Max Londberg reports:
Cincinnati Public Schools inadvertently released busing information, such as students’ names and their pickup and drop-off locations, to the wrong recipients.
The district planned to disseminate about 7,000 students’ information Thursday as a reminder to families as the first day of school approaches. But the district’s internal email system sent an unknown number of those students’ info to the wrong families. The glitch was caused by a bug introduced during an update of the system, said Lauren Worley, a district spokeswoman.
Read more on Cincinnati.com.
I do not understand why the district claimed this was not a breach. According to the report:
Each email included a student’s first and last name, bus number, bus route, pickup and drop-off location, and possibly the time of pickup and drop-off, Worley said.
I doubt that is directory information under FERPA. And if it’s not directory info, explain how a district spokesperson can say that the release was not a data dump or breach, “in that the wrong recipients are all believed to be families with students of their own enrolled in the district.”
That doesn’t make it not a breach. I agree it’s not a data dump, but it is certainly unauthorized disclosure and a breach of personal information on some level, isn’t it, even if you argue that bus info is not an “education record” under FERPA…?