Amazon Cloud Servers Host Data on Millions of School Children

The purpose, according to inBloom, is to provide the data necessary to tailor individual education to individual students; but the data collection is being done without reference to or approval from the parents. The data being collected, says, includes “student names, addresses, grades, test scores, economic, race, special education status, disciplinary status and more.” inBloom’s privacy statements comments, “inBloom Inc cannot guarantee the security of the information stored in inBloom or that the information will not be intercepted when it is being transmitted.” 

Furthermore, adds, classsizematters, “InBloom Inc. plans to share this highly sensitive information with software companies and other for-profit vendors.” In other words, the company is likely to sell data mining of the personally identifiable student data it collects.

Opposition to inBloom's practices is growing. NYS bill A.6059 / S.4284, designed to protect student privacy, had 59 sponsors in the Assembly and 22 sponsors in the Senate as of 29 May 2013. Yesterday, RNIF (Rebellious and Investigative News and Film) published a video on its concerns. The video claims that “there are currently over 11 million students on the database across 9 states including New York, Colorado, Delaware, Illinois, Kentucky...” Last week, however, Reuters reported that, “Kentucky, Georgia and Delaware – all initially listed as partners on the inBloom website – told Reuters that they never made a commitment and have no intention of participating... Officials in two other states on the list, Massachusetts and North Carolina, said they are still evaluating the project and may never upload student data.” New York is pressing ahead with uploading data on 3.6 million schoolchildren.

Concern about student privacy is also growing in the UK. Jeff Gould, president of, discussed the issues in on Friday. “When data mining is done for profit, the relationship between the data miner and the consumer is simply a market transaction,” he says; adding, “As long as both parties are free to choose whether and when they wish to engage in such transactions, there is no reason to forbid them or place undue obstacles in their path.” 

But, “when neither children nor their parents can consent to, control or even properly understand the data mining that is taking place, these practices simply should not take place.” He concludes, “British parents and education authorities should listen carefully to this message and take steps to see that the almost limitless power of data mining is not unleashed on children in school.”

The question is whether it is reasonable to trade privacy for improved or cheaper services. The problem for schools is whether it is acceptable – or even legal in Europe – to trade its students’ privacy for those same returns.

What’s Hot on Infosecurity Magazine?