D.C. Uploaded Private Student Data—Again
This time, private information for about 12,000 students was put on a publicly accessible Dropbox
The private information of roughly 12,000 public school students in Washington, D.C., was mistakenly posted on a publicly accessible website, the District’s Office of the State Superintendent of Education said on Thursday, highlighting the ease in which private data can be accidentally leaked or purposefully hacked.
According to the Washington Post, the information was online Tuesday on a public Dropbox account, but has since been taken down. All of the students whose info was leaked are in kindergarten through 12th grade and are part of the Individualized Education Program, a special needs curriculum. Students’ race, age, school, identification number and specific disabilities were included in the information that was released.
“I want to personally apologize to our school communities, partners and the D.C. community at large for this incident,” Hanseul Kang, the state superintendent of education, wrote on the State Superintendent’s website. “It should have never happened.”
This incident marks the latest time confidential information on D.C. students has been leaked. BuzzFeed News pointed out last February that personal information about students with disabilities was available on an “intranet.” Less than two months later, school administrators accidentally released confidential information to BuzzFeed following a Freedom of Information request.
But as school work is increasingly digitized and computers become more common in the classroom, student data becomes more vulnerable. In December, the Electronic Frontier Foundation (EFF) filed a complaint with the Federal Trade Commission against Google for collecting school children’s Internet search data and personal information.
“We commend schools for bringing technology into the classroom,” said EFF Staff Attorney Sophia Cope in a statement. “But devices and cloud services used in schools must, without compromise or loopholes, protect student privacy.”
The Post pointed out that D.C. Council member and education committee chair David Grosso last month submitted legislation that would require organizations that work with the school system to employ security measures and protect student data.