—is more directly at stake. It also creates a “rule of recognition” that permits the identification of a privacy harm when no other harm is apparent. Finally, the approach permits the sizing and redress of privacy harm in novel ways.]

Race to the Top (RttT)

Race to the Top Reform Flow Chart
Date CapturedSaturday September 29, 2012 10:04 AM
State and District Receipt of Recovery Act Funds
Date CapturedFriday September 21, 2012 03:09 PM
A Report From Charting the Progress of Education Reform: An Evaluation of the Recovery Act’s Role; SEPTEMBER 2012: The American Recovery and Reinvestment Act (ARRA or the Recovery Act) of 2009 provided an unprecedented level of funding designed to “stimulate the economy in the short-term and invest wisely, using these funds to improve schools, raise achievement, drive reforms and produce better results for children and young people for the long-term health of our nation.”1 The distribution of Recovery Act funds was intended to reflect these multiple goals. Nearly $97.4 billion were allocated to the U.S. Department of Education (ED), of which $70.6 billion were awarded by ED for primary and secondary (K-12) education through existing and new federal programs.2 These funds were distributed to states and districts using formulas based primarily on population and student poverty and through competitive grants. In return for grants, Recovery Act recipients were required to commit to four core reforms or assurances: 1. Adopting rigorous college-ready and career-ready standards and high-quality assessments, 2. Establishing data systems and using data to improve performance, 3. Increasing educator effectiveness and the equitable distribution of effective educators, and 4. Turning around the lowest-performing schools.
NEW YORK: RACE TO THE TOP ANNUAL PERFORMANCE REPORT
Date CapturedFriday January 20, 2012 02:57 PM
New York faces the ongoing challenge of communicating and collaborating with its various stakeholders. Similarly, the complexity of reviewing and approving Scopes of Work, budgets, expenditures, and evaluation plans for all of the State’s participating LEAs presented a formidable task that required a high level of strategic planning and logistical coordination by NYSED leadership. The State is working to overcome these challenges by investing in communication tools and leveraging other quality-control methods (such as a new online expenditure reporting tool) in order to increase its responsiveness and efficiency in the future.
RACE TO THE TOP: Reform Efforts Are Under Way and Information Sharing Could Be Improved
Date CapturedSunday January 15, 2012 08:51 AM
State officials GAO interviewed said their states took a variety of actions to be competitive for RTT grants. Of the 20 states GAO interviewed, officials in 6 said their states undertook reforms, such as amending laws related to teacher evaluations, to be competitive for RTT. However, officials from 14 states said their reforms resulted from prior or ongoing efforts and were not made to be more competitive for RTT. Grantees plan to use RTT grant funds to implement reforms in four areas. (See figure.) The largest percentage of state-level RTT funds will be used to increase the effectiveness of teachers and leaders. GAO interviewed officials in 8 nongrantee states who said they expect to continue implementing parts of their RTT plans, though at a slower pace than if they had received a grant.
Race to the Top: Characteristics of Grantees’ Amended Programs and Education’s Review Process
Date CapturedTuesday January 10, 2012 03:13 PM
GAO Findings: • According to Education officials, most amendments consisted of minor adjustments to grant budgets, activities, and timelines, and some amendments involved significant changes to the grant award. Grantees have cited a variety of reasons for these amendments, such as timeline delays and difficulty finding qualified staff. • Education established a review process in which Education officials consider amendment requests on a case-by-case basis. In addition, the department distinguishes significant amendment requests from minor requests based on how the amendment would change project timelines, budgets, performance measures, and the implementation of other related projects. Education reportedly applied greater scrutiny to requests that involved significant changes to grantees’ planned activities, often by requiring that grantees provide additional information or seek consultation from issue- area experts within the department. Rather than reject amendment requests, Education officials explained that they generally asked grantees to resubmit requests with more information.
Education New York comments re Student Privacy submitted to FERPA NPRM - May 23, 2011
Date CapturedMonday May 23, 2011 09:22 PM
Document ID: ED-2011-OM-0002-0001: Family Educational Rights and Privacy. The proposed changes to FERPA do not adequately address the capacity of marketers and other commercial enterprises to capture, use, and re-sell student information. Even with privacy controls in place, it is also far too easy for individuals to get a hold of student information and use it for illegal purposes, including identity theft, child abduction in custody battles, and domestic violence. Few parents are aware, for example, that anyone can request -- and receive -- a student directory from a school. Data and information breaches occur every day in Pre-K-20 schools across the country, so that protecting student privacy has become a matter of plugging holes in a dyke rather than advancing a comprehensive policy that makes student privacy protection the priority.
New York State Race to the Top Application
Date CapturedWednesday March 16, 2011 10:54 AM
New York State submitted its Phase II Race to the Top application to the U.S. Department of Education on June 1. On August 24, the U.S. Department of Education announced that New York State had been awarded $696,646,000 as a winner in the second round of the federal Race to the Top competition. The application and related documents are posted below: Selection Criteria and Competition Priorities (4.05 MB) Appendices (28.88 MB) Participating LEA Memorandum of Understanding and Preliminary Scope of Work (Exhibit I) (63 KB) Frequently Asked Questions and Answers (57 KB) The Regents Education Reform Plan and New York State's Race to the Top (RTTT) Application Summary | PDF (41 KB) Legislation in Support of Race to the Top Application

Records Management

CONFIDENTIALITY AND RELEASE OF STUDENT RECORDS; RECORDS RETENTION
Date CapturedSunday February 13, 2011 03:13 PM
This regulation supersedes New York City Chancellor’s Regulation A-820 dated July 8, 2008. Changes: • The regulation was revised to conform to amendments to federal regulations under the Family Educational Rights and Privacy Act (“FERPA”).
New York State Student Information Repository System (SIRS) Manual
Date CapturedWednesday December 22, 2010 08:44 PM
New York State Student t Information Repository System (SIRS) Manual; Reporting Data for the 2010–11 School Year (SEE APPENDIX 19)
K-12 Education: Many Challenges Arise in Educating Students Who Change Schools Frequently
Date CapturedMonday December 20, 2010 09:20 PM
GAO-11-40 November 18, 2010 - The recent economic downturn, with foreclosures and homelessness, may be increasing student mobility.

Research

Statistical Methods for Protecting Personally Identifiable Information in Aggregate Reporting
Date CapturedThursday March 03, 2011 01:36 PM
NCES 2011-603 Building on current best practices, the Brief outlines reporting recommendations. Primarily, the goal of these reporting recommendations is to maximize the reporting of student outcomes while protecting students’ personally identifiable information.

Resource Links

Key Terms/Definitions in Privacy and Confidentiality
Date CapturedThursday January 06, 2011 02:23 PM
American Statistical Association's Privacy and Confidentiality Committee

School Day

The Handbook for Campus Safety and Security Reporting
Date CapturedFriday March 11, 2011 07:35 PM
FERPA does not preclude an institution’s compliance with the timely warning provision of the campus security regulations. FERPA recognizes that information can, in case of an emergency, be released without consent when needed to protect the health and safety of others. In addition, if institutions utilize information from the records of a campus law enforcement unit to issue a timely warning, FERPA is not implicated as those records are not protected by FERPA. U.S. Department of Education, Office of Postsecondary Education, The Handbook for Campus Safety and Security Reporting, Washington, D.C., 2011.

School Safety

EDUCATION INTERRUPTED: The Growing Use of Suspensions in New York City’s Public Schools
Date CapturedThursday October 13, 2011 04:16 PM
This report analyzes 449,513 suspensions served by New York City students from 1999 to 2009 to draw a picture of zero tolerance practices in the nation’s largest school district. The number of suspensions served each school year has nearly doubled in a decade—even though the student population has decreased over the same period—sending a clear message that public education is a reward for “good” behavior, rather than a fundamental right. This section explains the methodology we used to analyze the suspension data, and provides valuable background on zero tolerance discipline. Section II provides an overview of New York City disciplinary policies and practices. It examines the ever- increasing emphasis on out-of-class and out-of-school suspensions in New York City’s Discipline Code, which governs student behavior. This section also analyzes the impact that NYPD school safety officers have had on the increasing reliance on suspensions and arrests as primary disciplinary tools. Section III analyzes 10 years of school discipline data in New York City, explaining the data behind our conclusions. Finally, the report concludes with our recommendations for the DOE, as well as city and state lawmakers.
Breaking Schools’ Rules: A Statewide Study of How School Discipline Relates to Students’ Success and Juvenile Justice Involvement
Date CapturedTuesday August 02, 2011 10:09 AM
This report was prepared by the Council of State Governments Justice Center in partnership with the Public Policy Research Institute at Texas A&M University. Key findings in the report include the following: 1. Nearly six in ten public school students studied were suspended or expelled at least once between their seventh- and twelfth-grade school years. 2. African-American students and those with particular educational disabilities were disproportionately likely to be removed from the classroom for disciplinary reasons. 3. Students who were suspended and/or expelled, particularly those who were repeatedly disciplined, were more likely to be held back a grade or to drop out than were students not involved in the disciplinary system. 4. When a student was suspended or expelled, his or her likelihood of being involved in the juvenile justice system the subsequent year increased significantly. 5. Suspension and expulsion rates among schools—even those schools with similar student compositions and campus characteristics—varied significantly.
Balancing Student Privacy and School Safety: A Guide to the Family Educational Rights and Privacy Act for Elementary and Secondary Schools
Date CapturedMonday July 25, 2011 01:51 PM
Many school districts employ security staff to monitor safety and security in and around schools. Some schools employ off-duty police officers as school security officers, while others designate a particular school official to be responsible for referring potential or alleged violations of law to local police authorities. Under FERPA, investigative reports and other records created and maintained by these "law enforcement units" are not considered "education records" subject to FERPA. Accordingly, schools may disclose information from law enforcement unit records to anyone, including outside law enforcement authorities, without parental consent. See 34 CFR § 99.8. While a school has flexibility in deciding how to carry out safety functions, it must also indicate to parents in its school policy or information provided to parents which office or school official serves as the school's "law enforcement unit." (The school's notification to parents of their rights under FERPA can include this designation. As an example, the U.S. Department of Education has posted a model notification on the Web at: http://www.ed.gov /policy/gen/guid/fpco/ferpa/lea-officials.html.) Law enforcement unit officials who are employed by the school should be designated in its FERPA notification as "school officials" with a "legitimate educational interest." As such, they may be given access to personally identifiable information from students' education records. The school's law enforcement unit officials must protect the privacy of education records it receives and may disclose them only in compliance with FERPA. For that reason, it is advisable that law enforcement unit records be maintained separately from education records.
Addressing Emergencies on Campus June 2011
Date CapturedTuesday June 28, 2011 06:32 PM
United States Department of Education (USED) : Summary of two applicable Federal education laws administered by the Department of Education (Department): the Family Educational Rights and Privacy Act (FERPA) and the Higher Education Act of 1965 (HEA), as amended. This Federal component is only one piece of what is necessary to consider in ensuring the safety of our Nation’s students, faculty, and school staff. A comprehensive and effective campus policy must incorporate all Federal and State policies regarding health and safety emergencies, education, student privacy, civil rights, and law enforcement, as well as specific local community needs.
Campus Attacks:Targeted Violence Affecting Institutions of Higher Education
Date CapturedTuesday January 18, 2011 01:53 PM
The report included a recommendation that the U.S. Secret Service, U.S. Department of Education, and the Federal Bureau of Investigation explore the issue of violence at institutions of higher education. Accordingly, the three agencies initiated a collaborative effort, the goal of which was to understand the scope of the problem of targeted violence at these institutions in the United States. In total, 272 incidents were identified through a comprehensive search of open-source reporting from 1900 [their typo] to 2008. The incidents studied include various forms of targeted violence, ranging from domestic violence to mass murder. The findings should be useful for campus safety professionals charged with identifying, assessing, and managing violence risk at institutions of higher education.
Identifying Violence-prone Students
Date CapturedThursday January 13, 2011 02:02 PM
The fine line higher education officials walk in dealing with troubled students is discussed.
K-12 EDUCATION - Selected Cases of Public and Private Schools That Hired or Retained Individuals with Histories of Sexual Misconduct
Date CapturedFriday December 17, 2010 01:00 PM
GAO-11-200 ; GAO examined show that individuals with histories of sexual misconduct were hired or retained by public and private schools as teachers, support staff, volunteers, and contractors.

School-Prison-Pipeline

EDUCATION INTERRUPTED: The Growing Use of Suspensions in New York City’s Public Schools
Date CapturedThursday October 13, 2011 04:16 PM
This report analyzes 449,513 suspensions served by New York City students from 1999 to 2009 to draw a picture of zero tolerance practices in the nation’s largest school district. The number of suspensions served each school year has nearly doubled in a decade—even though the student population has decreased over the same period—sending a clear message that public education is a reward for “good” behavior, rather than a fundamental right. This section explains the methodology we used to analyze the suspension data, and provides valuable background on zero tolerance discipline. Section II provides an overview of New York City disciplinary policies and practices. It examines the ever- increasing emphasis on out-of-class and out-of-school suspensions in New York City’s Discipline Code, which governs student behavior. This section also analyzes the impact that NYPD school safety officers have had on the increasing reliance on suspensions and arrests as primary disciplinary tools. Section III analyzes 10 years of school discipline data in New York City, explaining the data behind our conclusions. Finally, the report concludes with our recommendations for the DOE, as well as city and state lawmakers.
Breaking Schools’ Rules: A Statewide Study of How School Discipline Relates to Students’ Success and Juvenile Justice Involvement
Date CapturedTuesday August 02, 2011 10:09 AM
This report was prepared by the Council of State Governments Justice Center in partnership with the Public Policy Research Institute at Texas A&M University. Key findings in the report include the following: 1. Nearly six in ten public school students studied were suspended or expelled at least once between their seventh- and twelfth-grade school years. 2. African-American students and those with particular educational disabilities were disproportionately likely to be removed from the classroom for disciplinary reasons. 3. Students who were suspended and/or expelled, particularly those who were repeatedly disciplined, were more likely to be held back a grade or to drop out than were students not involved in the disciplinary system. 4. When a student was suspended or expelled, his or her likelihood of being involved in the juvenile justice system the subsequent year increased significantly. 5. Suspension and expulsion rates among schools—even those schools with similar student compositions and campus characteristics—varied significantly.

Smart Grid

Groups Urge California PUC to Adopt Rules to Protect Consumer Privacy
Date CapturedSunday March 14, 2010 08:54 PM
infozine reports [San Francisco, CA - infoZine - Privacy advocates are warning that "smart meters" intended to precisely measure and control home electrical consumption could erode the privacy of daily life unless regulators limit data collection and disclosure. In a joint filing yesterday, the Center for Democracy & Technology (CDT) and the Electronic Frontier Foundation (EFF) urged the California Public Utilities Commission (PUC) to adopt rules to protect the privacy and security of consumers' energy-usage information. The Samuelson Law, Technology & Public Policy Clinic at UC Berkeley School of Law drafted the comments for CDT. Smart meters being installed now in California will collect 750 to 3,000 data points a month per household. This detailed energy usage data can indicate whether someone is at home or out, entertaining guests, or using particular appliances. Marketers and others may seek such data. To head off misuse of the information, CDT and EFF urged the California PUC to adopt comprehensive privacy standards for the collection, retention, use and disclosure of consumers' household energy data. ]

Social Networking

ACLU: Social Networking, your privacy rights explained
Date CapturedThursday March 08, 2012 09:05 AM
The vast majority of young people living in the United States go online daily and use social networking sites like Twitter, Facebook and YouTube. With all this information-sharing, many questions about ownership of personal information and possible discipline for postings arise. This guide will answer some of those questions so that you can better understand the rights you have when using social networking both in and out of school.
Social Media: Federal Agencies Need Policies and Procedures for Managing and Protecting Information They Access and Disseminate
Date CapturedThursday July 28, 2011 06:51 PM
Federal agencies increasingly use recently developed Internet technologies that allow individuals or groups to create, organize, comment on, and share online content. The use of these social media services-- including popular Web sites like Facebook, Twitter, and YouTube-- has been endorsed by President Obama and provides opportunities for agencies to more readily share information with and solicit feedback from the public. However, these services may also pose risks to the adequate protection of both personal and government information. GAO was asked to (1) describe how federal agencies are currently using commercially provided social media services and (2) determine the extent to which agencies have developed and implemented policies and procedures for managing and protecting information associated with this use. To do this, GAO examined the headquarters-level Facebook pages, Twitter accounts, and YouTube channels of 24 major federal agencies; reviewed pertinent policies, procedures, and guidance; and interviewed officials involved in agency use of social media. Agency: Department of Education; Records management: Document processes and policies and record-keeping roles and responsibilities for how social media records are identified and managed: Did not develop policies and procedures for use of social media services; Privacy protection: Update privacy policy to discuss use of PII made available through social media: Did not develop policies and procedures for use of social media services; Privacy protection: Conduct privacy impact assessment for social media use: Developed policies and procedures that guided use of some but not all services; Security risk management: Identify security risks associated with agency use of social media and security controls to mitigate risks: Did not develop policies and procedures for use of social media services. ***** Appendix IX: Comments from the Department of Education:
FERPA and Social Media
Date CapturedThursday March 10, 2011 02:50 PM
When students are assigned to post information to public social media platforms outside of the university LMS, they should be informed that their material may be viewed by others. Students should not be required to release personal information on a public site. Instructor comments or grades on student material should not be made public. (Interestingly, grades given by other students on “peer-graded” work can be made public under FERPA). (ACE, 2008) While not clearly required by law, students under the age of 18 should get their parent’s consent to post public work. FERPA does not forbid instructors from using social media in the classroom, but common sense guidelines should be used to ensure the protection of students.
FACEBOOK - Complaint, Request for Investigation, Injunction, and Other Relief
Date CapturedMonday May 10, 2010 09:54 AM
[This complaint concerns material changes to privacy settings made by Facebook, the largest social network service in the United States, that adversely impact the users of the service. Facebook now discloses personal information to the public that Facebook users previously restricted. Facebook now discloses personal information to third parties that Facebook users previously did not make available. These changes violate user expectations, diminish user privacy, and contradict Facebook’s own representations. These business practices are Unfair and Deceptive Trade Practices, subject to review by the Federal Trade Commission (the “Commission”) under section 5 of the Federal Trade Commission Act.]
How Different are Young Adults from Older Adults When it Comes to Information Privacy Attitudes and Policies?
Date CapturedThursday April 15, 2010 06:12 PM
Chris Jay Hoofnagle - University of California, Berkeley - School of Law, Berkeley Center for Law & Technology; Jennifer King -UC Berkeley School of Information; Berkeley Center for Law & Technology; Su Li- University of California, Berkeley- School of Law, Center for the Study of Law and Society; Joseph Turow - University of Pennsylvania - Annenberg School for Communication: [Abstract: Media reports teem with stories of young people posting salacious photos online, writing about alcohol-fueled misdeeds on social networking sites, and publicizing other ill-considered escapades that may haunt them in the future. These anecdotes are interpreted as representing a generation-wide shift in attitude toward information privacy. Many commentators therefore claim that young people “are less concerned with maintaining privacy than older people are.” Surprisingly, though, few empirical investigations have explored the privacy attitudes of young adults. This report is among the first quantitative studies evaluating young adults’ attitudes. It demonstrates that the picture is more nuanced than portrayed in the popular media. ] [Among the findings: _ Eighty-eight percent of people of all ages said they have refused to give out information to a business because they thought it was too personal or unnecessary. Among young adults, 82 percent have refused, compared with 85 percent of those over 65. _ Most people — 86 percent — believe that anyone who posts a photo or video of them on the Internet should get their permission first, even if that photo was taken in public. Among young adults 18 to 24, 84 percent agreed — not far from the 90 percent among those 45 to 54. _ Forty percent of adults ages 18 to 24 believe executives should face jail time if their company uses someone's personal information illegally — the same as the response among those 35 to 44 years old.]
Facebook fights back, disallows the Suicide Machine
Date CapturedThursday January 07, 2010 08:17 PM
Los Angeles Times reports - [The Suicide Machine is a clever Web site out of the Netherlands that was designed to free users from their social network lives on Facebook, Twitter, MySpace and LinkedIn. You just pick one of the networks, start up the machine, and it graphically shows you unfriending your contacts, one by one, and eliminating all your other contacts with your profile. Forever.]

State databases

Gates Foundation COOPER on data sharing
Date CapturedThursday April 26, 2012 03:09 PM
The SLC, co-funded by the Foundation and the Carnegie Corporation of New York, "is working to change the way educational data is gathered," Cooper explained. "All of these different technologies have created islands within the schools"--islands which prevent the holistic examination of a student's data during their educational path. Even if one school has its act together and can effectively track a student in that school, what happens if that student transfers to another school? Or wants to take additional classes as an institution like the Khan Academy or Maker Faire, Cooper asked. Right now, such extracurricular learning opportunities are rarely tracked.
NEW YORK: RACE TO THE TOP ANNUAL PERFORMANCE REPORT
Date CapturedFriday January 20, 2012 02:57 PM
New York faces the ongoing challenge of communicating and collaborating with its various stakeholders. Similarly, the complexity of reviewing and approving Scopes of Work, budgets, expenditures, and evaluation plans for all of the State’s participating LEAs presented a formidable task that required a high level of strategic planning and logistical coordination by NYSED leadership. The State is working to overcome these challenges by investing in communication tools and leveraging other quality-control methods (such as a new online expenditure reporting tool) in order to increase its responsiveness and efficiency in the future.

Student Mobility

K-12 Education: Many Challenges Arise in Educating Students Who Change Schools Frequently
Date CapturedMonday December 20, 2010 09:20 PM
GAO-11-40 November 18, 2010 - The recent economic downturn, with foreclosures and homelessness, may be increasing student mobility.

Teacher Evaluation

“Study of Promising Features of Teacher Preparation Programs”
Date CapturedTuesday August 14, 2012 03:59 PM
COMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER to THE INSTITUTE OF EDUCATION SCIENCES of the DEPARTMENT OF EDUCATION Notice of New System of Records: For the foregoing reasons, the Education Department must revise its Privacy Act notice for the Study of Promising Features of Teacher Preparation Programs to: (1) limit the collection of student information to only that which is necessary and relevant; and (2) clarify the circumstances under which it will disclose information pursuant to the routine use exception.

Teacher Preparation

“Study of Promising Features of Teacher Preparation Programs”
Date CapturedTuesday August 14, 2012 03:59 PM
COMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER to THE INSTITUTE OF EDUCATION SCIENCES of the DEPARTMENT OF EDUCATION Notice of New System of Records: For the foregoing reasons, the Education Department must revise its Privacy Act notice for the Study of Promising Features of Teacher Preparation Programs to: (1) limit the collection of student information to only that which is necessary and relevant; and (2) clarify the circumstances under which it will disclose information pursuant to the routine use exception.
P-20 Data System with Instructional Reporting
Date CapturedThursday March 10, 2011 09:18 PM
2010 SLDS P-20 Best Practice Conference - Summary: The Statewide Longitudinal Data Systems Grant Program (SLDS) hosted the 2010 SLDS P-20 Best Practice Conference on November 16–17, 2010, in Washington, DC. The meeting served as a forum for dialogue, collaboration, and the sharing of best practices, providing the opportunity for more than 150 representatives from forty-nine states and the District of Columbia. FY 2006, FY 2007, FY 2009, and FY 2009 ARRA grantee states shared solutions and ideas with one another and took home information on topics identified as critical to their projects in the upcoming year.

Transparency

PTAC: Transparency Best Practices for Schools and Districts
Date CapturedFriday August 15, 2014 11:22 AM

US Department of Education

Data De-identification: An Overview of Basic Terms
Date CapturedWednesday January 16, 2013 01:35 PM
PTAC-GL, Oct 2012: In addition to defining and clarifying the distinction among several key terms, the paper provides general best practice suggestions regarding data de-identification strategies for different types of data. The information is presented in the form of an alphabetized list of definitions, followed at the end by additional resources on FERPA requirements and statistical techniques that can be used to protect student data against disclosures
FERPA: Guidance for Reasonable Methods & Agreements
Date CapturedTuesday December 20, 2011 04:45 PM
DEPARTMENT OF EDUCATION 34 CFR Part 99 in the Federal Register (76 FR 19726)
Date CapturedMonday December 05, 2011 11:20 AM
SUMMARY: The Secretary of Education (Secretary) amends the regulations implementing section 444 of the General Education Provisions Act (GEPA), which is commonly referred to as the Family Educational Rights and Privacy Act (FERPA). These amendments are needed to ensure that the U.S. Department of Education (Department or we) continues to implement FERPA in a way that protects the privacy of education records while allowing for the effective use of data. Improved access to data will facilitate States’ ability to evaluate education programs, to ensure limited resources are invested effectively, to build upon what works and discard what does not, to increase accountability and transparency, and to contribute to a culture of innovation and continuous improvement in education.
Recommendations on Data Security and Privacy Protections
Date CapturedSaturday February 19, 2011 11:00 PM
Excerpted from the Data Protections Report submitted to the U.S. Department of Education’s Performance Information Management Service by Highlight Technologies on June 16, 2010. (Where is original report and comments?)
Directory Information Part 2 (This file is an audio 'wav' file)
Date CapturedSunday December 26, 2010 05:23 PM
Part 2 of EDNY comments on Data Quality Campaign webcast with US ED response.

US Education Department

SHEEO NPRM FERPA MAY 2011
Date CapturedMonday August 05, 2013 10:35 PM
We have formally endorsed the suggestions from the Data Quality Campaign (DQC) and acknowledge the value of the specific comments and suggestions they have provided.
WESTERN INTERSTATE COMMISSION FOR HIGHER EDUCATION (WICHE)
Date CapturedMonday April 08, 2013 11:39 PM
FACT SHEET: UNLOCKING THE POWER OF EDUCATION DATA FOR ALL AMERICANS
Date CapturedFriday February 08, 2013 12:41 PM
EPIC V US ED Defendant Statement of ISSUES
Date CapturedTuesday February 05, 2013 11:26 AM
EPIC v US ED
Date CapturedMonday January 21, 2013 01:46 PM
PLAINTIFFS’ CROSS-MOTION FOR SUMMARY JUDGMENT AND MEMORANDUM OPPOSING DEFENDANT’S MOTION TO DISMISS AND MOTION FOR SUMMARY JUDGMENT
EPIC v US ED (US ED answer)
Date CapturedFriday May 04, 2012 02:53 PM
APPENDIX A: FERPA Guidance for Reasonable Methods and Written Agreements
Date CapturedThursday January 05, 2012 05:57 PM
FERPA represents the floor for protecting [student] privacy, not the ceiling. PAGE A-5 Federal Register/Vol. 76, No. 232/Friday, December 2, 2011/Rules and Regulations.
Addressing Emergencies on Campus June 2011
Date CapturedTuesday June 28, 2011 06:32 PM
United States Department of Education (USED) : Summary of two applicable Federal education laws administered by the Department of Education (Department): the Family Educational Rights and Privacy Act (FERPA) and the Higher Education Act of 1965 (HEA), as amended. This Federal component is only one piece of what is necessary to consider in ensuring the safety of our Nation’s students, faculty, and school staff. A comprehensive and effective campus policy must incorporate all Federal and State policies regarding health and safety emergencies, education, student privacy, civil rights, and law enforcement, as well as specific local community needs.
Education New York comments re Student Privacy submitted to FERPA NPRM - May 23, 2011
Date CapturedMonday May 23, 2011 09:22 PM
Document ID: ED-2011-OM-0002-0001: Family Educational Rights and Privacy. The proposed changes to FERPA do not adequately address the capacity of marketers and other commercial enterprises to capture, use, and re-sell student information. Even with privacy controls in place, it is also far too easy for individuals to get a hold of student information and use it for illegal purposes, including identity theft, child abduction in custody battles, and domestic violence. Few parents are aware, for example, that anyone can request -- and receive -- a student directory from a school. Data and information breaches occur every day in Pre-K-20 schools across the country, so that protecting student privacy has become a matter of plugging holes in a dyke rather than advancing a comprehensive policy that makes student privacy protection the priority.
GAMMILL v USED - USA Merit System Board documents
Date CapturedMonday March 14, 2011 01:14 PM
Proposed regulatory (not statutory) change vastly expands term authorized representative well beyond these four 3 entities: Comptroller General of US, Secretary, Attorney General, and state or local education authorities. (See pages 10 and 11)
PAUL GAMMILL v U.S. DEPARTMENT OF EDUCATION
Date CapturedMonday March 14, 2011 12:44 PM
Whistleblower Retaliation lawsuit filed by Gammill against USED for retaliation of sharing an illegal attempt to circumvent FERPA. Case Number: 1:2011cv00409; Filed: February 18, 2011; Court: District Of Columbia District Court; Office: Washington, DC Office; County: 88888; Presiding Judge: John D. Bates
The Handbook for Campus Safety and Security Reporting
Date CapturedFriday March 11, 2011 07:35 PM
FERPA does not preclude an institution’s compliance with the timely warning provision of the campus security regulations. FERPA recognizes that information can, in case of an emergency, be released without consent when needed to protect the health and safety of others. In addition, if institutions utilize information from the records of a campus law enforcement unit to issue a timely warning, FERPA is not implicated as those records are not protected by FERPA. U.S. Department of Education, Office of Postsecondary Education, The Handbook for Campus Safety and Security Reporting, Washington, D.C., 2011.
Campus Attacks:Targeted Violence Affecting Institutions of Higher Education
Date CapturedTuesday January 18, 2011 01:53 PM
The report included a recommendation that the U.S. Secret Service, U.S. Department of Education, and the Federal Bureau of Investigation explore the issue of violence at institutions of higher education. Accordingly, the three agencies initiated a collaborative effort, the goal of which was to understand the scope of the problem of targeted violence at these institutions in the United States. In total, 272 incidents were identified through a comprehensive search of open-source reporting from 1900 [their typo] to 2008. The incidents studied include various forms of targeted violence, ranging from domestic violence to mass murder. The findings should be useful for campus safety professionals charged with identifying, assessing, and managing violence risk at institutions of higher education.
NCES 2011-602 Data Stewardship: Managing Personally Identifiable Information in Electronic Student Education Records
Date CapturedTuesday January 04, 2011 09:55 PM
SLDS Technical Brief - Guidance for Statewide Longitudinal Data Systems (SLDS) [A privacy and data protection program for student education records must include an array of rules and procedures for protecting PII held in the record system. It also must include a full set of public disclosures of the existence and uses of the information included in the data system, a description of all parents’ or eligible students’ rights to review and appeal the contents of an individual education record and of their rights and the procedures to appeal a violation. ]*****[A school directory may include PII such as a student’s name, grade level, and contact information. Taken by itself, the release of this information is not harmful to a student. However, when combined with the student’s Social Security Number or another identifier and the student’s education record, this information has the potential for violating a student’s right to privacy. The release of this combined record could lead to harm or embarrassment. Thus, the privacy and data protection program should focus on PII that will be maintained in the electronic student record system with its likely wealth of student data.2}

Webcasts

Data Quality Campaign (DQC) archived webcasts/events
Date CapturedMonday March 07, 2011 06:20 PM
Amazing SLDS/longitudinal database resource.
Data Quality Campaign Release of Data for Action 2010: DQC's State Analysis
Date CapturedMonday March 07, 2011 06:15 PM
On February 16, 2011 DQC discussed the results of its sixth annual state analysis Data for Action 2010, a powerful policymaking tool to drive education leaders to use data in decision making. Data for Action is a series of analyses on states’ ability to collect and use data to improve student success. It provides transparency about state progress and priority actions they need to take to collect and use longitudinal data to improve student success.
Data Quality Campaign Quarterly Issue Meeting: Linking Data Across Agencies: States That Are Making It Work
Date CapturedMonday November 09, 2009 07:27 PM
The Data Quality Campaign (DQC) will host Linking Data Across Agencies: States That Are Making It Work on Thursday, November 12, 2009 from 2:30 to 4:30 P.M. (ET) in Washington, DC at the Hall of the States, 444 North Capitol Street, Room 233-235. This meeting will highlight leading states that are successfully linking data across systems and agencies to answer critical policy questions aimed at improving student achievement. A corresponding issue brief co-authored by the DQC and the Forum for Youth Investment will be released at the meeting that captures the current status of states’ ability to link data across agencies and provide several state case studies that capture promising strategies to sharing individual-level data across systems and agencies to improve student achievement. Registration to attend in person is required by Tuesday November 10, 2009 and strongly encouraged if participating in the interactive webcast. Seating is limited, so please sign up early! A video of this session and corresponding issue brief will be available at the campaign’s Web site after November 16, 2009.

Welfare

American Bar Association FERPA comments
Date CapturedThursday January 26, 2012 05:22 PM
FERPA NPRM May 23, 2011
December 2011 FERPA Regulations: Information Sharing Around Child Welfare and Education
Date CapturedThursday January 26, 2012 08:02 AM
The new rules offer expanded opportunities for state or local child welfare and education agencies to share information. However, given that these new regulations do not sufficiently eliminate the barriers to intersystem communication for children in care, we look forward to legislative changes to ensure that child welfare agencies can fulfill their duty to ensure that the educational needs of the children in their care are met.

Who Is Watching Your Children?

It's 3PM: Who's Watching Your Children?
Date CapturedWednesday December 12, 2012 05:48 PM
Parents concerned about their children's privacy should be aware of how easily personally identifiable information can be bought and sold by marketers as well as by identity thieves. FERPA was enacted in 1974 to protect the privacy of education records and directory information -- including name, address, phone number, date of birth, and e-mail address, among other personally identifiable information. Parents should be aware that under FERPA, directory information can be disclosed without parental consent. If you do not opt-out of directory information personal and identifiable information about your children may be public.

Back to Top of Page


Protecting Children's Privacy | Information Policy News | FERPA | Learning Links | Attendance | about | contact edny | site map