With the popularity of technology, along with the data recording mandates of the No Child Left Behind mandate, schools are collecting and storing data about students and staff. Much of this information is private and needs to be confidential. However, more and more commonly, news stories of serious breaches in security at US schools are being reported. Recent examples of these breaches include, but are not limited to:
- An error by a tech director at one of Maine’s school districts that exposed various SSNs of school staff at various schools around the state (http://www.pogowasright.org/?p=14906)
- A major data breach at the The University of Hawaii at Manoa that exposed the confidential records of more than 40,000 former students. The breach exposed the Social Security numbers, grades, birth dates and other personally identifying information belonging to the University’s former students (http://www.itsecuritystandard.com/blog/?p=3949)
- The hacking of the University of North Florida's computer system that exposed the personal information of nearly 107,000 students, potential students and employees of the school (http://staugustine.com/news/local-news/2010-10-16/fbi-unf-investigating-breach-confidential-student-data)
Luckily, officials at the National Center for Education Statistics division of the United States Department of Education now realize that the security and confidentiality of electronic school data presents security and ethical issues. On November 10, 2010, they announced that they would begin to offer assistance and guidance regarding guarding student privacy in school data. (http://www.edweek.org/ew/articles/2010/11/10/11privacy.h30.html?tkn=QRSFCad/aSMhDXMjqFS5OyU3J9s+/E1KtmZD&cmp=clp-edweek) Marilyn M. Seastrom, the chief statistician and director of the statistical-standards program at the department’s National Center for Education Statistics, believes that “we have laws at the federal level, individual states have their own laws, and we have good data ethics on protecting the privacy of these children” (http://www.edweek.org/ew/articles/2010/11/10/11privacy.h30.html?tkn=QRSFCad/aSMhDXMjqFS5OyU3J9s+/E1KtmZD&cmp=clp-edweek). However, she also stated that changes need to be made to the Family Educational Rights Protection Act, or FERPA so that the Act specifically covers the security and confidentially of electronic data files.
On the National Center for Education Statistics website, it elaborates on the importance of ethics with regards to maintaining electronic records. Specifically, it states that:
Each and every day, educators collect and use data about students, staff, and schools. Some of these data originate in individual student and staff records that are confidential or otherwise sensitive. And even those data that are a matter of public record, such as aggregate school enrollment, need to be accessed, presented, and used in an ethically responsible manner. While laws may set the legal parameters that govern data use, ethics establish fundamental principles of "right and wrong" that are critical to the appropriate management and use of education data in the technology age. The exponential growth of information systems that provide ready access to education data—often drawing upon individual student records—has heightened the importance of training data users about their ethical responsibilities regarding how they appropriately access, use, share, and manage education data. Technology makes data readily available to many staff members in an education organization. While improved access helps staff perform their jobs more effectively, it also raises issues about the appropriate use of data because the power to transmit information electronically multiplies the consequences of irresponsible behavior. How much more vulnerable are we to the inappropriate disclosure of information (for example, a student's assessment results, grades, medical history) in the age of downloads, copy and paste, and web posting than we were when cumulative folders could be locked away in a file cabinet? How much easier is it now to create a technically accurate but misleading presentation to policymakers or the public (for example, manipulating the axes on graphs to give the wrong impression about data trends)? Laws may set the legal parameters in which data users operate, but ethics go deeper and are often more stringent—after all, it is usually not illegal to change the axis on a graph, but it is unethical to intentionally represent data in a manner that is likely to be misunderstood." (http://nces.ed.gov/pubs2010/dataethics/introduction.asp)
Furthermore, the Department of Education's website (http://nces.ed.gov/pubs2010/dataethics/challenge.asp), give specific suggestions to help data handlers understand and exhibit standards of ethical behavior. Specifically, education organizations should:
- train staff about their ethical responsibilities;
- publicize the expectations for ethical behavior;
- create explicit policies and procedures pertaining to data ethics;
- state clearly the consequences of unethical behavior; and
- enforce these rules uniformly so that everyone is accountable.
Useful websites to visit for more information: