privacy news

The latest privacy news and issues from around the web, all in one place.


Pop Quiz: Do You Have to Provide Your Child’s Social Security Number on School Enrollment Forms?

This recent editorial cartoon in The New Yorker put a face on how simple it is for hackers to succeed at stealing sensitive information online.

It happens as easily to adults as it does to kids.

Nearly 400,000 kids get their identities stolen each year, according to the Federal Trade Commission.

In fact, federal authorities have warned about people with bad credit buying “credit profile numbers” or CPNs from businesses that use computers to locate and sell Social Security numbers issued to children.

Identity thieves steal kids’ Social Security numbers because their credit is generally untarnished. It’s not until years later -- when they apply for a store credit card, a college loan, or a job -- that they find out their credit has been destroyed.

Just think of all the personal details you provide to your child’s school before enrollment: name, date of birth, Social Security number, home address, parents’ names, phone numbers, emails, and other highly sensitive personal information.

That information is also all that is needed to steal your child’s identity -- but especially the Social Security number.

Of course, most parents expect that a student’s record is private and won't be stolen. Surely that sort of file is kept under lock-and-key in some old-fashioned, dusty file drawer in the back of the principal’s office, right?

Turns out, that’s wrong. Your child’s sensitive personal information is not safe or secure. It’s entered into a district-wide database that can be accessed by anyone with permission. And in many cases, hackers have accessed the information as well.

So, do you actually have to give your child’s Social Security number to enroll him or her in a public school?

The surprising answer is “no” – thanks to a federal law stating that students are not required to provide their Social Security numbers to schools in order to prove citizenship.

But it turns out that about half of Florida’s school districts have it wrong, incorrectly telling parents they must provide their child’s Social Security number for enrollment purposes, according to a study from the American Civil Liberties Union of Florida.

For example, the 2011-2012 Funding for Florida School Districts report states:

Article IX, Section 1 of the Florida Constitution, establishes the State of Florida’s commitment to funding K-12 education, as follows:

“The education of children is a fundamental value of the people of the State of Florida. It is, therefore, a paramount duty of the state to make adequate provision for the education of all children residing within its borders. Adequate provision shall be made by law for a uniform, efficient, safe, secure, and high quality system of free public schools that allows students to obtain a high quality education…”

According to the ACLU, Florida is not keeping up with that promise to ensure a “uniform, efficient, safe, secure” experience for students and is causing parents to unknowingly expose their child to identity fraud, credit fraud, and other forms of fraud associated with having someone’s Social Security number.

School District Hacking

It's not just a problem in Florida, and parents need to become more aware of this alarming epidemic.

Last month in Oregon, a hacker allegedly accessed the personal data for nearly all of the Eugene school district's students. Parents were alerted that highly confidential student information -- including some students’ Social Security numbers -- were part of the online security breach. Why weren’t all Social Security numbers breached? Thankfully, the district had only recently stopped requesting that information, according to a school official.

Last month in Tennessee, nearly 9,000 Social Security numbers were stolen from the Clarksville-Montgomery County school district database and posted online. About 5,000 belonged to district employees, and the rest belonged to students born between April 1987 and September 1993. In total, about 110,000 student files were stolen. All school system websites were shut down while the district contacted the Tennessee Bureau of Investigation and the Federal Bureau of Investigation.

Last year in Missouri, a direct-deposit paycheck snafu exposed some employees' personal and financial information. Staff were advised to closely monitor their personal financial information, and “consider taking additional security measures such as, but not limited to, changes in logins, passwords, security questions, and/or responses which authorize financial transactions to proceed.”

Last year in Texas, kids in El Paso had their Social Security numbers exposed after someone hacked into the school district's database that had the names, ethnicities, student ID numbers, and Social Security numbers of nearly 7,000 students. The suspect was caught but not before he had allegedly posted the personal information of the students on an Internet fraud website.

Just Say No

Knowing what you know now, would you still provide your child’s Social Security number on school enrollment forms? Plus, how do you know whether your child’s school is using proper technology to safeguard sensitive information? Some questions to ask include the following:

  • Does my child’s school district use firewalls?
  • What other sort of in-house encryption does the school district use?
  • Has the school district ever been hacked? If so, what kind of information was stolen?
  • Do school administrators and teachers routinely access school files remotely via laptops, tablets, smartphones, or home computers? If so, how are those files protected?
  • Does the school district provide its employees with a VPN to encrypt their online activity? If not, are teachers and other personnel encouraged to use their own personal VPN?

If you are at all concerned with your student’s credit and think his or her identity has been stolen or used for any fraud, call consumer reporting companies to place a free 90-day fraud alert on your child’s credit reports. This will stop someone from opening a new account in the child’s name.

The companies include Equifax (1-800-525-6285); Experian (1-888-397-3742); and Trans-Union (1-800-680-7289).

 


  • PrintPrint
  • emailemail
Elaine Rigoli

Elaine Rigoli is PRIVATE WiFi's manager of digital content strategy.

Other posts by


Comments





FACEBOOK TWITTER

receive privacy industry news

Email:

most commented

questions + feedback

Have a question or a privacy issue that you'd like us to investigate ? Send an to our editors with your comments.