WASHINGTON, D.C. – The D.C. Public Schools’ Office of the State Superintendent of Public Instruction accidentally posted the private information of 12,000 special needs students to a public website Tuesday.
An internal department memo obtained by The Washington Post confirms someone posted the personal information of all students in the district with an Individualized Education Plan, which are used to direct instruction for special needs students.
The student data – including ID numbers, race, age, school, disabilities and services received – was posted to a Dropbox account for the D.C. Council and remained available to the public for several hours, according to the news site.
“I am deeply disappointed by this situation,” state superintendent Hanseul Kang wrote in the memo. “Our families deserve to know that their students’ personal information is being kept confidential and secure in the education system. As you know, we have taken significant steps as an agency over the past 11 months to better protect our student data, but they are clearly not enough.”
The episode is only the latest in a string of gaffs by school officials that have repeatedly exposed the personal information of thousands of students. BuzzFeed received an Excel file from the district through a public information request in March that included enrollment data and information about suspensions and expulsions for specific students that wasn’t properly secured.
That revelation came less than two months after district officials announced a document publicly available online since 2010 contained personal information for special education students, according to the Post.
Patience Peabody, spokeswoman for the state superintendent, told the Post only one person downloaded the document posted to Dropbox this week. That person is associated with a community organization that promised to delete the data, she said.
“Our legal department is now in touch with them to sign off legally that they will delete the file,” Peabody said.
In the meantime, district officials are investigating to determine who posted the document, and the state superintendent set up a hotline for anyone concerned with the security breech, though Peabody said nobody has called.
Many folks who commented on student data issues online seemed surprised by the most recent flub.
Post commenter dc_wolverine mocked Kang’s comments about keeping student information “confidential and secure.”
“That’s hilarious. Does any reasonable human being with a scintilla of knowledge about internet security think that any data can be kept ‘confidential and secure’?” he questioned.
“DC government is very loose with personal information. It’s sort of amazing how many things they require you to give them a social security number for. Things like certain business licenses,” TheHillman posted. “Simply no way they are safeguarding that information in any meaningful way.”
“Anyone test these people to see if they are high on dope when they report to work?” Fitzcaraldo commented.
“Too bad that info wasn’t posted online,” ExtraCheesy replied.