Nov 302018
 November 30, 2018  Posted by  Featured News, Laws, U.S., Youth & Schools

Amelia Vance has an important piece on NASBE about FERPA and directory information. Her piece includes some research conducted last year:

In 2017, data analyst Leah Figueroa sent email requests to 10 institutions of higher education asking for “a listing of student directory information.” Three schools requested that she fill out a Freedom of Information Act (FOIA) request before she could receive the data (depending on the state, directory information may or may not be considered subject to state FOIA laws); two schools sent her a public link to their student directory; and one provided her with the records of 22,006 of their students after she paid $50. Figueroa did not need to identify herself or provide a reason why she needed the information—even though sensitive information was shared with her, such as telephone numbers and email addresses. She noted that, while most directory information requests are legitimate, coming from “researchers or other colleges seeking to recruit students—some are likely coming from predatory loan companies,” other “aggressive marketers,” or even a stalker seeking the “dorm address of a student.”

Read more on NASBE.

Nov 302018
 November 30, 2018  Posted by  Breaches, Featured News, U.S., Youth & Schools

Benjamin Herold reports:

The U.S. Education Department failed to conduct timely, effective investigations of potential violations of the nation’s main student-data-privacy law, allowing a years-long backlog of unresolved cases to pile up without any mechanism for effectively tracking the number or status of the complaints it received.

That’s according to a scathing new audit from the department’s own Inspector General, released this week.

According to the audit, the department’s privacy office in September 2017 had on its books 285 open investigations of complaints made under the Family Educational Rights and Privacy Act, or FERPA.

Read more on EdWeek.

Nov 302018
 November 30, 2018  Posted by  Business, Govt

Zack Whittaker reports:

Amazon has “failed to provide sufficient answers” about its controversial facial recognition software, Rekognition — and lawmakers won’t take the company’s usual silent treatment for an answer.

The letter, signed by eight lawmakers — including Sen. Edward Markey and Reps. John Lewis and Judy Chu — called on Amazon chief executive Jeff Bezos to explain how the company’s technology works — and where it will be used.

It comes after the cloud and retail giant secured several high-profile contracts with the U.S. government and at least one major metropolitan city — including Orlando, Florida — for surveillance.

Read more on TechCrunch.

Nov 292018
 November 29, 2018  Posted by  Breaches, Govt, Non-U.S.

Raymond Ayas reports:

Minister of Border Security and Organized Crime Reduction, Bill Blair, has admitted to a privacy breach in an online survey that was advertised to Canadians as “anonymous”. The government recorded the IP addresses of everyone surveyed during the 2018 handgun ban consultations.

While the consultation process from Public Safety Canada is still ongoing, the online engagement session was only open between October 11 to November 10, 2018. The privacy breach occurred during that 30-day period.

Read more on The Post Millenial.