![]() The action taken against Illuminate comes just three months after the Federal Trade Commission announced efforts to ramp up enforcement of federal student privacy protections, including against companies that sell student data for targeted advertising and that lack reasonable systems “to maintain the confidentiality, security and integrity of children’s personal information.” ![]() Related McAfee Finds Vulnerability in Ed Tech Surveillance Tool The extent of the Illuminate breach remains unclear, but a tally by education news outlet THE Journal encompasses districts in six states affecting an estimated 3 million students. Though the privacy forum maintains that the pledge is legally binding and can be enforced by federal and state regulators, the move against Illuminate marks a dramatic shift in enforcement. Through the voluntary pledge, hundreds of education technology companies have agreed to a slate of safety measures to protect students’ online privacy. Illuminate reportedly used Amazon Web Services to store student data on accounts that were easy to identify. “Such a failure to encrypt would violate several pledge provisions,” Polonetsky said, including a commitment to “maintain a comprehensive security program” to protect students’ sensitive information and to “comply with applicable laws,” including an “explicit data encryption requirement” in New York.Įncryption is the cybersecurity practice of scrambling readable data into an unusable format to prevent bad actors from understanding it without a key. He said the decision to de-list Illuminate came after a review including “direct outreach” to the company, which “would not state” that such privacy practices had been in place. ![]() “Publicly available information appears to confirm that Illuminate Education did not encrypt all student information while” it was being stored or transferred from one system to another, forum CEO Jules Polonetsky said in a statement. The Future of Privacy Forum, which created the self-regulatory effort nearly a decade ago to promote ethical student data practices by education technology companies, announced on Monday it had stripped Illuminate of its pledge signatory designation and referred the company to the Federal Trade Commission and state attorneys general in New York and California, where the biggest breaches occurred, to “consider further appropriate action,” including sanctions. Sign up for The 74 NewsletterĮmbattled education technology vendor Illuminate Education has become the first-ever company to get booted from the Student Privacy Pledge, an unprecedented move that follows a massive data breach affecting millions of students and allegations the company misrepresented its security safeguards. See your local camp for exact pricing.Get stories like these delivered straight to your inbox.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |