Teachers, Parents, Countrymen: How Much of Your Personal Data Does the School District Share?

I wondered how much data Hillsborough County Public Schools (HCPS) shares. What I found was the below excerpt in an agreement that HCPS has with a third party. The document was obtained through a public records request.


“Recipient” is a third party software services company. The above paragraph seems to provide no limitations on what could be disclosed from personnel records.

What about student records? The agreement seems to contradict itself.  It says: “No other personally identifiable student information [PII] will be disclosed to Recipient.” But it also says disclosure is “not limited to” the confidential student information it lists.  “No other” of an unlimited list is still unlimited.

We can safely assume the vendor stores more student information than what is itemized in that list; for example: teacher name.  The U.S. Department of Education’s Privacy Technical Assistance Center (PTAC) explains in a 2013 document that student PII can include:

“…sensitive and non-sensitive information that, alone or combined with other information that is linked or linkable to a specific individual, would allow identification.”

Given that, it seems likely that teacher name is also personally identifiable student information (and parent name, parent phone number, etc.)

The school district has not provided any way for parents to opt their children out of data collection and aggregation products or services, and has refused to allow parents to opt out children when requested.

Hillsborough County School District must reconsider its agreement that allows a 3rd party’s bi-directional tool from having direct access to the school district’s system of record, especially if independent security experts have not inspected and validated the security and activities of that bi-directional tool.  This bi-directional tool seems to be described in a 2014 EdSurge article as a company secret.

If hackers or other malicious actors access a tool through potential vulnerabilities, they can continue probing for more software vulnerabilities and potentially gain access to even more data.  Should a bi-directional tool from an out of country vendor have access to “take data” from and write data to a U.S. school district’s system of record?  How secure is it?

Teachers, have you discussed this with your union?

Parents, ask the district exactly what specific data this bi-directional tool can access once in the district’s system(s) of record.  If this tool contains security vulnerabilities, then how secure is student data in the various systems of record against bad actors?  Is the privacy of your child’s sensitive information protected now, what about 15 years from now?

Posted in Data Privacy, Hillsborough Schools, PII, Uncategorized | Comments Off on Teachers, Parents, Countrymen: How Much of Your Personal Data Does the School District Share?

Who Has Your Kid’s Data?

Below is a story written by a mom in central Florida about an under-reported and growing problem in public schools.  She is sharing this story to bring attention to the lack of control parents have over protecting their children’s privacy in public schools, magnified by the rapid and seemingly uncontrolled deployment of education technologies (EdTech). 

Two years ago we discovered our Florida public school district had shared our family’s personal data with a third party private company based in another country.  We were shocked our school district had done this without our knowledge or consent.  The district refused to allow us to opt out and also emailed that they did not believe the third party private company would remove the student data in their application.

And so began a long journey that revealed the full extent of our public school system’s monopolistic and self-serving behavior.  We became increasingly alarmed as we realized the school district:

  • Collects and shares personal and protected information on students, parents, and sometimes school personnel with for-profit third parties. At least one third party has a privacy policy that explicitly states they can transfer the information as an asset in a sale or merger.
  • Allows for-profit third parties to collect personal data on students.
  • Allows a for-profit private company based in another country to write to the school district’s system of record.
  • Creates student accounts with third party companies using easily hackable passwords and does not always tell parents the accounts exist.
  • Does not tell parents with whom these third parties share student data or whether the data is correct or if vendor software contains security vulnerabilities.
  • Has not been able to keep school district employees from posting what is apparently sensitive personal student information on social media and the internet.
  • Does not appear to monitor school app use for compliance with COPPA (a federal law).
  • Performs health screenings and records results without directly notifying parents.

We were not surprised to read the scary details in an FBI alert that recommended parents discuss with school districts the types of questions we have been asking.

When we formally insisted on a full accounting of data collected and shared on our children, our right under FERPA (another federal law), we were ignored.  We asked for this accounting of our student data repeatedly and eventually the school escalated our request to the district, involving the school district attorneys.  The unfortunate result of escalation was that our request was ignored and our children were forced, against their will and ours, onto yet another third party technology that collected even more data on our children.

I could get into the details of what has transpired and the poor behavior displayed by the school district but I will stop here and spare you dozens of pages of reading material and a year’s worth of research on the failures of school districts to protect or honor student and family privacy.

We were advised to go to the media or hire an attorney but we were also told an attorney might run us five figures.  We wondered: If the school district can hide behind unresponsive tax-payer funded lawyers—where are ours?

-A mom from central Florida

Posted in Data Privacy, PII, Public Schools, Social Media Privacy, Uncategorized | Comments Off on Who Has Your Kid’s Data?

Hillsborough County Schools: Why Are Buses Still Late?

back bus education school

This year reports of late buses began the first week of school: frustrated, upset, and expect late buses.  Now some parents are fed up with continued problems of late or no-show buses into the seventh week of school, according to an ABC Actions News report.

History tells us one reason Hillsborough County school buses are late is driver shortages, yet in 2017 school district leaders were discussing how bell times were causing late buses.

On August 30, 2018 Candace Aviles reported that Tanya Arja, HCPS spokesperson, explained the district needed more drivers and was also trying to increase their pool of substitute drivers; that a driver shortage “could be adding to [bus] delays…”

On February 22, 2016 Sarah Rosario reported on late buses and Tanya Arja explained when drivers are on extended leave or call out sick and there are not enough drivers, then buses can be late.

In 2013, Danielle Hauser, Tampa Bay Times, reported what she was told about late buses:

A woman explained to me that they were short 10 bus drivers in our area, and until they could hire those drivers, some buses would do double runs.

Nothing seems to be different except bell times–buses have continued to be late or missing. Why isn’t the district reporting weekly late bus statistics compared to last year; is it better, the same, or worse?

CitizensLighthouse questioned the validity of changing bell times to fix late buses in April 2017, noting the causes for late buses summarized by Gibson Consulting Group did not appear to be fixed.  Are those problems fixed?  

Gibson Consulting Group (Gibson) made six recommendations “to achieve cost savings in Transportation” in their 2016 audit.  One of those six recommendations was “Increasing the staggering of bell schedules”.

Gibson Consulting Group (Gibson) also explains how changing bell schedules “to allow at least one hour between bell times” will cut costs:

…the Transportation Department could schedule more bus drivers and buses for three tiers [one driver serving three schools during the day], reducing the total number of bus drivers and buses required.  (145)

Then Gibson quantifies savings in bus drivers and attendants for staggering bell times, estimating savings of $2.7M annually (146).

While this could reduce the gap between the number of drivers needed and the number they have, the school district was still short drivers as of August 30.  Did changing bell times solve that problem?

According to Cindy Stewart, increasing the time between bells (elapsed time) is also a recommendation by the Council of the Great City Schools (CGCS), a national organization.  Their tagline is The Nation’s Voice for Urban Education.  Where is the report from CGCS that explains the reasons for that recommendation?

Susan Valdes, also on the Hillsborough County School Board, is listed as a 2017-2018 CGCS Executive Committee Member.

Cindy Stewart seemed to turn to CGCS in the School Board meeting on April 25, 2017 (time marker 2:16:47) before voting to approve the change in bell times:

I don’t believe the Gibson Report, Ms. Snively, is the first time that we’ve heard this…Council of Great City Schools brought this to us…the School Transportation Improvement plan had it in there as well…we will still have 10,000+ students late, next year [2017-2018], every day…

The problem with that statement is the Gibson Report recommended bell changes to cut costs.  Did some school board and district leaders conflate cost issues with late bus issues when this decision was made?  Melissa Snively was the only vote against changing bell times at this meeting.

Cindy Stewart also stated at that meeting “…bell times is not a transportation conversation.  This is an administrative conversation…”  

Bell schedule optimization is an operations problem because of its intimate relationship with bus routing.  In operations research these are commonly known as routing and scheduling problems.

When the district turns to state or national organizations (CGCS) for answers, the first question should be: Why can’t our staff solve the problem?

Has the bus driver absentee rate of 10% that Chris Farkas referenced in the April 25, 2017 board meeting been reduced?  How many students does that absenteeism rate impact if the district is still short both drivers and substitutes?

In April 2017 Superintendent Eakins posted a video implying the late bus problem was because certain bell times were too close together, referencing that we lack the standard number of minutes for drop-off and pick-up.

Eakins stated “across the State of Florida the standard is at least 55-75 minutes between bell times…”.  While some districts have instituted this hour-long (55-75 minute) elapsed time recommendation, not all districts have adopted this standard.

One size does not fit all.  We need winning solutions for getting students safely to and from school on time, and at a reasonable hour.

When the school district makes a change impacting all of its customers (change in bell schedule) they should provide the reports and statistics regarding the outcome of the communicated purpose. The purpose for the bell time change stated by Eakins: “At the heart of this decision is the need to secure appropriate instructional minutes for all our students”.  The concern is that students lose instructional minutes when buses are late.  Did the district establish a measurable target when they implemented this change? What are the results and have they met their stated goal?

Posted in HCPS Bell Schedules, Hillsborough School Board, Hillsborough Schools, Uncategorized | Comments Off on Hillsborough County Schools: Why Are Buses Still Late?

FBI Alert Encourages Increased Awareness of Student Data Collection and Cybersecurity Risks: Hillsborough Schools – Let’s Talk About It


On September 13, 2018 the FBI released a public service announcement (PSA) and noted:

US school systems’ rapid growth of education technologies (EdTech) and widespread collection of student data could have privacy and safety implications if compromised or exploited.

The FBI lists the personal data that is at risk from data collection—and it isn’t just grades (it can include “…behavioral, disciplinary, and medical information…”).  They then provide several examples of actual malicious events and explain how the data was used:

…in late 2017, cyber actors exploited school information technology (IT) systems by hacking into multiple school district servers across the United States. They accessed student contact information, education plans, homework assignments, medical records, and counselor reports, and then used that information to contact, extort, and threaten students with physical violence and release of their personal information. The actors sent text messages to parents and local law enforcement, publicized students’ private information, posted student PII on social media, and stated how the release of such information could help child predators identify new targets.

In another example the FBI states “Cybersecurity issues were discovered in 2017 for two large EdTech companies, resulting in public access to millions of students’ data.”  One company “…suffered a breach and student data was posted for sale on the Dark Web.

Please read the PSA in its entirety, every parent should be made aware of this important information.  The FBI provides a list of recommendations for parents and families in the alert.

Aside from what was included in this alert, the data breaches and privacy concerns continue into 2018, here are two more events:

In March 2018 Politico reported a data breach at Florida Virtual Schools.  This breach was discussed in a post in which I also presented issues regarding how a third party obtained preschooler data to market a product.  Another question posed in that post was:  What independent studies exist that show data collection efforts are providing a statistically significant improvement in education outcomes?

Then there is this Google G-Suite (for education) privacy concern, posted by Missouri Education Watchdog.  This apparent invasion of privacy is very alarming.  In this post Cheri Kiesecker explains that:

School-issued student Google accounts connect to Google Drive which can allow for the ability to Auto-Sync devices to Auto-Save passwords, browsing history and other digital data points from numerous devices used by a single user…this could include digital data from non-school related accounts.

In our own district, Hillsborough County Public Schools collects student data in a variety of ways including: Continue reading

Posted in Data Privacy, Hillsborough Schools, PII, Social Media Privacy, Uncategorized | Comments Off on FBI Alert Encourages Increased Awareness of Student Data Collection and Cybersecurity Risks: Hillsborough Schools – Let’s Talk About It

Hillsborough Schools Operational Problems Running Rampant

A new Tampa Bay Times article has shocking revelations about the state of our public school facilities.  The article summarizes the conditions and repercussions that failing AC units have had on students, classrooms, food, technology, instruments, and even band uniforms.

Could anyone have imagined the AC problems at Hillsborough Schools ran this deep?  Is this an extension of what appears to be operational mismanagement of district transportation?

What happened to school district reserves, routine maintenance, busing service, and safe drinking water? It is mind-boggling.  Did operations leaders see this coming?  Is school district leadership incompetent?  Why has facilities maintenance become backlogged so severely over the years (“nearly $1 billion” in deferred maintenance) when money was being spent reprehensibly?

Over $180 million of our district reserves was gone in 2015, triggering a potential downgrade with ratings agencies.  Bond ratings are like a credit score for the district.  When a downgrade occurs borrowing becomes more difficult and the cost to borrow can increase – meaning more interest expense.  Most of that $180 million was reportedly spent on the failed Gates-backed Empowering Effective Teachers (EET) project. Former district superintendent Elia was fired by the Hillsborough County School Board, but the school board should have known how and where money was spent: month over month, year over year, and actuals to budget on a monthly basis.   Now the school district wants to tax us after showing us their poor money management skills.

That is a lot of money reportedly wasted on the failed Gates Foundation project.  That money would have better served children by repairing and maintaining facilities.  Instead, the district pandered to the Gates Foundation’s latest education fad.  What is next?  Is Social Emotional Learning (SEL) a similar fad?

Questions about SEL spending have gone unanswered.  CitizensLighthouse questioned SEL spending in these tweets: materials and trainingdistrict time, and funding.  Many articles have been written criticizing SEL.

How much money is wasted on non-vital programs when this is the state of our facilities?  As usual, there is no response to questions on twitter.

CitizensLighthouse also asked if certain accounting problems reported in Gibson Consulting Group’s 2016 Operational Efficiency Audit have been fixed – there was no response.

Gibson summarized three problems with account codes in that audit: Continue reading

Posted in Hillsborough School Board, Hillsborough Schools, Uncategorized | Comments Off on Hillsborough Schools Operational Problems Running Rampant

HCPS Operations Keeps Missing the Bus

bus stop printed on asphalt road

Hillsborough County Public Schools (HCPS) issues are stacking up: lead in the drinking water, non-functioning air conditioners, mold in schools, radon testing, late buses, and a first grader dropped 20 miles from home.  Is this because the state is underfunding school maintenance, as has been suggested by Superintendent Eakins, or is it mismanagement?

Accountability needs to sit with those responsible – local school district leaders (i.e. the School Board and leaders in Hillsborough County School District).  Would you continue to employ anyone whose actions lacked expertise, professionalism, or transparency?  How well would your family physician perform duties if you only required the physician to have a degree in biology? Likewise, you don’t hire a physician to be your auto mechanic.

Was the lack of transparency that occurred when the district started testing for lead without notifying parents due to a lack of state funding?  Parents should have been notified as soon as lead testing began, and as soon as any lead was found, so parents could consult their pediatricians in a timely manner with concerns.  Telling parents what is going on does not require money.  HCPS Operations seems to be in damage control mode.

In 2014 Chris Farkas was selected as the Chief of Facilities, heading the transportation, maintenance, custodian, and facilities departments.  The position was renamed Chief Operating Officer in 2015.  According to the Tampa Tribune, this position paid $137,248.  The operations department should be responsible for fixing transportation, a/c problems, mold remediation, and lead and radon testing.

An expensive audit in 2016 by Gibson Consulting Group (Gibson) identified a lack of credentials required for certain jobs in the school district.  The report noted that “operational leadership positions” needed upgraded job descriptions and that operational job descriptions were “generic” and lacked “technical requirements”.

In my opinion operational leadership positions (especially when logistics related) call for a degree in Operations Research, Industrial Engineering, or Industrial Management; an MBA would be an additional plus for this type of position.

What qualifications did the Chief of Facilities have in 2014? In 2014 the Tampa Tribune reported Chris Farkas has a “…secondary education bachelor’s degree in comprehensive social sciences. He has a master’s degree in educational leadership from National Louis University.”  Educational Leadership is also HCPS’s preferred degree for the General Manager, Transportation position—which is not a technical degree.  That job description specifies its preferred certification: “Certifications in appropriate technical field preferred” – which is not the name of any certification.  Can anyone in the HCPS Operations Department discuss queuing theory, game theory, or develop linear programming models?

In 2017 the district said they needed to change school start and release times to increase the time between bells (elapsed time), because that elapsed time was the root cause for late buses.  Where is the data-driven evidence to support that root cause?  Several other known and documented causes for late buses were identified in Gibson’s audit.  The district decided to go with a one-size-fits-all (standard) recommendation for all urban school districts (that does not consider local traffic patterns or area needs).  What happened to the clearly identified problems causing late buses—were they rectified?

While HCPS was deciding on new bell times in 2017, MIT’s Operations Research Center won a challenge to provide solutions to the busing and bell time problems at Boston Public Schools.  If this is a challenge for operations research (OR) experts, how should anyone expect leader(s) who apparently do not have a degree related to this field to solve or even fully understand the problem and effectively communicate the problem with the public?  If this is the scope of the problem in our district, then do we have OR expertise on staff?

A successful industry example on a larger scale is ORION, built by UPS.  According to UPS, it began a prototype in 2008 and didn’t launch until 2013, completing in 2016.  While student riders are not “packages”, the concept is similar; it is a classic optimization in operations research problem.  A case study by Business for Social Responsibility (BSR) explains who UPS had on their original team:

The development took place within the Operations Research and Advanced Analytics groups, starting with a small, diverse team: a PhD in operations research, an industrial engineer, a UPS business manager, and several software engineers. – BSR, March 2016

It is not coincidental that the composition of that UPS team reflects my recommendations for certain operational leadership positions.

Has the District Superintendent or Deputy Superintendent, Operations considered developing a partnership with the local INFORMS Chapter at USF or USF’s IMSE department?

If HCPS’s job description only requires an educational leadership degree, how should anyone expect the problem to be solved given the complexity?

The problem is not limited to late buses, fewer students being served can contribute to traffic problems and unsafe conditions, and the list of facilities concerns now includes a/c reliability, mold, lead, and radon.

In mid-2018 Chris Farkas was promoted to Deputy Superintendent, Operations, arguably the most important position in the school district.  The HCPS Operations Department now includes Transportation, Maintenance, Human Resources, Information Technology, Business Services, Growth Management and Planning, Student Nutrition, and Security and Emergency Management.

After rearranging school start times to fix late buses, are buses still late?  Check out one of Hillsborough School District’s tweets setting expectations for buses to be late up to 2.5 hours for two weeks; how is that acceptable?  Was this a poor solution that might not even work, placed on the backs of students and the families the district serves?

Are parents aware of the HCPS courtesy busing survey? How many buses are currently over-crowded? How many students have been picked-up or dropped-off late so far this year?  How much instructional time have students missed?  How many parents have been late to work because a bus was late picking-up?  Why aren’t bus statistics reported on the district website (transparency)?

The decisions that impact the success of student transportation and facilities conditions are impacted by the financial, business, and operational acumen of those managing district operations.  HCPS is the 8th largest school district in the nation. Its general fund exceeds $1.5 billion and the tentative budget recommended on August 1, 2018 exceeds $3 billion.  The qualifications of our leaders, responsible for managing the district operations for over 200,000 students, should be top-notch.

Remember—you don’t hire a physician to be your auto mechanic.  It is easier to blame money than to fix political, operational, and leadership problems.  It is time for a new approach to running the school district. Parents need to objectively study the issues, and rally together to hold the school district leaders accountable for their actions and decisions.

Posted in HCPS Bell Schedules, Hillsborough School Board, Hillsborough Schools, Uncategorized | 3 Comments

Inappropriate Content and Transparency in Public Schools

How many parents have time to take note of the inroads perversion is making in public schools?  Here are a few examples from the State of Florida over the last two years.

  • April 2018: First Coast News reported on a highly inappropriate question in an 11th grade Duval County Anatomy class.
  • January 2018: Tampa Bay Times reported that a “Matchomatics” survey, used as a fundraiser, was handed out to Pasco County students asking about their “sexual orientation” apparently without parental permission. The same Canadian based company that runs “Matchomatics” also appears to have a sister survey titled “Friendomatics”.
  • April 2018: High school reading material in Florida that some describe as pornographic (note: the quotes from student reading material are explicit). No teenager should be encouraged to read this trash.  If that isn’t porn in a book then I don’t know what would be!  How is that material legal for schools to peddle?  Some of these books are in Hillsborough County High School libraries.
  • April 2017: ABC Action News reported on a Hernando County teacher who surveyed middle school students with inappropriate questions on a survey titled “How Comfortable Am I?”
  • May 2016: Tampa Bay Times reported that School Board Member April Griffin proposed including a question about sexual behavior in a student survey, and that the motion passed.

How many of these surveys become part of a students’ permanent digital record, available for hackers to sell off or for “researchers” to siphon out of the state longitudinal database or other systems like Edsby?  In case you missed it, I have already presented concerns about how well the privacy of student data is protected.

How do citizens and parents review or object to instructional materials when they cannot readily see what is required reading on the county or school websites?  Shouldn’t student surveys be published on the district website for parents and citizens to review? Citizens should not feel pushed into submitting a public records request to get complete information about instructional materials.

Some parents do make huge efforts to protect their children from access to crude and age-inappropriate topics on television, radio, and the internet.  Those considerable efforts and the desire of parents to raise children in a wholesome way should not be devalued programmatically by the state or county through “educational” materials or programs.  It is not the duty of schools to query student feelings on such deeply personal and sensitive topics.

School curriculum, required reading lists, surveys, and student handbooks should be openly published.  It appears some information, like the Hillsborough County Student Handbook, is hidden in online platforms like MySpot that require citizens or parents to create user accounts.

It doesn’t help that even when laws are passed, Hillsborough County Public Schools (HCPS) doesn’t always know about the law.  According the Auditor General’s March 2018 Report, Hillsborough County School District didn’t perform the required background checks “regarding sexual predators and sexual offenders” on over 42,000 school volunteers as required by law.  The auditor general report also explains Hillsborough Schools didn’t always perform “Required background screenings…for…instructional and non-instructional employees”.

What was the consequence of that colossal failure – an auditor general report, an unflattering news report, and the possibility of harm to a child? Meanwhile, A.P. Dillon has been reporting on this quiet epidemic in schools.

Hillsborough County School District has its’ own history with sexual misconduct: Continue reading

Posted in Uncategorized | Comments Off on Inappropriate Content and Transparency in Public Schools

How Many Schools Leave Their Digital Doors Open and Expose Private Data or Get Data Duped?


According to a Politico article from March 2018, there was a major data breach of personal information at Florida Virtual School (FLVS).  While Florida Virtual School claimed they were hacked, the article notes two different people who explained that FLVS left their server open – in general that means anyone could access the server without having a password.  An analogy would be leaving for work with your front door wide open.  One of those people who insisted FLVS left the server open included Chris Petley, Leon County Schools spokesman.

Was that a FERPA violation? Does FERPA matter?

FERPA is the Family Educational Rights and Privacy Act (FERPA) and is a Federal law that protects the privacy of student education records.  But how well does it protect student privacy?

According to a blogger from Louisiana, Crazy Crawfish, FERPA is very outdated and was originally created in 1974.  This blogger’s post from 2013 is titled “FERPA does not protect student privacy, and never did.  The post provides a history of FERPA, changes to FERPA made by the U.S. Department of Education (not approved by Congress), and presents the most disturbing concern of all – the consequences or lack thereof for FERPA violations.  According to this blog:

FERPA has no defined penalties for folks who willfully and/or negligently and repetitively violate it


This means any vendor that obtains personally identifiable data is largely immune to any repercussions or restrictions on its use or misuse. This is a matter of settled law and an opinion issued by US ED…

Has FERPA been improved in the four years since this blog was published?  If there are not consequences that are ever materially enforced, then who cares about violations?

While schools and school districts may find it safer (for them) to outsource data storage and analytics to data collectors like Edsby or data stewards like Microsoft Azure, the more parties you introduce, the more third parties might have a way to misuse data.  Outsourcing may circumvent a school from accidentally having an “open door” on their district owned servers but it opens up another can of worms – third parties.

What Can Happen with Third Parties? 

The following is an example of how a third party seemed to manipulate an administrator into providing “directory” information.  FERPA requires parental notification prior to disclosing directory information, as the National Association of Colleges and Employers (NACE) explains in an April 2015 article “FERPA Primer: The Basics and Beyond”:

Directory information can be disclosed provided that the educational institution has given public notice of the type of information to be disclosed, the right of every student to forbid disclosure, and the time period within which the student or parent must act to forbid the disclosure.

In 2016, A Florida Voluntary Prekindergarten (VPK) provider and preschool was reportedly contacted and heavily encouraged to install an add-on into the preschool’s purchased software program, Procare, which manages student and family information.  Procare also offers programs to manage accounting, employees, and a corporate organizer.

When the preschool administrator was contacted, she originally thought the caller was Procare.  Only later in the call did she “understand” the caller was from “ABCmouse”.  The preschool reported that “they acted like it wasn’t even an option not to install”.   The caller had the preschool access an ABCmouse add-on file through the Procare software to install.  The add-on transmits student data to ABCmouse, supposedly at the initiation of the preschool.

That sounds like another win for big data at the expense of a child’s data privacy.


Then the marketing of ABCmouse services began. A parent was alarmed to receive Continue reading

Posted in Data Privacy, PII, Uncategorized | Comments Off on How Many Schools Leave Their Digital Doors Open and Expose Private Data or Get Data Duped?

Are You Breaking the Law When You Post Student Photos Online Without Parental Consent?

In May 2016, Education Law Insights published an article discussing student photos taken at school titled “Before You Upload That Student Photo, Ask: What Would FERPA (Have Me) Do?” The article covers a litany of questions and scenarios to think about before posting school photos online, even when those photos are taken by a parent volunteer. FERPA is the Family Educational Rights and Privacy Act and is a Federal law that protects the privacy of student education records.

While this article was written from the perspective of Illinois, and states have different laws (in addition to FERPA), one should question whether any photos taken in school should ever be posted online without parental permission.  Why is this important?  Here are some common sense reasons:

  • When someone is in protective custody or in witness protection, it matters.
  • When families are trying to avoid a stalker, it matters.
  • When families want privacy, and a student is required to go to school and doesn’t want their photos plastered all over the internet, it matters.
  • When that child gets a little older (middle school) and photos are easily available online, it doesn’t make it hard for peers to photoshop and bully the child.

A child cannot escape the school, a child doesn’t have a choice to be there, the sanctity of their privacy in school should not be abused by other students, parents, and schools who don’t have the foresight to consider a student’s privacy.  How will you feel if it was a photo YOU posted that was clipped and edited to bully someone else’s kid?  How would you feel if it was your kid?

For the parent and child it isn’t just about what the law says, it is about what is actually happening.

After reading the Education Law Insights article I have a few questions about what schools do:

1) Does loading photos or videos into third party platforms or into school district owned platforms that spread the data around into more platforms count as “online”?  Because it is “online”, it just might or might not be public. 

My point here is that there are so many ifs and buts that in the end I don’t actually know when something I don’t want collected about my child can or can’t or is or isn’t loaded into a third party system.  A third party system that I might or might not even know exists.  The problem is Continue reading

Posted in Data Privacy, Hillsborough Schools, Social Media Privacy, Uncategorized | Comments Off on Are You Breaking the Law When You Post Student Photos Online Without Parental Consent?

Will Your Kid’s School Data be the Next Privacy Breach?


The Facebook Data Privacy problem is bad, but it didn’t necessarily include very personal information collected by your child’s school district.  One product heavily engaged in student data collection that includes social networking and learning analytics is Edsby.  Edsby is a cloud-based software application developed by CoreFour Inc., based in Canada.

What Does Edsby Collect?

Two years ago, Hillsborough County Public Schools (HCPS) started collecting 1.3 million records every day in Edsby, according to an article in The Journal:

Hillsborough County Public Schools in Tampa, FL was a beta test site for Edsby’s learning analytics and has been capturing data about its 206,000 students for the entire 2015-16 school year, with 1.3 million records entering the district’s Edsby analytics system every school day.

Hillsborough County Schools is the eighth largest school district in the country and has been a customer of Edsby since 2013.  How many records are being stored daily in Edsby now, more than two years after becoming the beta test site for Edsby’s learning analytics?

In January 2018, Tech & Learning described just what kind of qualitative data might be stored on children in Edsby without parental consent.  It appears to include arguably non-academic data:

Edsby’s new…features enable teachers to easily take pictures or record videos, tag them by standards or learning goals, share them with parents and organize them to document growth and streamline reporting on student progress.

The new features’ strong performance on mobile devices enable teachers to capture digital artifacts in the classroom from phones and tablets.

What exactly does the author mean by “digital artifacts”? Is this designed to collect video and audio recordings of student and teacher interactions?  What are the Terms of Use and Privacy Policies of the mobile applications being used to capture “digital artifacts”? If a child is not tagged in the “digital artifact” or the teacher doesn’t share the media, does that mean the parent won’t even know the media exists?  What studies show that this type of invasion of privacy is significantly improving student education?

What personal data could be stored in Edsby? Does it include a student’s medical conditions? Does it include personal information about Exceptional Student Education (ESE) or pexels-photo-236215.jpegIndividual Education Plans (IEP)? Does it include disciplinary actions, student surveys, or psychological test results? What data will districts collect under Social-Emotional Learning  programs? Does it include private messages between parents and teachers? Grades? What are all the fields and media this platform stores?  How is Edsby data accessed when one doesn’t want a user account (FERPA)?  Are parents notified before personal information is included in any Edsby directory (FERPA)?

Five Data Privacy Concerns

Does Hillsborough County Public Schools (HCPS) require contractors like Edsby to follow the U.S. Department of Education’s (USDOE) Protecting Student Privacy While Using Online Educational Services: Model Terms of Service?  Citizens Lighthouse asked about the data privacy policies on Twitter.  While the tweet was directed at Hillsborough County Schools, only Edsby replied.  Based on the information provided in that reply, Citizens Lighthouse has at least five concerns with the district’s use of Edsby:

First, the terms of service (TOS) 1 or terms of use (TOU) provided in the reply from Edsby states:

By posting that content on the Site or through the Services you grant CoreFour Inc. a limited royalty-free, perpetual, world-wide non-exclusive license to store, use, reproduce, publish, translate, distribute, and display the content in any media or medium, or any form, format, or forum now known or hereafter developed subject to the restrictions of our privacy policy.

The U.S. Department of Education’s Student privacy model terms of service CLEARLY provides a “WARNING!” that the phraseology below should NOT be included in the TOS (see here):

Providing Data or user content grants Provider an irrevocable right to license, distribute, transmit, or publicly display Data or user content.

Those two TOUs (TOS) sound similar, should we be concerned?

Second, the USDOE’s student privacy model terms of service also warns here that the school district should maintain control over changes in the TOU.  Edsby explains:

CoreFour Inc. may make changes to these Terms of Use from time to time. We suggest you check these Terms of Use periodically for changes. Any modifications will take effect one month after being posted on the Site and in the Services. By your continuing use of the Site and/or Services after changes are posted, you will be deemed to have accepted such changes.

Third, and even more alarming, there is no explanation in Edsby’s TOU1 or its Privacy Policy1 detailing how well personally identifiable information (PII) is de-identified.  The purpose of de-identification is so that when your data is shared with someone else or analytics are performed, they cannot identify who you are and associate it with your private data; it is supposed to be anonymous.  The problem it seems is that when an entity really wants to figure out who you are, they can try to merge their database with another database acquired elsewhere or use other methods to attempt re-identification of those who were loosely de-identified.  The USDOE explains the challenges of de-identification here:

De-­identification typically requires more than just removing any obvious individual identifiers, as other demographic or contextual information can often be used to re-identify specific individuals. Retaining location and school information can also greatly increase the risk of re‐identification.

As a result, the USDOE specifies some details that should be included in agreements:

…because it can be difficult to fully de-­identify [PII] data, as a best practice, the agreement should prohibit re-identification and any future data transfers unless the transferee also agrees not to attempt re-identification.

There is no mention in Edsby’s TOU1 or Privacy Policy1 how it de-identifies student data.  As it was understood from a conversation with one representative at Hillsborough typography-white-door-fence.jpgSchools, there is not any requirement in their contract or data sharing agreement detailing how the data should be de-identified, or what fields should be removed, and that part of a data-sharing agreement is “trust”. What degree of trust did Facebook assume in its agreements with third parties?  

According to the Tampa Bay Times, HCPS blew through almost half ($146 million) of its financial reserves in three years and purportedly without the school board’s knowledge – given that, some feel trust is long gone.

Edsby seems to have no problem letting you know that they know your geographic location when asking probing questions on their website chat tool.  It makes one wonder what could happen to your child’s data?  Are they trustworthy? Was Facebook trustworthy?

Edsby does have this clause in their policy1:

You may have other agreements with CoreFour Inc. Those agreements are separate and in addition to these Terms of Use. These Terms of Use do not modify, revise or amend the terms of any other agreements you may have with CoreFour Inc.

But then again based on the conversation with HCPS it is understood that de-identification and re-identification clauses do not exist in separate agreements between the Hillsborough County School District and Edsby.

Fourth, what about “educational” researchers? According to The Washington Post that is how Cambridge Analytica “broke Facebook’s rules”— it was “under the pretense of academic use”. What is Hillsborough County Schools Policy on allowing access to student data for “academic use”?

And Last, The Washington Post reported that developers were encouraged to “build their businesses off Facebook’s data” via the Facebook feature “log-in through Facebook”.

What happens when HCPS integrates Edsby with Google G Suite or Microsoft Office 365 for HCPS students and HCPS staff and one logs into Edsby using those Google or Microsoft credentials? According to Edsby’s Privacy Policy1:

When Edsby integrates with these systems it provides a way for you to log in to Edsby by using your Microsoft or Google authentication credentials.

Does that integration give Microsoft or Google access to student data?

In June 2017, Microsoft updated the OneNote Class Notebook add-in to include “Assignment and grade integration with Edsby”.  OneNote is available to HCPS teachers and students for free under the district’s enterprise agreement with Microsoft. OneNote’s list of education partners is long.

The student data in the Edsby platform is stored in Microsoft’s Azure Cloud.  Aside from the risk hackers pose, like this recent example at Bay District Schools, data might be accessible by not only the district but also by Edsby and Microsoft Azure.  Having more parties managing and engaging with the data creates more opportunity for mistakes and subversive behavior.

Getting Answers?

If Hillsborough Schools has a different TOU under its contract or data sharing policy with Edsby then HCPS should publish the Edsby contract and data sharing policy online for transparency and trust.  Those whose personal data is being collected, the students and their parents, have a vested interest in knowing if their data is safe and follows the USDOE’s student privacy model terms of service guidance.

There should be public oversight and total confidence that our data is safe from mining, profiling, and sharing.  There should be transparency about what the district is doing, how they are doing it, and what they are collecting.  Why should citizens have to jump through time-consuming hoops to get complete answers about the privacy of student data?

One district representative suggested speaking with IT Security regarding Edsby privacy questions but refused to provide a single name or contact number for that department, instead the phone call was forwarded to an “IT Security” line that rang endlessly with no voicemail.  Why has the district not published a single contact for the IT Security and Privacy department?


Unfortunately this isn’t the only student data collection engine in the state, there is also Florida’s Statewide Longitudinal Data System (SLDS) or Education Data Warehouse (EDW).  At least the FLDOE tells you what fields or data elements they collect on students, see here if you want to peruse that list, they even include a field for “Teenage Parent Program: Birth Weight of Child”.  Should we be asking the FLDOE similar questions about student data privacy?

According to the Florida Department of Education (FLDOE) the SLDS has “multiple initiatives…to support…federal long-term goals” and is jointly funded by a Race to the Top (RTTT) grant, Federal SLDS grants, and the Florida Legislature.

How much is Hillsborough County School District paying Edsby annually for all services, licensing, training, etc. for the creation of a major data mining and analytics opportunity that might one day risk the privacy of student personal information?

Have all the possible loopholes been dutifully plugged with indecipherable legal jargon?  Or is this just a data breach time bomb waiting to go off?

There are too many questions left unanswered about our children’s data privacy and it seemed safer when we had grades in a teacher (pen and paper) grade book and got paper report cards from a district printer with data likely pulled from a local mainframe every quarter.  It would probably be a lot cheaper if we eliminated some of the district’s software and licensing, maybe even get the district out of their reported deficit.  But the state and federal government want access to all that data, some highly invasive, for research on our children without parental consent.  We should get back to the basics and reclaim local control of education and your children’s personal data.

In the meantime, who is really protecting your child’s data?


1Edsby’s Privacy Policy and Terms of Service (TOS) dated 1/5/2018
Posted in Data Privacy, Hillsborough Schools, PII | Comments Off on Will Your Kid’s School Data be the Next Privacy Breach?