In the Huffington Post article, “In Push For Data, Schools Expose Students To Identity Theft” author Gerry Smith writes about the growing risk of school kids data being stolen across the country.
Read Part One here:
Elizabeth Laird, of the Data Quality Campaign, an organization that encourages states to build student databases argues that students’ Social Security numbers are useful for education policy by creating “enhanced analytical opportunities” for evaluating school curriculum. “The more important conversation is not whether states are collecting Social Security numbers, but how they are ensuring the privacy, security, and confidentiality of all personally identifiable information,” Laird said in a statement to the Huff Post. “We can’t speak to how Social Security numbers are collected and stored at the local level,” she added.
The article cites one survey that concludes student PII is not stored very securely. Only half of K-12 schools use data encryption, according to a survey of IT employees at K-12 schools nationwide. 72% cited budget constraints as the primary barrier to improving their IT security, according to the survey by Panda Security (PDF). Collecting PII in central databases with lackluster security is asking or trouble, “This is making a much bigger honey pot for people with malevolent purposes to gain access to children’s information,” Joel Reidenberg, a professor at Fordham University School of Law. He told The ID Channel, “It’s a meltdown waiting to happen.”
School districts in 26 states now ask for students’ Social Security numbers. The Michigan Department of Education states (PDF), “A school district cannot mandate that parents disclose the social security number of their children.” Huff Post states that Texas is one of those states where education officials use PII to connect K-12 records to higher education and workforce data, according to Debbie Ratcliffe, a spokeswoman for the Texas Education Agency.
Last year, the Texas agency asked eight school districts to send PII, including Social Security numbers, through the mail on unencrypted CDs for research purposes. The article reports that Laredo Independent School District learned the CD it sent got lost in the mail, exposing nearly 25,000 current and former high school students to identity theft, according to the Texas Tribune. Ratcliffe told The Huffington Post that the request came from an agency employee who operated “way outside” normal protocol.
- Beaumont school officials told parents that Social Security numbers belonging to an estimated 15,000 students were accidentally exposed online for nearly a year.
- The San Antonio Independent School District told parents that names and Social Security numbers of up to 360 students were mistakenly made visible through a Google search.
Still, the Texas Education Agency has no plans to stop asking school districts for students’ Social Security numbers, Ratcliffe told the author. “We have so many databases that use them that it would require quite a bit of change to make that happen,” she said.
Yet concerns over child identity theft have prompted at least five states — Nebraska, North Dakota, Washington, Maine and Wyoming. to create policies that restrict the collection and use of Social Security numbers in K-12 schools.
Jerry Coleman, director of school finance at the North Dakota Department of Public Instruction Coleman said in an interview, “To protect those Social Security numbers would be a hassle we don’t need,”
Parents can refuse to disclose their child’s Social Security number, and the student would be assigned a different identifying number. Ratcliffe, of the Texas Education Agency, said most parents disclose their child’s number anyway.
But privacy experts say, in most cases, parents should keep that information to themselves. “When someone asks for your child’s Social Security number, say no,” said Aaron Titus, chief privacy officer for Identity Finder, which helps organizations protect sensitive data. “I have found about 90 percent of the time, when I push back a little bit, I get my way.”
Data breaches leave people six times more likely to become victims of identity theft, according to a survey by Javelin Research. Schools warn parents to monitor their children’s credit after a data breach. The Huff Post says credit reports only turn up 1 percent of fraud on children’s credit histories because thieves pair children’s Social Security numbers with new names and birth dates, a study by Debix found.
More than 18,000 child identity theft complaints were reported to the Federal Trade Commission. But experts tell Huff Post that figures on child identity theft are likely much higher because the crime often goes undetected for years. ID Analytics estimates more than 140,000 children are victims of identity theft each year, based on a one-year study of those enrolled in the firm’s identity protection service. When child identity theft victims turn 18, they find their credit has been destroyed, preventing them from taking out loans or renting apartments.
Consumers Unions points out that Michigan law restricts how Social Security numbers can be used. In Michigan, SSNs cannot be printed on ID cards, intentionally communicated to the public and/or publicly displayed or mailed within and envelope.
- Child Identity Theft: Warning Signs and Action (lexingtonlaw.com)