TOPEKA, Kan. (AP) — Some educators in the Topeka school district had illegal access to data that identifies students from low-income families, which is federally protected as confidential.
Principals and other educators were able to see the data through the district’s student information platform called PowerSchool. The data is used to determine which students are eligible for free or reduced-price lunches, The Topeka Capital-Journal reported.
Teachers and principals aren’t supposed to have access to the income status of their students. The National School Lunch Act makes violating the confidentiality of the data a crime punishable by a fine of up to $1,000, up to one year’s imprisonment, or both.
Although Superintendent Julie Ford assured the U.S. Department of Agriculture on Tuesday that the problem had been fixed, the Capital-Journal reports that a person who is not legally allowed to review the data provided samples to the newspaper that day. On Wednesday, the district shut down a data-exporting function in PowerSchool that was allowing the leak.
The newspaper also reported that four schools had displayed the student data on walls designed to create visual overviews of their student bodies.
After the newspaper first reported on the data leak last week, the Kansas State Department of Education told the district that the USDA, which enforces the confidentiality of the data, was seeking information about the school district’s data protection.
Cheryl Johnson, head of school nutrition programs for the state education department, said the Topeka district hadn’t completed federally required paperwork to release the low-income data for special purposes.
“USDA has requested verification that (the Topeka district) is protecting the confidentiality rights of participants and not disclosing eligibility information about participants on data walls or in any other manner,” Johnson said in a letter to the district. The letter explains the criminal penalties in the National School Lunch Act and asks Topeka administrators to provide documentation of their data protections by Friday.
In a letter sent Tuesday to the education department, Superintendent Julie Ford said the data breaches have been corrected.
“No one, except those with a legal right to have access, can see that data,” Ford wrote.
After the newspaper received the data on Tuesday evening, the head of the school district’s IT department, Jim Rousseau, said in an email to district staff that the computer function that was allowing the leak would be shut down.
School board president Janel Johnson said the board’s priority is protecting the rights and privacy of students.
“Our direction is to be diligent about addressing the matter, to ensure the data is protected,” Johnson said. “To do so, we’re going to be working with KSDE as they assist us through that process.”
Copyright 2014 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.