The unelected CPS Board of Education held their monthly meeting downtown during business hours on Wednesday, June 27, 2018. We live tweet these meetings (which are not broadcast live) and we try to consistently use the hashtag #cpsboard. If you search that hashtag you will see many tweets from this meeting and previous meetings.
Below are our 2 of the RYH statements from this meeting. You can also read a recap from Raise Your Hand Action's Sing-Along with the Elected School Board bill here. And you can read our BOE statement on CPS sex abuse here.
Cassie Creswell, co-director Raise Your Hand Action
We are deeply concerned about yet another breach of CPS students’ private personal data—the fifth known major exposure of CPS students’ data in three years.
We are especially worried in light of May’s announcement that CPS will be partnering with the Chan Zuckerberg Initiative, a for-profit organization that invests in ed tech companies and is owned by the CEO of Facebook, a company embroiled in an international scandal because of its cavalier treatment of customers’ private data.
On Friday June 15th, the Office of Access and Enrollment sent out a mass email to parents which contained a link to a publicly accessible file containing students’ and parents’ personally-identifiable information, including student ID numbers.
After CPS administrators were alerted to the mistake, an apology went out asking recipients to delete the file that was attached to the email. This was a complete misdiagnosis of what had happened; there was no attachment in the original email, there was a link to a file that was online and accessible with any web browser. Finally, five and a half hours after it was shared, the link to that page was disabled.
To add to our concerns, based on email evidence and parent reports, an identical error was committed last spring too. On March 10, 2017, OAE used the Blackboard Connect software system to email out a link containing families’ PII.
We have many questions about both of these incidents:
- CPS is in the third year of a three-year almost one million dollar contract with Blackboard Connect, software that is directly integrated with CPS’s own Student Information System. How could training and support for the use of this system be so inadequate?
- Why is the OAE telling parents they cannot get new student ID numbers issued for their child? Student ID numbers are frequently used for other purposes including usernames and passwords for other applications containing educational records, and the watchdog group, the Electronic Privacy Information Center, considers student ID numbers sensitive data, as does the IL Administrative Code.
- This mistake is now public but what other breaches or mishandling of data have parents and the public not been informed of?
- Who is accountable for not just the individual breaches, but the pattern of failures of so far? Who will be in charge of creating systems to protect our children’s information?
Samay Gheewala, LSC member, RYH Action board member
My name is Samay Gheewala and I am a member of the LSC at Patrick Henry Elementary