Kim Archer reports that the same state education department that upset the hell out of privacy advocates by publicly posting students’ personal details if they applied for a waiver of state tests still doesn’t grasp their obligations to rigorously protect student privacy:
Some area school officials say the Oklahoma State Department of Education has violated state and federal laws protecting student privacy by releasing information to districts about students who no longer attend their schools.
“If (the students have) left us, we really shouldn’t have access to that information,” said Larry Smith, deputy superintendent at Sapulpa Public Schools.
The data include student grades, disability status, and free and reduced-lunch status.
Read more on Tulsa World.
It would be bad enough if the department had just made a configuration error in its settings and thereby allowed all districts’ personnel to access all students’ data. But for the state to later claim that they are “erring on the side of caution” in limiting access to data that should be limited is concerning, as it suggests that they really don’t get that such privacy and data protection isn’t optional.
(headline corrected to reflect Oklahoma and not Kansas)