I’ve previously covered the new law in Maine that asks parents to provide their children’s Social Security Numbers so that the state can track the students. A number of school boards had the wisdom to write to the parents and basically say, “Look, we have to ask you for it, but we encourage you to say ‘No.’ ” Now it appears that a data breach has spooked the state into delaying implementation of the system even though it doesn’t involve this particular database. Derek Viger reports:
Ed Commissioner Angela Faherty sent a letter to Maine superintendents today asking them to hold off on collecting student SSNs for the yearly October 1st data collection. The reason? Supposedly restricted information was not so restricted. According to the letter, on September 24 an error allowed a tech director at one of Maine’s school districts to view SSNs of school staff at various schools around the state. This system is not related to the one which collects student data. Still, the DOE has take steps to ensure no student data can be viewed in the Infinite Campus District Edition – Infinite Campus is the state’s student data collection software. Student SSNs already collected will be deleted from the State system. An outside contractor will asses the State system’s security. Finally, SAUs will be asked not to submit any SSNs they have already collected.
Read more on Pine Tree Politics. Actually, the error within the secondary system allowed any authorized user of the system to see information that should have been restricted. Thankfully, it seems as if the error may have been spotted quickly.