Security & Privacy | News
School Districts Stumble on Data Privacy
- By Dian Schaffhauser
Three school districts are grappling with the loss of private information on a broad scale, each through a unique set of circumstances.
One Virginia district learned that personal information about students at one of its middle schools was lost when a bag containing a thumb drive was stolen. Another discovered that it had sold as surplus several computers containing the names and Social Security numbers of employees. And a district in Massachusetts uncovered exposure of employee personal data on a public Web site for a short period.
In the case of Prince William County Public Schools in Manassas, VA, parents of students at Lake Ridge Middle School received a letter from its principal in May 2010 regarding the theft of confidential school division data. The data was maintained on a thumb drive taken off school property for the sake of emergency backup and was in a bag taken during a burglary off campus. The data included a student identification number, student name, parent/guardian name and phone numbers, and student bus number or walker status. According to the letter, additional "identifiable data" may also have been recorded.
According to the school district's Web site, Lake Ridge has about 1,180 students.
To answer parents' questions, the school held an informational meeting and provided contact information for its two assistant principals.
Roanoke City Public Schools in Roanoke, VA allowed personal information--including Social Security numbers--on about 2,000 employees to get out of its control during the sale of surplus computers. The sale of eight computers included hard drives containing names, school locations, and Social Security numbers of the division's employees as of November 2006. The district indicated it has since recovered the drives.
Quincy Public Schools in Massachusetts learned that it had posted private information about some employees, including names, home addresses, work locations, and Social Security numbers on a public Web site. The data was contained in a PowerPoint slideshow documenting proposed budget cuts, according to coverage in local newspaper, The Patriot Ledger.
In none of the cases does it appear that the school district has provided credit checking services for those potentially affected by the data breaches.
Dian Schaffhauser is a writer who covers technology and business for a number of publications. Contact her at firstname.lastname@example.org.