Reading the comments under the original YouTube posting, there are several people who comment that what the teacher did is a violation of the Family Educational Rights and Privacy Act (#FERPA).
I am not sure that they have cottoned on that those are regulations under the U.S.A. Department of Education, and that that department was disabled by #ElonMusk and #DOGE in February 2025. There's no FERPA enforcement coming to stop this.
#Firebase #FERPA #DataSecurity
Chế độ bảo mật Firestore + mã hóa Google có đủ đảm bảo an toàn FERPA cho dữ liệu sinh viên? Nền tảng hỗ trợ việc làm cho đại học đang cân nhắc cách thức lưu PII (thông tin nhận dạng cá nhân) giữa yêu cầu phân tích dữ liệu và rủi ro mất thông tin. #Công nghệ #Bảo mật thông tin #GDPRvietnam
*Tản mạn về thách thức trong đảm bảo an toàn dữ liệu sinh viên với Firebase*
https://www.reddit.com/r/SaaS/comments/1pq3n6w/is_firestore_and_security_rules_enough_for_ferpa/
ChatGPT for Teachers gives educators premium AI for free
https://fed.brid.gy/r/https://nerds.xyz/2025/11/chatgpt-teachers/
The Case for Making EdTech Companies Liable Under FERPA:
https://www.techpolicy.press/the-case-for-making-edtech-companies-liable-under-ferpa/
@douglevin @funnymonkey @brett
OK, so the bad news is that it looks like it's true. I got access to the data tranche and there is a LOT of student PII in there in terms of PDF files/letters and psych evals, and I spotted a .csv file with disabilities records on 2k students from 2017 with their IEP disability classification, name, services to be given, etc. I haven't yet started googling names, so I'm saying the data looks real but I haven't actually tried to confirm that yet.
A lot of the documents such as attendance and truancy letters for named students were OLD -- like back to 2003, etc.
I have a feeling that these records -- assuming, for now, that they are real -- do not necessarily trigger notification requirements under the D.C. notification law, but I have emailed DC to ask for clarification on the application of their law to student records.
I have not really spotted employee personnel data of note, but have only skimmed the tranche with a focus on student into.
If you HMU on Signal, I can give you the entire filelist for the tranche.
"To the extent that COPPA could be deemed to create an agency relationship between schools and parents, the scope of any such agency should be strictly limited to the parental notice-and-consent process addressed by that legislation, and should not be extended to any other contractual terms, including arbitration." This would not be nearly as concerning if everyone wasn't so provenly bad at securing their systems and the data within, despite the "We Are Very Good At Privacy And Security, Actually" statements on their websites. #EdTech #COPPA #FERPA #PowerSchool #SIS #AI
Oh wait, never mind. As it turns out #EdTech have asserted that schools can consent to privacy agreements on behalf of parents and students so we're not even involved. Good stuff. Probably not a good sign for them that even the FTC disagrees with this very skewed reading of #COPPA and #FERPA legislation 🤔 https://edtech.law/cases/nonconsensual-student-data-mining-powerschool-and-ixl-learning/ #PowerSchool #SIS #AI
I know a second grade teacher who was knocked to the ground and beaten with a chair by a student, while the rest of the class had to watch in horror. The teacher needed extensive medical treatment and physical therapy.
The school told the witnessing children NOT to tell their parents in order to protect the offender's privacy.
FERPA: Protecting student privacy or hiding safety issues?
https://www.cnn.com/2025/05/10/us/ferpa-student-privacy-law-explained-xpn
#ferpa #education #schools #schoolsafety #k12 #teaching #teacher #teachers #privacy
@chemeketa.bsky.social
#California Assembly Bill 1955 appears to conflict with #FERPA by prohibiting schools from requiring personnel to disclose records about a child’s “gender identity” to that child’s parent. As a result, according to the California Justice Center, “every public school in California has a policy of denying, or effectively preventing, the parents of students...the right to inspect and review the education records of their children.” https://www.usda.gov/about-usda/news/press-releases/2025/03/27/secretary-rollins-sends-letter-challenging-governor-newsoms-use-usda-funding-programs-implement #USDA #LGBTQIA #Transgender #USPol
#Trump administration targets #Maine again, this time on #transgender policy in schools
The U.S. #DepartmentOfEducation. which Trump wants to abolish, is investigating whether dozens of Maine school districts are violating or misusing federal privacy laws and infringing on parents’ rights.
by Eric Russell, March 28, 2025
"The Trump administration is once again targeting Maine over its policies on transgender youth.
"The U.S. Department of Education – an agency the president is trying to abolish – announced Friday it has initiated an investigation into Maine’s Department of Education over allegations that school districts in the state are violating the Family Educational Rights Privacy Act (#FERPA).
"Specifically, the federal agency says school districts are allowing officials to create 'gender plans' that support a transgender student’s identity but then not making those plans available to parents.
"A similar investigation was launched in #California this week.
[...]
"Schools in Maine have been caught in a legal gray area between respecting student privacy and parents’ rights to be informed when it comes to children’s expression of gender identity while at school. Many youth live in families whose members might not be supportive of their gender identity.
"The Trump administration already has been investigating Maine for allowing #TransgenderAthletes to compete, something that is allowed under the #MaineHumanRightsAct but defies an executive order the president signed in February. This month, the administration found that Maine violated the federal law known as #TitleIX and warned that if the state didn’t make changes, it would risk referral to the U.S. Department of Justice and the potential loss of tens of millions of dollars in federal funding.
"The announcement from the U.S. Department of Education this week also warns that if any Maine district is found in violation of the federal privacy act, it could lose federal funding. It’s unclear how that will play out, though, because Trump is trying to eliminate the education department at the federal level.
"A spokesperson for the Maine Department of Education did not immediately respond Friday to questions about the investigation. A spokesperson for the Maine Attorney General’s Office declined to comment.
"Trump and his supporters have elevated transgender rights as the biggest battle in the country’s culture war and believe their messaging is a political winner, even beyond traditional party lines.
"In addition to his executive order barring transgender girls or women from competing in athletics, Trump signed another that says the federal government would only recognize two genders, male and female, a move some advocates said was designed to erase transgender individuals from existence.
"Many states, Maine included, have strong protections for transgender individuals."
Archived version:
https://archive.md/b6gpf
#MainePol #USPol #MaineResists #ProtectTransYouth #TrumpIsABully #Education #Authoritarianism #Fascism #CharacteristicsOfFascism #TransRightsAreHumanRights
So there's a massive #databreach affecting school districts across the country and millions of students .... and #FERPA doesn't require data breach notification to students.
But's that okay anyway because Trump wants to totally shutter the federal Education Department?
I would normally insert the "Everything is Fine" meme here but in light of California's fires, it doesn't feel appropriate right now.
Some folks may get confused by PowerSchool saying that if they have medical records on students, they may have to notify under HIPAA.
Most student medical/health records are not covered under HIPAA. They are covered under FERPA.
If the district is billing the student's health insurance for services like speech therapy, physical therapy, or occupational therapy, then there's a HIPAA issue. Or if the school has arrangements with an actual clinic that is providing medical/health services to students. But most things like doctor's absence notes or even allergy action plans or school medication orders are not under HIPAA.
If the district has a health plan for employees that it administers, there's also a HIPAA issue there.
N.J. school accidentally released names of kids who opted out of sex education:
It seems they had redacted the names in .pdf version, but web .HTML version was exposing the names. Ok, chalk it up to error? But then someone claims that a school official knew about this problem a year ago and did nothing about it?
And of course, what's the remedy under #FERPA? Oh, that's right -- there is none.
For your "No need to hack if it's leaking" files:
"Confidential student information was unintentionally leaked in Naperville Central’s School Improvement Plan, which was released publicly on Friday, Sept. 20. It was removed on Tuesday, Sept. 24 around 3:35 p.m. when Central Times staff brought the breach to the attention of Principal Jackie Thornton."
Read more at https://www.centraltimes.org/showcase/2024/09/26/confidential-student-information-released-in-district-203-data-leak/
BlackSuit ransomware update: 42GB of data claimed to be from Edgewood Schools posted, nothing new on Monroe County government attack
#BloomingtonIN #CyberAttack #BlackSuit #RBB #Schools #FERPA #Ransomware
OK, I did not know about this last year when the Verity Vote report came out. Did you?
Concerns raised over universities signing over students’ private #FERPA data to voter data companies: https://www.thecollegefix.com/concerns-raised-over-universities-signing-over-students-private-ferpa-data-to-voter-data-companies/
Related report: "The Best Data that Money Can’t Buy
Student Data for Partisan Political Advantages" https://verityvote.us/wordpress/wp-content/uploads/2023/07/national-student-data-sharing_VerityVote.pdf
How did I sleep through this???
Any partisan biases aside, is there a real #privacy #dataprotection issue here?
@douglevin @brett @funnymonkey Well, as we all know too well, #FERPA doesn't even require notification,so let's look to state law. According to the Kansas AG:
"Kansas law requires any person who conducts business in this state that owns or licenses computerized data including personal information to conduct good faith investigations into the
likelihood that personal information has been or will be
misused when it becomes aware of any breach of the security of the system. (K.S.A. 50-7a02.) If the investigation reveals that Personal Information has been misused, or is likely to be misused, the person must give notice to the affected Kansas resident without unreasonable delay and as soon as possible."
Not much help there. But I don't think almost a year is reasonable.
I'm seeing an awful lot of Threads sourced nuggets espousing the virtues of, along with optimism surrounding, the #Fediverse lately.
This seems a bit sus to me, like a concerted outreach effort on the part of Meta/Faceplant and a few other largish, commercial actors to popularize their ulterior motives of domination by... Ahem, normalizing the concepts of #DeSoc and more specifically, the ActivityPub powered spaces in the Fediverse.
I actually dunno who MDBHD or John Oliver are, but I'm certain that they're no Oprah, although it would be nice if she would weigh in on the critical mass achieved to date in the adoption of Fediverse technologies that are #FOSS based, and #Privacy respecting.
To date, *Privacy has been of primary consideration and motivation in the development community surrounding the #ActivityPub powered platforms in the Fediverse, but the questionable players entering from the horizontally scaling decentralized social networking industry have, as of late, been overwhelmingly of the deprecated, privacy disrespecting, monolithic silo persuasion. These monolithic-ally inclined companies hailing from vertically thinking companies are an expected, yet suspect group of *privacy mining experts, sophomorically (sic) wading into the deep end of a demographic consisting mostly of privacy minded* individuals and notable developers of the FOSS based portions of the software world.
<tangent> These industrial surveillance engines are already back on their heels as they venture into what many warn as an #EEE incursion - but truth be told, already too late to the game to subjugate, assimilate us: #Diaspora #ZOT #nostr #Nomad #Matrix #TOR #Yggdrasil #I2P #IPFS / #IPNS and others, including blockchain based so-called #Web3 solutions with baked in privacy considerations at the protocol layer are being *Bridged to interoperate with each other and ActivityPub in the Fediverse at rates which the purveyors of industrial surveillance machinery must invariably only describe as "alarming rates" - that's good news for the average schmoes of the world like you and I. </tangent>
So why are we, just in the past few weeks, seeing so much attention given to the Fediverse by these #juggernauts, perhaps #dreadnoughts, that for so long have exhibited such great restraint and avoidance of the mere utterance of Fediverse, ActivityPub, or even alluding to the notions of Decentralization? There's certainly a particular spin in their delivery, leveraging third parties that obfuscate their participation in the dissemination of their, Great News.
Speaking of Dreadnoughts, just how was it that the great Bismarck was taken out? Remember? The outgunned and outmatched Royal Navy took out her port rudder! ⛵ 💥
It was the end of an era. A rudder post. The Bismarck was doomed to circle her watery grave.
But I digress...
Make no mistake, obscuring the lines between the privacy respecting FOSS based camps that have historically steered the direction of DeSoc has taken, and the deprecated, proprietary silo companies which have based their entire existence upon advertising and industrial surveillance models that I refer to as The Sunnyvale Syndrome family of data mining engines, is now seeping through the cracks of a clear delineation between these two prinicples - that of uncompromising privacy and open source development and that of proprietary, closed source subjugation methodologies leveraging **YOU as the product in inventory*.
Feel free to boost and share your comments at length here. A million people other than myself are here in the Fediverse and are really interested in just what kind of impact the introduction of these traditionally privacy raiding Industrialists will have upon their... scratch that, our future online safety.
tl;dr: Your very private, personal medical history and data (and that of your minor children, in violation of FERPA regulations) is being wholesaled and auctioned off by the so-called "Big-Tech" entrants and hopefuls that are at this very time knocking on the front door of the ActivityPub portions of Fediverse... Tread lightly, and consider how your every move going forward affects the unwitting consent to farm and sell your most confidential personal information.
it is up to you - it is your choice to affirm or deny - whether industrial surveillance is your birthright to embrace or your nemesis to destroy... You, We, have that power to decide.
#tallship #Privacy #Sunnyvale_Syndrome #meta #HIPAA #PHI #FERPA h/t to: @liaizon
⛵
.
RT: https://social.wake.st/users/liaizon/statuses/111714899199909225
