Privacy Primer for Educators

Melissa DarkCenter for Education and Research in Information Assurance and Security

(CERIAS)

Purdue Universityhttp://www.cerias.purdue.edu/education/K-12

dark@cerias.purdue.edu

What is Privacy?

The ability to control the degree to which people and institutions impinge upon one’s life.

• Hildreth & Hoyt, 1981

The right claimed by an individual to control the disclosure of personal information about themselves.

• Adams, 2000

Describe your privacy expectations of your:

–Bank–Doctor–Government Officials–Clergy

Do we expect this same level of professionalism from our schools?

– Junk Mail– Phone Calls From Telemarketers– Online Surveys– E-Mail SPAM– Grocery Savings Cards – Security Cameras– Cell Phone Tampering– Phone Logs– Workplace Surveillance

What is the common factor that unites these items?

Is privacy really that important?

In 1993, MacWorld launched an investigation surrounding the ability of unauthorized users to obtain information from celebrities.

This information was all obtained in a legal and ethical manner.

For $112 per celebrity....they found:Through online solicitation and searches, the editors were able

to obtain the following information on individuals:

birth datehome addresshome phonesocial security number neighbors address/phonedrivers record

(including physical characteristics)

marriage recordvoter registration information

biographical informationtax lienscampaign contributionsvehicles ownedreal estate ownedcommercial loans/debtscivil court filingscorporate ties

(CQ Researcher, 1993).

Collection of Children’s Information

1999 Survey: 16 million children ---14% of US citizens under the age of 18 regularly use the Internet. (1999)

Study conducted by Cai and Gantz (2000) indicated that the majority of Web sites targeted at children collect personal information from their under-age users.

Children also readily provide personal data in return for a “great prize” (Carlson, 2000)

Why is Privacy Important for Teachers?

Federal law mandates that teachers protect the information they gather and record regarding their students (National Center for Education Statistics, 1998).

–FERPA –COPPA–Supreme Court Decisions

Failure to do so could result in personal and professional liability.

Privacy Practices—Common Law

1. Information should not be conveyed to other teachers/administrators unless the motive is to enhance performance.

2. Pupil information should be transmitted only upon request.

3. Records should be released only if there is a statutory requirement or the pupil/parents request the release.

Privacy Legislation for Educators

Family Educational Rights and Privacy Act , 1974 (FERPA):

Requires that educators demonstrate “due diligence” in protecting student data, information, records, and other sensitive information.Teachers can be personally held liable for failing to maintain the integrity of such data.

FERPA...

Parents/guardians have a right to inspect all records.Record of access maintained regarding individuals examining the files.Appeals to contents are permitted.Records must be kept confidential—no release unless there is permission.

Birth date, address, ss#, grades, test results, discipline records, attendance, health records, pictures, etc.

Unique Challenge of E-Mail and Electronic Documents

Teachers must demonstrate “due diligence” in protecting ALL records.Vulnerabilities:

Open Network ConnectionsPoor Password Selection/ProtocolLack of Encryption“naked” e-Mail

Encryption(Enciphering sensitive information)

Encoding informationSecret Code RingCryptoquipPig Latin

*Most* common applications offer password protection.

Confidential (not critical)---USE ENCRYPTION!!!!

NEVER send HIGHLY SENSITIVE information through email. (email should *never* be considered secure!)

PGP: Pretty Good Privacy(approx. $20 per unit)

Requires use of Public Keys

Sample PGP encrypted email:

Without the proper keys...

the message is unreadable.

Sample Encrypted Document:

1. File / Save As

2. Click on TOOLS

3. Select GENERAL OPTIONS

4. Enter passwords

Password Protecting Windows

Documents

Practical Privacy Techniques for Teachers:

1. Practice Proper Information Security Techniques

2. E-Mail Awareness 3. Use of Encryption4. Download Precautions5. Close the Cookie Jar6. Read Privacy Statements7. Set up a Second Online Account

Dissemination of Privacy Practices to Students:

Fundamentals of protecting privacy is a “new” skill that schools should address

• (Willard, 2000)

Privacy issues need to be embedded within the curriculum as readily as technical skills

• (FTC, 2001)

Short lessons and natural teaching moments work well for identifying the topic.

Teachers must serve as a role model for privacy protection practices.

Conclusion:As technology is introduced into schools, it is critical to combine the technical skills with the soft (ethical) skills surrounding the media.

Attention needs to given to both teachers and students upon this topic.

Teachers must practice privacy techniques daily---to protect the information and serve as a positive role model.

Excellent Resources:

Stealth Surfing by Matt Lake:http://www.pcworld.com/resource/printable/article/0,aid,16350,00.asp

Follett Software Company: Privacy Sites:http://www.pathwaysmodel.com/resources/articles/adams/weblinks.cfm

Make Your PC Hacker Proof by Jeff Sengstack:

http://www.pcworld.com/resource/printable/article/0,aid,17759,00.asp