1 minute read
Endnotes
1 FERPA is the federal law that protects the privacy of student records. 20 U.S.C. § 1232g; 34 C.F.R. Pt. 99. 2 Natasha Singer, Privacy Pitfalls as Education Apps Spread Haphazardly, N.Y. Times at B1 (Mar. 12, 2015), available at http://www.nytimes. com/2015/03/12/technology/learning-apps-outstrip-school-oversight-and-student-privacy-is-among-the-risks.html. 3 Nat’l Sch. Bds. Ass’n., Data in the Cloud: A Legal and Policy Guide for School Boards on Student Data Privacy in the Cloud Computing Era (April 2014), https://www.nsba.org/-/media/NSBA/File/legal-data-in-the-cloud-guide.pdf?la=en&hash=D74E3D55A0ED0073AE530A079F83F9280CF4BD25.
4 See, e.g., Information Protection @MIT,
https://infoprotect.mit.edu/risks-to-datahttps://ist.mit.edu/security/data_risks (last visited Aug. 26, 2019). 5 Privacy Rights Clearinghouse, Data Breaches, https://www.privacyrights.org/data-breaches. 6 Kristen Taketa, San Diego Unified data breach hits staff, plus as many as 500,000 students, Los Angeles Times (Dec. 31, 2018), https://www.latimes. com/local/lanow/la-me-ln-san-diego-unified-data-breach-20181221-story.html. 7 Privacy Rights Clearinghouse, Central Islip Union Free School District: Security Breach Letter (Feb. 13, 2018), available at https://www.privacyrights. org/data-breaches. 8 Ponemon Institute LLC, IBM, 2019 Cost of Data Breach Report at https://www.ibm.com/downloads/cas/ZBZLY7KL. 9 Nat’l Forum on Educ. Statistics, U.S. Dep’t of Educ., Forum Guide to Education Data Privacy, NFES 2016-096 (July 2016), https://nces. ed.gov/pubs2016/NFES2016096.pdf. 10 Id. at *11.
11 U.S. Dep’t of Educ., Data-Sharing Tool Kit for Communities: How to Leverage Community Relationships While Protecting Student Privacy (Mar. 2016), https://www2.ed.gov/programs/promiseneighborhoods/datasharingtool.pdf. 12 Id. at *14.
13 U.S. Dep’t of Educ., Data Security Checklist (Rev. July 2015), https://studentprivacy.ed.gov/resources/data-security-checklist. 14 U.S. Dep’t of Educ., Best Practices for Data Destruction (Rev. March 2019), https://studentprivacy.ed.gov/resources/best-practices-data-destruction 15 U.S. Dep't of Educ., Data Breach, https://studentprivacy.ed.gov/topic/data-breach. 16 201 CMR 17.03(1). 17 Id. 18 SeeData Security Checklist supra note 15 and resources available at http://studentprivacy.ed.gov/topic/security-best-practices. 19 See supra note 15, Data Security Checklist. 20 Id. 21 20 U.S.C. § 1417(c). 22 34 C.F.R. §§ 300.624(b), 303.416(b) (IDEA regulations allow a permanent record of the child’s name, date of birth, parent contact information, and other select data to be maintained without time limitation.). 23 Center for Digital Education, Issue Brief ― Safeguarding Student Data in the Age of Digital Learning: Responsible privacy practices for K-12 school districts (2016), https://ess.csa.canon.com/rs/206-CLL-191/images/K-12-Issue-Brief-Safeguarding-Student-Data.pdf. 24 N.Y. Educ. Law§ 2-d(2). 25 Id. 26 Id. § 2-d(2)(b). 27 Id. § 2-d(2)(c). 28 Seehttps://studentprivacy.ed.gov/resources/data-breach-response-training-kit. 29 45 C.F.R. §§ 164.400-.414.
30 Greg Mohan, Data Breach at Olympia School District: Employees (sic) personal information released in phishing scam,
The Cooper Point Journal, May 4, 2016, https://www.cooperpointjournal.com/2016/05/04/data-breach-at-olympia-school-district-employees-personal-information-released-in-phishing-scam/.