Transcript Privacy Primer for Educators - CERIAS

Privacy Primer for Educators
Melissa Dark
Center for Education and Research in Information
Assurance and Security (CERIAS)
Purdue University
http://www.cerias.purdue.edu/education/K-12
[email protected]
What is Privacy?
The ability to control the degree to
which people and institutions impinge
upon one’s life.
• Hildreth & Hoyt, 1981
The right claimed by an individual to
control the disclosure of personal
information about themselves.
• Adams, 2000
Describe your privacy expectations of your:
–Bank
–Doctor
–Government Officials
–Clergy
Do we expect this same level of
professionalism from our schools?
– Junk Mail
– Phone Calls From Telemarketers
– Online Surveys
– E-Mail SPAM
– Grocery Savings Cards
– Security Cameras
– Cell Phone Tampering
– Phone Logs
– Workplace Surveillance
What is the common factor that unites these items?
Is privacy really that important?
In 1993, MacWorld launched an
investigation surrounding the ability of
unauthorized users to obtain
information from celebrities.
This information was all obtained in a
legal and ethical manner.
For $112 per celebrity....they found:
Through online solicitation and searches, the editors were able to obtain
the following information on individuals:
birth date
home address
home phone
social security number
neighbors address/phone
drivers record
(including physical characteristics)
marriage record
voter registration information
(CQ Researcher, 1993).
biographical information
tax liens
campaign contributions
vehicles owned
real estate owned
commercial loans/debts
civil court filings
corporate ties
Collection of Children’s Information
1999 Survey: 16 million children ---14% of US
citizens under the age of 18 regularly use the
Internet. (1999)
Study conducted by Cai and Gantz (2000) indicated
that the majority of Web sites targeted at children
collect personal information from their under-age
users.
Children also readily provide personal data in return
for a “great prize” (Carlson, 2000)
Why is Privacy Important for Teachers?
Federal law mandates that teachers protect the
information they gather and record regarding
their students (National Center for Education Statistics, 1998).
–FERPA
–COPPA
–Supreme Court Decisions
Failure to do so could result in personal and
professional liability.
Privacy Practices—Common Law
1. Information should not be conveyed to
other teachers/administrators unless the
motive is to enhance performance.
2. Pupil information should be transmitted only
upon request.
3. Records should be released only if there is a
statutory requirement or the pupil/parents
request the release.
Privacy Legislation for Educators
Family Educational Rights and Privacy
Act , 1974 (FERPA):
Requires that educators demonstrate “due
diligence” in protecting student data,
information, records, and other sensitive
information.
Teachers can be personally held liable for
failing to maintain the integrity of such
data.
FERPA...
Parents/guardians have a right to inspect all
records.
Record of access maintained regarding
individuals examining the files.
Appeals to contents are permitted.
Records must be kept confidential—no
release unless there is permission.
Birth date, address, ss#, grades, test results,
discipline records, attendance, health records,
pictures, etc.
Unique Challenge of E-Mail and
Electronic Documents
Teachers must demonstrate “due
diligence” in protecting ALL records.
Vulnerabilities:
Open Network Connections
Poor Password Selection/Protocol
Lack of Encryption
“naked” e-Mail
Encryption
(Enciphering sensitive information)
Encoding information
Secret Code Ring
Cryptoquip
Pig Latin
*Most* common applications offer password
protection.
Confidential (not critical)---USE ENCRYPTION!!!!
NEVER send HIGHLY SENSITIVE information
through email. (email should *never* be
considered secure!)
PGP: Pretty Good Privacy
(approx. $20 per unit)
Requires use of Public Keys
Sample PGP encrypted email:
Without the
proper keys...
the message is
unreadable.
Sample Encrypted Document:
Password
Protecting
Windows
Documents
1. File / Save As
2. Click on
TOOLS
3. Select
GENERAL
OPTIONS
4. Enter
passwords
Practical Privacy Techniques for Teachers:
1. Practice Proper Information Security
Techniques
2. E-Mail Awareness
3. Use of Encryption
4. Download Precautions
5. Close the Cookie Jar
6. Read Privacy Statements
7. Set up a Second Online Account
Dissemination of Privacy Practices to Students:
Fundamentals of protecting privacy is a “new”
skill that schools should address
• (Willard, 2000)
Privacy issues need to be embedded within
the curriculum as readily as technical skills
• (FTC, 2001)
Short lessons and natural teaching moments
work well for identifying the topic.
Teachers must serve as a role model for
privacy protection practices.
Conclusion:
As technology is introduced into schools, it is
critical to combine the technical skills with the
soft (ethical) skills surrounding the media.
Attention needs to given to both teachers and
students upon this topic.
Teachers must practice privacy techniques
daily---to protect the information and serve
as a positive role model.
Excellent Resources:
Stealth Surfing by Matt Lake:
http://www.pcworld.com/resource/printable/article/0,aid,16350,00.asp
Follett Software Company: Privacy Sites:
http://www.pathwaysmodel.com/resources/articles/adams/weblinks.cfm
Make Your PC Hacker Proof by Jeff Sengstack:
http://www.pcworld.com/resource/printable/article/0,aid,17759,00.asp