Hey, You! Don’t Get Into My Cloud!!
In BC time (before computers), if you graduated from college and needed a transcript, you would contact the school, pay a small fee and ask them to send a copy of your grades to a prospective employer, for example.You would usually share some private information such as year of graduation and social security number to confirm your identity. It was simple and it worked.
That was yesteryear. Today, an informational deluge resides with various educational institutions, in everything from grades to health records. And because of technology and the sheer onslaught of record keeping, educational institutions are turning to cloud computing services to maintain, store and protect this torrent of information. The problem is simple. These companies hold some of the most private educational and related information about us, yet few guidelines dictate their use of our data.
The threat is clear and the potential for problems is mind numbing if something goes wrong. Students, parents and teachers are susceptible to data breaches, spyware, hacking and misappropriate or inappropriate use of private information. This is not scaremongering, it is a simple fact. Every few weeks, we hear about another breach at a major retailer, school or government institution that we presumed was safe. It has become so commonplace and worrisome, that when I log onto my bank account, it warned me about a possible data breach for a nationally known retailer. Mind you, it was my bank, NOT the retailer, that raised the alarm.
The fact that we are addressing the issue of information use in the education realm is ironic. Four decades ago,the federal government showed admirable initiative with the Family Educational Rights and Privacy Act (FERPA), designed to safeguard student records. No Internet or cloud existed. Technology has overwhelmed this dated law and now, with the growing adaptation of the cloud, cries for new standards and guidance are beginning to grow.
Specifically, educational institutions that use cloud computing service providers often do NOT have safeguards in place to protect the information that these businesses control.
There is a subtly regarding the issue of responsibility that is critical. At present, no regulation in New Jersey would prevent a cloud computing service provider from sharing information. Worse, many of the contracts between educational institutions and providers lack contractual specifics regarding privacy standards and behavior.
FERPA had recourse against educational institutions that mishandled student information but had no provisions for third party cloud providers. It is understandable why many educational institutions have outsourced their data storage needs. Most are ill equipped to control and understand the amount and sophistication of data storage, a trend that continues to grow.
The regular readers of my blog understand by now that my nature, after serious research and consideration, is to take a stand on meaningful issues. Protecting the privacy of our children is one such issue. Working with my student advisory team from Magowan Elementary School in Edgewater Park, I have introduced a bill that “Prohibits cloud computing service providers from disclosing data collected from public, private or charter schools.” A third party can’t “sell” your information or share it with anyone. I have asked that these providers must certify in writing that they will comply with the terms of my proposal, which also calls for specific monetary penalties for failure to comply.
I am so proud of my student "co-sponsors" of this proposal. They worked on every aspect of this proposal from idea formulation to lobbying to have the bill heard in committee. Their commitment and dedication to the civics process was refreshing and exciting to see. Look out for these future policy makers.
Wrapping up. The mission of educational institutions is to educate. The mission of cloud computing services should be to obtain, store AND protect the privacy of information to which they have access. My proposal ensures that they will do so in a thoughtful, responsible and systematic manner. That's my take. What's yours?