Ensuring that We Leave Children Behind
Talk about children, their educations, and security abound. Politicians declare their devotion to children’s issues. Singers and actors assure us that “children are our future.” Books enlist villages to raise them. But when the rubber hits the road we routinely fail children in so many ways, including privacy. Today, Joel Reidenberg’s Center on Law and Information Policy released a report attesting to our utter inability to protect the privacy of children’s educational records. Reviewing publicly available information from all 50 states, the CLIP study found that states collect information far in excess of what law requires, including data about pregnancy, mental illness, family wealth, jail sentences, and Social Security numbers. Despite the sensitive nature of the information collected, state databases have weak privacy protections. The study found that oftentimes the flow of information from local schools to state departments of education failed to comply with the privacy requirements of the Family Educational Rights and Privacy Act.
This appalling state of affairs cannot stand. Such databases are ripe for identity thieves and hackers who will enjoy plundering the Social Security numbers. They can lead to discrimination based on inappropriately shared health information. The CLIP study has offered a number of wise recommendations, including the minimization of data collection, adoption of clear retention policies, and maintenance of audit logs. It also suggests the anonymization of data through the use of dual database architectures, which I wonder if Paul Ohm’s important work on the myth of anonymity would question. Otherwise, this study must be read and heeded.