IT Infrastructure & Management

Confidential Records Mistakenly Posted on the Internet

By Andrew Trotter — October 08, 2003 2 min read
  • Save to favorites
  • Print

The Vancouver, Wash., school district has expedited a security audit of its Web site and hired a computer programmer to conduct periodic security checks, after confidential records for 6,916 students were accidentally placed on the district’s public Internet site recently.

The records, for all students in grades 5-8, included each student’s name, school identification number, birth date, ethnicity, school, teacher, grade point average, participation in programs such as special education, and test scores for several years.

District officials admitted that the posting was an accidental violation of federal law.

The information apparently was first discovered by a local newspaper reporter, who was researching the bounty of data on the district’s Web site. He called the district to ask whether something was amiss.

The district shut down the Web site until all the confidential student information could be removed—one day after it was made accessible to the public.

Officials had to read all about their mistake in the newspaper, The Columbian, but they believe no other members of the public downloaded the information.

The data were in a spreadsheet created to help schools plan students’ transitions between school levels, said Linda Turner, the director of information and technology services for the 21,000- student district. She said student information is supposed to be posted in a section of the Web site that requires authorized users, including parents, to type in a password.

But in this case, an official in the district’s assessment department mistakenly posted the spreadsheet on a Web page that was intended to publicize students’ overall performance on state tests, Ms. Turner said.

Because the mistake was “honest” and no apparent harm was done, the employee will not be disciplined, she said.

Caution on Software

The Family Educational Rights and Privacy Act, known as FERPA, requires schools to have written consent from parents to release personal student information.

Alice Hendricks, a Bethesda, Md.-based consultant on Web systems for government agencies and businesses, said a security audit can identify the procedural flaws that lead to the kind of mistake that happened in Vancouver.

Ms. Hendricks said Web site “authoring” software used by many organizations eases the process of adding information to sites, but can trip up inexperienced employees.

She said authoring software designed for businesses or for government agencies such as school districts should be set to give varying levels of access to different employees, and to require approval before information “goes live,” or becomes accessible to Internet users.

“The only way to prevent mistakes like that is [through review by] a human being,” Ms. Hendricks said.

Related Tags:

Events

Student Well-Being K-12 Essentials Forum Boosting Student and Staff Mental Health: What Schools Can Do
Join this free virtual event based on recent reporting on student and staff mental health challenges and how schools have responded.
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Sponsor
Curriculum Webinar
Practical Methods for Integrating Computer Science into Core Curriculum
Dive into insights on integrating computer science into core curricula with expert tips and practical strategies to empower students at every grade level.
Content provided by Learning.com

EdWeek Top School Jobs

Teacher Jobs
Search over ten thousand teaching jobs nationwide — elementary, middle, high school and more.
View Jobs
Principal Jobs
Find hundreds of jobs for principals, assistant principals, and other school leadership roles.
View Jobs
Administrator Jobs
Over a thousand district-level jobs: superintendents, directors, more.
View Jobs
Support Staff Jobs
Search thousands of jobs, from paraprofessionals to counselors and more.
View Jobs

Read Next

IT Infrastructure & Management What We Know About District Tech Leaders, in Charts
Male chief technology officers in K-12 tend to come from technological backgrounds while most female tech leaders are former teachers.
1 min read
Illustration concept of leadership, using wooden cut-out figures and arrows.
Liz Yap/Education Week via Canva
IT Infrastructure & Management How Schools Can Avoid Wasting Money on Technology
A district leader shares ways to ensure ed-tech tools are worth the investment.
2 min read
Illustration of laptop with checklist on the screen
DigitalVision Vectors/Getty
IT Infrastructure & Management Why Schools Struggle to Keep Track of Students' Laptops
Districts should be tracking their technology assets as much as they can, but it's easier said than done, experts say.
4 min read
A multi-ethnic group of elementary age children are in the computer lab using laptops. A little boy is watching a video and is listening to music.
FatCamera/Getty
IT Infrastructure & Management Ed. Dept. Outlines How Schools Can Use Federal Funds to Sustain Tech Programs
School districts can use federal funds to support digital learning programs started during the pandemic.
3 min read
Tight shot of diverse, elementary school children using a tablet in class
iStock/Getty Images Plus