Sachem Data Leak: Student Privacy And Data (Mis)Management
2 min read
From some news reports that are light on detail, it sounds like around 17,000 students in the Sachem, NY school district had their personal data compromised.
Interestingly, the breach was first reported on July 17, 2013.
The list of names appears to have been posted on August 23 (the list has been removed).
I've taken screenshots of both pages linked above in case the posts get removed or the server goes down.
It's odd that a breach that occurred in the summer, and was reported publicly several months ago, is just getting noticed now.
This breach will likely draw additional attention, as it occurred within New York, and New York State is using inBloom. However, the breach sounds like it targeted a datastore controlled by the district that had nothing to do with inBloom. Ironically, despite the concerns of privacy advocates, data stored within inBloom would likely be safer from this type of hack than data stored locally.
Of course, this does nothing to allay or address the real concerns around the privacy of data stored in inBloom. The Sachem breach demonstrates that using and storing data on students poses multiple forms of risk, many of which are poorly and incompletely understood by data advocates and privacy advocates alike.
Which gets us back to the basic point: people need to understand how data can be used to compromise privacy. Additionally, parents need to demand to know how district staff are trained to handle and safeguard data.
With both of these elements in place, student, parent, and teacher rights need to be respected with clearly defined opt-out policies. Sacrificing privacy should never be a pre-requisite to getting a public education, or being a public employee.
