> determined that one person downloaded the document from
> the website. That person was part of a community
> organization that has verbally agreed to delete the
> document, Peabody said.
Fortunate that they were able to do that; considerably softens the blow.
If any of the DC public school people want help protecting their student records, I will donate pro-bono hours.
There's one technique that is powerful and rare, which is translucent data access. It's ideal for identifying memberships and trends, such as "how many students are in a class each year" while protecting personally identifying information. A simple common example is a one-way hash function that lets an app confirm a password without needing to store the password in plain text.
Feel there is really no way to prevent this. This was doubtfully uploaded knowingly (or possibly with ignorance). Data dumps occur all the time. As a file, they can too easily be shared. For sure, the school should work on increasing their awareness of handling secure data. But, in the end, nothing would really prevent this from happing again.
In my 2nd year of university the chair of the CS department shared an excel file via email containing the private data of all the CS students. ID numbers, addresses, phone numbers, first/last names.
He claimed it was meant for an office assistant but somehow he blasted it to both the BS and MS student lists. I doubt he got more than a slap on the wrist as he remained the chair for another 2-3 years.
At my university, a publicly accessible file on the university systems listed addresses, phone numbers, and names for all students, not just those of a particular department. Leaking the same information in an email would have been superfluous. Are those supposed to be secret?
I don't know, maybe they are publicly accessible with FERPA. However, considering that some secure systems on (my) campus are pre-registered to our names using just firstname-lastname@xyz.edu with the password being the ID, or some other simple variation thereof, I don't feel very comfortable about it. As much as I wish I lived in a perfect world, I don't, and so it wouldn't surprise me that students don't think to change their original passwords to secure ones.
Readit News
There's one technique that is powerful and rare, which is translucent data access. It's ideal for identifying memberships and trends, such as "how many students are in a class each year" while protecting personally identifying information. A simple common example is a one-way hash function that lets an app confirm a password without needing to store the password in plain text.
Hoping to learn something, honest question.
He claimed it was meant for an office assistant but somehow he blasted it to both the BS and MS student lists. I doubt he got more than a slap on the wrist as he remained the chair for another 2-3 years.
You'd have to be a fool to sign a document. This will just make you liable if the document does get out.