Latest DC Snafu Exposes Student Data on Dropbox

  • By Dian Schaffhauser
  • 02/16/16

About 12,000 students who possess individualized education programs (IEPs) had personal information posted to a public Dropbox site attending schools in Washington, D.C. Reporting by the Washington Post said the data was inadvertently made available online "for several hours" on Tuesday and has since been taken down. The file with the private information was uploaded to the cloud-based file storage site prior to a meeting about the program that manages the IEPs. The file included names, schools, identification numbers and other personal details about each student, including his or her disability and what special services they use.

The announcement came from the district's Office of the State Superintendent of Education, which handles federal grants, compliance with federal laws and other governance activities for area students. According to the Post, Hanseul Kang, the state superintendent of education, issued a "letter to colleagues" in which she stated, "Our families deserve to know that their students' personal information is being kept confidential and secure in the education system."

Just about a year ago the District of Columbia Public Schools suffered a different kind of exposure of special education student information. The district realized that an internal Web site launched in 2010 that stored training materials for district staff included login information that would enable anybody to access a database containing information about special ed students. The district found no evidence that anybody has actually viewed the data. At that time, the district issued a statement apologizing for the breach: "We understand how important it is to safeguard student information and will conduct a top-to-bottom review of our security practices to ensure this does not happen again."

Then in March 2015, the Office of the State Superintendent of Education reported that it had "inadvertently" released student data in response to a Freedom of Information Act request. The disclosed data included student names, birth dates, grade levels, gender, race, ethnicity, English language learner classification, non-public attendance, special ed status, school of attendance, details related to suspensions and expulsions and student identifiers. In that situation the data was actually redacted and the file locked when it was sent to the FOIA recipient; however, the office later found out that the file could be unlocked, exposing the personal information.

In none of these cases were Social Security numbers involved.

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • Indianapolis Public Schools Adopt DreamBox Math

    Thanks to a new partnership with Discovery Education, all Indianapolis Public Schools (IPS) K–8 students and teachers will gain access to DreamBox Math, which blends curriculum and continuous formative assessments that adapt to student needs to boost achievement.

  • The First Steps of Establishing Your Cloud Security Strategy

    In this guide, we'll identify some first steps you can take to establish your cloud security strategy. We'll do so by discussing the cloud security impact of individual, concrete actions featured within the CIS Critical Security Controls® (CIS Controls®) and the CIS Benchmarks™.

  • Google Brings Gemini AI to Teens in the Classroom

    Google is making its Gemini large language model available for free for students ages 13 and up in the United States (age minimums vary by country), via Google Workspace for Education accounts.

  • A top-down view of a person walking through a maze with walls made of glowing blue Wi-Fi symbols on dark pathways

    Navigating New E-Rate Rules for WiFi Hotspots

    Beginning in funding year 2025, WiFi hotspots will be eligible for E-rate Category One discounts. Here's what you need to know about your school's eligibility, funding caps, tracking requirements, and more.