The results of an annual school survey administered by Western Albemarle High School (WAHS) were inadvertently exposed to the public in a serious breach of security and student privacy protocol.
In a post-breach letter to parents, WAHS principal, Darah Bonham, explained that the school’s Peer Nomination Survey “asks students to identify peers who either have been victims of bullying or have been responsible for bullying others.”
Bonham continued by revealing that a change to the survey exposed presumed confidential names of students listed on the survey:
The survey is administered electronically and this morning, a change was made to add questions having to do with student needs around technology. Regrettably, this change inadvertently altered the security settings, making publically accessible, some survey information reported by students. It did not make public the names of students who provided that information. [sic]
While WAHS has given assurances that the names of those submitting data to the survey were not exposed, concerned parents, students, and teachers were not assuaged.
A confidential informant shared teacher and student fears regarding the leaked information and its dissemination on social media:
Following the breach, students Snapchatted the names and the teachers and kids are terrified that there will be targeted for reprisals.
Ironically, Principal Bonham’s letter contains a warning about sharing the exposed information, as a possible violation of federal law (which WAHS may themselves have broken):
Under no circumstances should information from the peer nomination survey be shared with a third-party. Doing so could constitute a violation of the Family Educational Rights and Privacy Act (FERPA).
Mr. Bonham concludes by apologizing for the error and assuring parents that future peer-nomination surveys will be “paper-based.”
Click here to read WAHS Principal, Darah Bonham’s letter to parents in its entirety.
I can understand why this occurred. Editing programs or data fields often reset selections to default or clear previously entered data. It’s a PITA IMO. Regarding bullying I would prefer a confidential way for individual students and teachers to point it out versus an all inclusive input. These young people can be quite manipulative and use it to those not in their clique. It’s not a easy thing to manage for sure.
Am I reading the article correctly? The survey asked students to identify–by name–students who have been bullying victims or have perpetrated acts of bullying? Or am I misunderstanding? Perhaps the survey meant “identify” as to call out to face up to bullying?
If the former is the case, I think the breach is secondary (we all know data is not really secure). The fact that a school asked students to make such accusations or admissions in a survey is ridiculous.
*BARF* School asks students for their utmost-SENSITIVE information, and then proceedes to – Oopsie! – broadcast that ahem *confidential* info.
Public schools ROT. They are a collectivist/socialial’s dream.
Connie, I am just trying to wrap my head around this…the schools asked kids in an electronic online survey to admit or name people involved in bullying? In this age of hacking and cyber insecurity, why would they not have made it paper-based from the start?