A great deal of data is collected on students of all ages. Registration forms, health forms, emergency contact forms and permission slips are all a part of the information overload that schools typically require from their pupils, and many of these forms request sensitive data such as social security numbers. Unfortunately, school administrators don’t always protect this information as well as they should and education institutions are just as susceptible to data breaches as any other organization.
This vulnerability, combined with the fact that stealing personal information from minors can go undetected for years, is just part of the reason why minors are 51 times more likely to suffer from identity theft than adults.
The Federal Trade Commission recently issued a release alerting parents about how to protect students from fraudulent activity. Of particular note is information about the federal Family Educational Rights Privacy Act (FERPA), enforced by the U.S. Department of Education, which protects the privacy of student records and gives parents of school-age kids the right to opt out of sharing contact information with third parties, including other families.
The FTC’s safety tips for parents include:
• Read the notice schools must distribute that explains the rights of students and parents under FERPA. This legislation protects the privacy of student education records and gives parents the right to inspect and review your child’s education records, consent to the disclosure of information in the records and correct errors in the records.
• Ask your child’s school about its directory information policy. Student directory information can include a child’s name, address, date of birth, telephone number, email address, and photo. FERPA requires schools to notify parents and guardians about their school directory policy and give them the right to opt out of the release of directory information to third parties. Absent opting out, directory information may be available not only to the people in a child’s class and school, but also to the general public.
• Take action if your child’s school experiences a data breach. If you believe there’s been a data breach and your child’s information has been compromised, contact the school to learn more. Talk with teachers, staff, or administrators about the incident and their practices. Keep a written record of your conversations. Write a letter to the appropriate administrator, and to the school board, if necessary. The U.S. Department of Education takes complaints about these incidents. Contact the Family Policy Compliance Office, U.S. Department of Education, 400 Maryland Ave., SW, Washington, DC 20202-5920, and keep a copy for your records.
Perhaps it’s no coincidence that as more attention is directed to the risks of identity theft amongst children, cyber defense is becoming a hot new field of study for students. National cyber defense competitions have emerged as spirited forums for budding technical talent, including the National Security Agency’s Cyber Defense Exercise – a competition that pits students from a series of military academies against each other – and against the competition’s leaders at NSA; the Air Force Association’s National High School Cyber Defense Competition, CyberPatriot, created to inspire high school students towards careers in cyber security and associated fields; and the National Collegiate Cyber Defense Competition, designed to provide practical experience for students in a fast-changing field that needs ever more talented workers.
We can only hope that this new generation of cyber experts – borne from a time when new risks have posed threats to their own personal safety – can meet the growing challenges of cyber defense.