Yet another breach in response to an open records/freedom of information request, this one affecting 36,000 Poway Unified School District students in California. CBS reports:
The privacy breach leaked information about every student in the district and it included: medical information, home addresses, nicknames, birthdates, student grades, test scores and parents’ sensitive occupations.
The San Diego Union-Tribune provides a bit more detail on the data types:
The data included children’s names, nicknames, addresses, phone numbers, hearing and vision exam results, dates of birth, language fluency, academic test results and occupation of parents, according to the woman who received the data, Gabriela Dow.
Gabriela Dow told CBS News 8 she received the sensitive information after an open records request. Dow is a parent and a member of the district education technology advisory committee.
Reportedly, Social Security numbers were not included.
All told, about 70,000 people had personal information exposed:
A month later, she received the documents she asked for, and much more — a spreadsheet containing 36,444 rows of data on information for everyone connected to the Poway district. Including parents, the data contained information about 70,000 people.
Now here’s a complaint that will likely go nowhere:
Dow filed a complaint with the district attorney’s office citing violation of the “Family Educational Rights and Privacy Act,”
What can a district attorney do about a violation for FERPA?
Exactly.
That is a big district with over 70,000 people having their information exposed.
How many data breaches does this make for school districts this year? I feel like its in the hundreds on this point.
Also, in regards to the DA filing a complaint citing FERPA violation, no comment. That is self explanatory.