The Connecticut State Department of Education (DOE) recently published guidance on implementing civil rights protections for transgender students. The guidance, in part, provides information on issues related to requests that a school change a student’s education records to be consistent with their chosen name and gender identity. Notably, the guidance recognized tension that may arise
Kate Dion's practice includes all aspects of civil and criminal litigation. She represents clients in complex commercial litigation, including allegations of patent infringement, breach of contract, misappropriation of trade secrets, unfair trade practices, tortious interference with business relations, and other business torts. Her experience also includes counseling clients in government investigations, internal investigations, and white-collar criminal matters. In addition, she represents institutional clients and individuals in probate litigation. Read her rc.com bio here.
Southern Oregon University Victim of Phishing Scheme
Last month, Southern Oregon University (SOU) announced that it was the victim of a $1.9 million phishing scheme. SOU received an email purportedly from their contractor, Anderson Construction, requesting the April payment for construction on the McNeal Pavilion and Student Recreation Center. An employee then sent funds to a bank account that the contractor did…
Illinois Court Rules That College Foundation Documents Subject to FOIA
On May 9, 2017, the Illinois Appellate Court held that the College of DuPage Foundation (Foundation), a fundraising organization for the public College of DuPage (College), is subject to the state’s open records law. In doing so, the Court rejected the Foundation’s argument that it was a charitable organization with no public role, and instead found that the Foundation was performing a government function for the College.
In April 2015, the College and the Foundation received a series of Freedom of Information Act (FOIA) requests from the Chicago Tribune (Tribune) seeking, among other documents, any federal grand jury subpoena received by the Foundation. The College responded that it did not have any responsive documents, and the Foundation stated that it was not subject to FOIA. The College had, in fact, received a federal grand jury subpoena (Subpoena) directed to the Foundation, which was provided to the Foundation and then delivered to the Foundation’s outside counsel. After it was denied access to the Subpoena, the Tribune brought suit against both the Foundation and the College. …
Continue Reading Illinois Court Rules That College Foundation Documents Subject to FOIA
EFF Report Finds That Student Data is Not Adequately Protected By Ed Tech Companies
On April 13, 2017, the Electronic Frontier Foundation (EFF) published Spying on Students, a report detailing its investigation into school-issued devices and student privacy. EFF found that parents were overwhelmingly not informed about what educational technology (Ed Tech) their students were using. As a result, students and/or parents were the ones burdened with investigating what Ed Tech was used, what privacy policies were governed, and what privacy implications they may carry. Not surprisingly, parents were particularly concerned with what personally identifiable information was being collected and whether that information would be shared or sold.
EFF also analyzed the privacy policies of every Ed Tech app, software, programs or services identified by its survey recipients. Of the 152 Ed Tech services reported, only 118 had privacy policies available online. Few policies addressed deletion of data after periods of inactivity. Less than a third stated that the vendor used encryption or mentioned de-identification or aggregation of user data.
Continue Reading EFF Report Finds That Student Data is Not Adequately Protected By Ed Tech Companies
IRS to Notify 100,000 Taxpayers That Their Information May Have Been Obtained Through Misuse of FAFSA Retrieval Tool
On Thursday, Internal Revenue Service (“IRS”) Commissioner John Koskinen testified that the personal data of up to a 100,000 taxpayers could have been compromised as a result of criminal use of the Free Application for Federal Student Aid Data Retrieval Tool (“DRT”). Last week, we posted that the IRS disabled the tool after it suspected…
FAFSA Data Retrieval Tool Remains Down Over Security Concerns
Last week, the Internal Revenue Service (IRS) and Federal Student Aid (FSA) announced that the Data Retrieval Tool (DRT) on fafsa.gov and StudentLoans.gov will be unavailable until extra security protections could be added. Since 2010, students have been able to use the DRT to transfer tax data directly into the Free Application for Federal Student…
DOE and DOJ Withdrawl of “Dear Colleague” Letter Leaves FERPA’s Guidance Unresolved
On February 22, 2017, the Department of Justice (DOJ) and Department of Education (DOE) withdrew their May 13, 2016 “Dear Colleague” letter that provided guidance on steps to protect transgender students under Title IX of the Educational Amendments of 1972 (Title IX) as well as the Family Educational Rights and Privacy Act (FERPA). Although the letter did not add any requirements to the law, it did provide guidance to covered entities as to how agencies would interpret and enforce the law. The decision by DOJ and DOE to withdraw the letter has clouded the issue and left its application to transgender students in question.
Continue Reading DOE and DOJ Withdrawl of “Dear Colleague” Letter Leaves FERPA’s Guidance Unresolved
Top Ten Education Developments, Breaches, and Settlements of 2016
This year has been a busy year for education law in the area of data privacy. Educational institutions continue to be a rich target for hackers. Additionally, there were some important developments in the interpretation of Family Educational Rights and Privacy Act (FERPA) and the Telephone Consumer Protection Act (TCPA) as it applies to educational institutions.
- In December, DeVry University Settled with the FTC for $100 million over allegations that it misled prospective students with ads that promised higher employment success and income upon graduation.
- Also in December, UMass Amherst settled with the Office for Civil Rights (OCR) for $650,000 for HIPAA violations related to a malware infection that led to the release of names, addresses, Social Security numbers, dates of birth, health insurance information, diagnoses, and procedure codes.
- In November, a hacker gained access to 1,213 records of applicants to the University of Wisconsin Law School.
- On September 14, 2016, the Department of Education (DOE) issued a “Dear Colleague Letter” providing guidance on the application of FERPA to the disclosure of student medical records in the context of litigation.
Continue Reading Top Ten Education Developments, Breaches, and Settlements of 2016
Who Owns a Noise – Should Data Collected in a Public Space by a Private Company be Generally Accessible to the Public?
While law enforcement have access to new technology owned by third parties that assist them with protecting the public, questions arise as to who should own the data gathered by that technology. Sometimes, it is the technology provider itself which blocks public access to the data. For example, many police departments have contracted with ShotSpotter,…
U.S. Department of Education Issues Guidance on Student Medical Records
On September 14, 2016, the Department of Education (DOE) issued a “Dear Colleague Letter” to provide guidance on the application of the Family Educational Rights and Privacy Act (FERPA) to the disclosure of student medical records in the context of litigation.
FERPA generally prohibits a school from disclosing personally identifiable information from a student’s education…