SSN, medical records, the whole shebang.
Wow. whatever their intentions were, this is not the way to go about it. Shocked a court allowed ALL the information.
This seems like a massive violation of HIPAA. It’s unbelievable that I have to physically mail an opt out form to the District Judge just so that this “non-profit” (seems like a group that gets its money from lawsuits) does not have my records.
I’m really, really shocked.
I work with sensitive records from California and California is a PITA when it comes to privacy laws. They have the strictest privacy laws in the nation as far as I can tell. For example, I work with patient records with some patients who have been dead for nearly a century and I still can’t release any information about the patients- even to their family members.
The group’s web site is at http://californiaconcernedparents.org/ . There seems to be little information about the group, other than some complaints about school districts mishandling students with disabilities.
Good link. We should realize FERPA does allow disclosure for certain purposes. I’m not going looking for the decree, but think the Special Master and Magistrate Judge qualify.
Nothing says this sharing makes the records more vulnerable than they are, while in the school’s or district’s own databases.
I just printed out the form. I will send soon. Thanks for posting.
But asking us to mail the objection form is also ridiculous. Why those organizations have such power? Why the public has to deal with them?
They have power because they have lawyers good enough to get the courts to do their bidding.
Here is a direct link to the opt-out form:
http://www.cde.ca.gov/re/di/ws/documents/form2016jan26.pdf
Same exact story just from Bay Area:
This is why I never gave this information to the schools. I never filled in SSN on forms. I don’t think they had health forms (maybe vaccinations). They were only in California public school for about 6 months.
When we moved, the new school kept asking for their SSN and I just ignored the requests. They graduated and are in college, so there was no actual need for that information after all. They kept telling me that they’d need it for Bright Futures or other awards and if I didn’t provide SSN there would be delays, but it appears they really didn’t need it after all.
It means that another copy of the information, combined from all school districts, is available to be cracked or misused.
At this point, we don’t even know how info will be transferred or truly how much. It’s been said they want to review only select, relevant cases, will limit the access.
Look, I get the concerns, I almost never even use a card or bank info online, no matter how ‘protected.’ But plenty about us and our kids IS out there. Plenty on my CSS, eg, and we know certain govt databases got cracked.
@whenhen - I could be wrong but I think HIPAA only applies to medical records, not education.
I work in IT and to me everything says that this makes the records more vulnerable. As @ucbalumnus says, just having the information moved onto another system opens up multiple new points of vulnerability. We have no assurance about how this “Special Master” is going to be chosen or vetted.
Up to ten people from the organization, will have access to the data, presumably none of them will be experts in data security or management (and a few hours of “training” isn’t going to make up for years of experience in this complex field). Asking for information on this scope tells me that the people in this group have no real understanding of what they’re doing.
Their website was built from a free WordPress template and is hosted on GoDaddy on the same server as several thousand others, meaning they probably paid a few hundred dollars to have it built (or guilted somebody into doing it for free) and they pay $15 a month for hosting. While I don’t think for a minute that the sensitive data will be up on this shared server, the unsophistication of their infrastructure does not reassure.
@Otterma From the NBC writeup:
Are these different from medical records?
Besides the records are vulnerable to thefts, no organizations should have the right to look at student records.
I think there will be massive protests and I hope the state, school districts, and parents will file lawsuits to stop the nonsense.
@whenhen - I absolutely agree that the information is medical in nature and SHOULD be covered by HIPAA but what I’m not sure about is whether it is legally covered by HIPAA since it resides in a non-medical database. It would be great if some lawyer could use this as a way to stop the release of the information though.
HHS has answered this in the link below, but short answer- HIPAA privacy does not apply here. I am kind of surprised. FERPA is the applicable law here.
Putting SSN, address, and other info on the opt out form is already a dangerous thing.
The opt out form requires parents to put information of all children attending schools since 2008.
There are millions of chidren attending CA public schools since 2008.
I don’t know how the judge could make such a ruling.
Even the IRS cannot protect our data.
http://www.cbsnews.com/news/irs-identity-theft-online-hackers-social-security-number-get-transcript/
And financial records of 80,000 staff and students at UC Berkeley could have been stolen by a hacker.
http://www.hngn.com/articles/183345/20160229/data-breach-uc-berkeley-affect-80-000-people.htm
The form doesn’t ask for SSN or address. It asks for parent and student name, birthdate and school attended.
Thanks for the correction.