Protecting Your Digital Data Privacy

Posted by Susan Brooks-Young on May 6, 2017

PrivacyRecently, I went to a local jeweler to get a ring repaired. The sales associate used her tablet device to complete a work order for me. When she requested my address and phone number, I didn’t give it a second thought. Then she asked for my birth date. When I questioned why she needed to know, she shrugged and mumbled something about sending me a birthday card. I decided not to provide that information. Next she asked for my wedding anniversary date, glanced up at me and said, “Oh, I guess you won’t want to tell me that either.” I smiled and shook my head. Not a huge deal, but it did get me thinking about all the times we give people personal information without asking why it’s needed or how it might end up being used.

We live in a society where the boundaries of privacy are pushed every day. Educators are increasingly aware of the need to safeguard student data privacy, but what about protecting our own? Given that Congress recently repealed the online privacy rules designed to limit the ability of Internet service providers (ISPs) to share or sell various kinds of customer data as well as the requirement that ISPs notify customers when a data breach takes place, responsibility for protecting personal data now appears to lie squarely with individual consumers. What can we do to protect our own private information?

Passive vs. Active Data Collection

There are two general methods used to glean data from individuals. The first is called passive data collection. Passive data collection may involve use of slick online tools that collect and record data without an individual’s knowledge, but it can also be as simple as a customer service representative or data entry clerk entering information gathered during a phone call or office visit into some type of customer data base. As a result, it’s the rare person who has no online presence these days.

Here are a couple of examples of passive data collection. Do you make online purchases? Virtual shoppers seldom realize that they are leaving a trail of data in their wake as they browse for a new dining room set or an article of clothing. Using cookies or other sophisticated programming strategies enables merchants to compile a wealth of information about individual shoppers based on which items are reviewed, how much time is spent looking at each item, how the site is navigated, etc. In turn, this information is shared with other online platforms people frequently visit. This is what makes it possible to go from virtual window shopping to Facebook only to discover a personal newsfeed is now filled with ads featuring the very same items reviewed elsewhere just a few minutes earlier.  Even individuals who don’t own Internet-connected devices don’t get off scot-free because personal information about them is being stored online by someone else—medical records, school records, and virtually all public records for example. Hopefully medical and school records aren’t publicly available, but if they are online, they are vulnerable. In addition, online aggregators pull public records from a myriad of resources to create readily accessible individual profiles that include very personal information. Check out Intelius  for a taste of what I’m referring to.

Active data collection requires a little more cooperation on the part of an individual. This type of data collection happens when someone completes a registration form to download a white paper or responds to a survey from an airline or hotel about a recent trip. Unfortunately, most people don’t realize that by filling out a product review or questionnaire they are providing valuable marketing data to whoever requested the information and whoever they may opt to sell the information to. For example, have you ever logged into a site like or Netflix and seen recommendations for products or movies you might enjoy based on previous searches and purchases or rentals? These data are used to build a personal profile for you and may be shared across platforms to aggregate information you’ve provided in various locations. Much of these data are easily manipulated by changing the information in the Preferences area of an account. Try it! And speaking of profiles, every social media platform and most online stores ask users to complete lengthy profiles under the guise of making it easier for other like-minded users to find you. That may be the case, but it’s also true that the more complete the profile, the more marketable your information becomes.

What Can You Do?

There are various steps you can take to help protect your privacy. For instance, avoid leaving an easy-to-follow online data trail by using private browser windows or learn how to block cookies and location data. Natasha Stokes offers tips on how to browse anonymously. Her suggestions range from employing a web browser’s incognito feature (easy to do and most browsers offer this capability in Privacy) to using something called a VPN or virtual private network which is more complicated and usually requires a subscription fee.

Another way you can protect personal data is to visit one or more data aggregators to read what’s been recorded there about you. These website collect public information about individuals, pulling it all together to create personal profiles. Some are quite extensive and invasive, but there are nearly always ways to have the information removed. Visit piplintelius, and spokeo as a start. Some of these sites will remove your data on request. Others direct you to do to the data source. For instance, I was surprised to see that my LinkedIn profile is a source of a great deal of the data showing up in these aggregated summaries.

Think about the data requested when any type of purchase is made. Ask why a company needs your zip code or birth date before providing that information. The day after I gave the jeweler my phone number for the work order, I received a sales call from them, but also learned they failed to call about another repair that will need to be made soon and which could have been done at the same time, had I been notified! Decide if a warranty registration or chance to win a raffle merits handing over personal data. Pass on responding to surveys or requests for product reviews, no matter how persistent the merchant may be. Maximize privacy settings on social media accounts.

The Circle, a 2013 book written by Dave Eggers and now a movie starring Tom Hanks and Emma Watson, is a dystopian tale about technology, transparency, and privacy in a society where “secrets are lies” and “privacy is theft.” In this narrative, the fight between good and evil boils down to whether or not there is a need for privacy in the digital age. I’m not suggesting that readers should back away from using the Internet, but it’s time for everyone to think about what data are being collected, how, and why. Only then will individuals be in a position to start taking back control of their personal information.



A Common Sense Approach to Internet Policy

Posted by Bob Price on September 28, 2012

At some point we’re just going to have to trust people to do what’s right when it comes to use of the Internet in schools.  In my district we have spent countless hours keeping our appropriate use polices up to date, implementing the latest in filtering technology, and monitoring to the best of our ability, what people are doing while they’re on the Internet.  We have had Internet connections available for students and staff since 1995.  During that time we have had only a handful of appropriate use violations.

Is all the time and effort to keep the system locked down really productive?  As we have provided increased technology for our staff and encouraged them to use the technology in their classroom instruction, the number of complaints over blocked sites has skyrocketed.  The number of appropriate use violations has remained very low.

A typical scenario goes like this.  A teacher searches the web and finds some great video resources to support a planned lesson.  What better way to use the new classroom projector?  After spending hours in preparation, the teacher arrives at school excited about the new infusion of technology into the instructional process.  Trying to access the resources at school, up comes a message that the content is blocked for one of many reasons—none of which make sense to the disappointed teacher and students.  Requesting to unblock sites is somewhat cumbersome and unpredictable.  Maybe we need to lighten up a bit.  Perhaps it would make more sense to have teacher computers unblocked and then take action if we find there is abuse.

For students the issue is a bit more problematic.  We are required to have Internet filters on computers for student use.  The trust factor is a bit more dicey with students.  However, we have not had many instances of inappropriate use of the Internet by our students.

I’m sure we can strike a balance between protection and access if we really try.  So in my district, that is what we are going to do.  If a teacher wants access to YouTube, the teacher will get access.  If the teacher chooses to visit inappropriate sites, we will deal with that teacher rather than blocking access for everyone.  Students, at least for now, will have to live with the restrictions.  However, when they need to visit a site to make a presentation or report, they can always use the teacher’s computer with supervision.    Hopefully this will turn out to be a common sense approach that allows teacher to take advantage of some wonderful online resources.  Or, it could make my last year as Superintendent very challenging.


Sanctioned Snooping

Posted by Susan Brooks-Young on June 28, 2010

Does your district provide cell phones to employees?  A ruling by the U.S. Supreme on June 17, 2010 may impact you.  The court agreed unanimously that governmental agencies may access and read an employee’s text messages under certain circumstances.

The case that was brought to the Supreme Court involved a police officer in Ontario, California whose text messages were reviewed when department officials became concerned that SWAT team officers were using department-issued pagers for too many personal text messages.  And sure enough, in one month alone, of the 456 text messages sent or received by the officer in question, 400 were personal.

The city does have a policy stating that employees have no guaranteed right of privacy when using communication devices provided by the department, but officers had been told informally that their messages would not be audited as long as they paid for additional charges.  So the officer and three others sued the department for violating their constitutional right to privacy.  A lower court ruled in the officer’s favor, but the Supreme Court reversed that decision on the premise that the search itself was reasonable.

The decision is the court’s first related to Digital Age technologies and 4th amendment guards against unreasonable search and seizure.  While the court did not provide broad guidance on employees’ privacy rights, the decision did identify conditions that must be met before government agency may review an employee’s personal texts.  They are:
• The cell phone must be provided by the agency.
• The employee must be told in advance that any messages sent using the device may be monitored by management.
• There must be a legitimate work-related reason for reviewing the messages.

As increasing numbers of education agencies provide cell phones to some employees, it is critical that policies be created that outline acceptable use and privacy expectations.  It is equally important that these policies be enforced in an even-handed, consistent way.

How does your agency handle this issue?


Two Cautionary Tales

Posted by Monte Burroughs on May 29, 2010

Man and woman peeking throughTwo recent legal cases present as cautionary tales concerning technology, civil rights, and the school’s role in loco parentis.

Evans v. Bayer involves a former student of Pembroke Pines (FL) Charter High School.  Katherine Evans created a Facebook account to express her dislike for a certain teacher at the high school. “But instead of other students expressing their dislike of the teacher,” writes Hannah Sampson of the Miami Herald, “most defended the teacher and attacked Evans.” Ms. Evans subsequently took down the Facebook page. Principal Peter Bayer later learned about the Facebook page and removed Ms. Evans from advanced placement classes and suspended her for three days.

Ms. Evans sued Principal Bayer for violating her civil rights under the 1st and 14th amendments, stating she had created the Facebook page after school, away from campus, using her computer.  The court agreed.

In  Blake J Robbins v. Lower Merion School District student Blake Robbins and his parents sued the Pennsylvania school district for “secretly viewing [the student] at home via webcams on school-issued laptops.” The district had issued all students at both its high schools laptop computers, each equipped with a built-in video camera.

According to a CBS News story, Harriton High School administrators accused Robbins of selling drugs and taking pills and stated they had images to prove it.  The student said the pictures show him eating candies.

Robbins and his parents allege that district employees, without parental knowledge or consent, remotely activated the camera on the student’s school-issued laptop and captured still images of family members in embarrassing and compromising situations.  The court issued an order prohibiting the district from “remotely activating, or causing to be remotely activated,” webcams on laptop computers issued to its students.  The case continues and you can follow it at

As school administrators, we need to take a lesson from both these cases.  Whether we’re dealing with how students are using technology or how we are using it ourselves, we need to clearly understand the limits of in loco parentis.