The nation relies on teachers to educate our children and help them when they make mistakes. But when it comes to protecting students’ data, it is often the teachers and school staff who mistakenly let bad actors in to school computer systems, officials say.
In a hearing Thursday before the House Committee on Education and the Workforce, a panel of educators, privacy experts and U.S. Department of Education officials pointed to accidental online errors by school staff as the main threat to protecting school data.
In the state of Kentucky, which experienced more than 4 billion attempted attacks on the computer systems of K-12 services last year, the greatest number of data breaches were the result of staff who fell for email phishing scams, according to David Couch, CIO for the Kentucky Education Technology System (KETS) at the Kentucky Department of Education.
“By far the greatest vulnerability to our systems is internal staff who fall victim to phishing attempts,” Couch said during the hearing.
Leave it to kids in one of Michigan’s best school districts to have figured out how to hack the district’s grading system and (presumably) give themselves A’s.
A message posted to the Bloomfield Hills Schools website alerts parents that “a couple” students made “some poor choices lately,” hacking into the district’s student information system and manipulating their personal grades, attendance, and lunch balance information. The data base houses all of the district’s student and family data, the notice says.
The students are in high school and modified the information of their own accounts and others high schoolers, Bloomfield Hills Schools Superintendent Robert Glass says in a video message elsewhere on the website. A total of 20 students saw changes made in the form of improved grades, improved attendance, and reduced lunch balances.
The Georgia Court of Appeals recently reaffirmed its prior conclusion that there is no duty to safeguard personal information under Georgia law. In McConnell v. Ga. Dep’t of Labor, — S.E.2d —-, 2018 WL 2173252 (Ga. App. May 11, 2018), the Court of Appeals addressed whether a plaintiff whose social security number and other personal identifying information (“PII”) had allegedly been negligently disclosed by an employee of the Georgia Department of Labor stated a negligence claim in connection with the unauthorized disclosure.
In urging that the Court of Appeals should recognize such a duty, the plaintiff in McConnellrelied on the Georgia Personal Identity Protection Act (the “GPIPA”). The plaintiff argued that the GPIPA supported recognizing a duty to safeguard PII because the statute reflects the General Assembly’s “intent to protect citizens from the adverse effects of disclosure of personal information and created a general duty to preserve and protect personal information.” McConnell, 2018 WL 2173252.
Posted on May 15th, 2018
I received an email today from a reader of the latest edition of my privacy book Hiding from the Internet. In the book, I include an entire chapter of opt-out links for removing personal information from people-search, data-mining, marketing, and data broker websites. The reader asked if I maintained a digital version of the workbook with active hyperlinks for easy navigation. While I try to maintain a page for hyperlinks from the book, it did not quite replicate the workbook model that is in the official publication. Today, I am releasing the entire workbook in PDF format for free. I hope it helps the process of cleaning up unwanted online details. The direct link is below.
EPIC has filed a “friend of the court” brief, joined by forty-four technical experts and legal scholars (members of the EPIC Advisory Board), in the OPM Data Breachcase. The case concerns the data breach at the US Office of Personnel and Management in 2015 that affected 22 million federal employees, their friends, and family members. In the brief to the federal appeals court, EPIC said that “when personal data is collected by a government agency, that agency has a constitutional obligation to protect the personal data it has obtained.” In a 2011 case NASA v. Nelson, EPIC urgedthe Supreme Court to limit data collection by federal agencies, citing the growing risk of data breach in the federal government.
A new Walmart subsidiary, called Code Eight, has recently started testing a personal shopping service for “busy NYC moms,” according to multiple sources, with the goal of letting them get product recommendations and make purchases simply through text messaging.
The target customer of Code Eight is described in an online job listing as a “high net worth urban consumer” — translation: A rich city dweller — certainly not the historical sweet spot for Walmart’s main business.
Household items are delivered for free within 24 hours; other purchases are delivered within two business days. Returns are picked up for free at a customer’s apartment building or house.