Developing story: Sensitive student data leaked from New York’s Sachem School District to web

To add to the discussion about the privacy and security of sensitive student data collected by school districts across the country, longisland.com reported on November 8, 2013 that sensitive student data housed in the Sachem School District in New York was leaked to a web site.

What kind of data? One NY blogger claims to have seen the leaked information and writes:

“I saw medical records (immunization, allergy, etc) and a letter from a doctor stating the child was prescribed Ritalin and his dosage. I saw a list of student ID’s with their names and whether they were receiving free lunch or not. I saw report cards. District registration documents (including name, address, date of birth, parent info.)I saw disciplinary records – a letter to a parent (name and address included) stating their child had been suspended for smoking marijuana on the bus. BOTH the parent’s and child’s name and address were on the letter.”

Hopefully, Kentucky’s school databases have better security than what Sachem seems to offer, but how can the public be sure?

Does some information like a student’s involvement with sensitive legal issues even need to be stored electronically at all? To be sure, this data might be of some use to a researcher trying to determine the reasons for student suspensions and expulsions, but does the potential benefit of such research outweigh the long-term potential damage to the child? Given the unknown potential for data security breeches, how can we even make such decisions intelligently?