The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.
The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.
For full contact information and a brief bio, please see David's profile.
Please note that I am only able to provide legal advice to clients. I am not able to provide free legal advice. Any unsolicited information sent to David Fraser cannot be considered to be solicitor-client privileged.
The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.
This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.
Sunday, November 13, 2005
The State of Georgia is in the final phases of a fourteen million dollar effort to centralize massive amounts of information related to elementary, middle and senior school students in the state. Each student will be assigned a random number that will follow the student throughout their academic careers and will link to a central database of their academic records.
The system is meant to replace ad hoc, disparate data depositories that have used social security numbers to link students to their data. As with any project such as this, there are privacy concerns:
Macon Telegraph | 11/13/2005 | Statewide student ID system almost ready:There's also a concern among teachers and parents about protecting students' private records.
"I have a problem with it. It could fall into the hands of the wrong people," said Ella Carter, principal of Northeast High School in Macon. Carter said the state already can access all of the information, so why store it in a giant database?
Carter said she received a letter in the mail two weeks ago that alerted her to monitor her credit report because she is on the state health benefit plan, and the Georgia Technology Authority, which has access to state records, had a recent data breech.
"As a parent, I really don't like the fact that my child's personal information is out there for someone to break into," said Kathy Brown, a Houston County High School parent. "We seem to be doing fine" without a statewide student ID system.
Any large state office keeping personal data brings concerns, said Woodard, the state information officer.
"We have built enormous security systems. Only a designated person from a district can get in," he said.
And that designated person can view only their local student records, he said.
At the state level, the data is open to the Office of School Readiness, the Department of Education, the Department of Technical and Adult Education and the Board of Regents.
And a designated state official can access the information for lawmakers.
"As long as it's used for honorable purposes, I'm all for it," said Rep. Larry O'Neal, R-Warner Robins. "Having direct student data means more than political whim or emotions we get from lobbyists. We are always glad to have valid data to explore in the lawmaking process."
Woodard said the state is talking to state education officials in Tennessee and South Carolina about sharing information to track students who move across state lines.
There doesn't seem to be any suggestion that the state has undertaken a privacy impact assessment, which would at least provide assurances that privacy issues have been thoroughly thought through.
Labels: health information, information breaches
The Canadian Privacy Law Blog is licensed under a
Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License.