Chilliwack parent raises flags over school district privacy breach

Up to 1,000 student records could have been compromised in 10-year data breach

About 1,000 past and present students in the Chilliwack School District may have been affected by a privacy breach that took place between 2005 and 2015.

A letter explaining the breach was published by the district on their website on Dec. 22, 2017, but the information has not come up in any recent public meetings. It happened through the district’s participation in research with a not-for-profit group called Educational and Community Supports, a program of the University of Oregon.

Parent Brian Mielke has been attempting to hold the district accountable for the breach for many years, with the help of the Office of the Information and Privacy Commissioner (OIPC). He cottoned onto the breach when delving into his own child’s records several years ago.

“I wanted a copy of my child’s student file,” he said. “I had to do an FOI request to get the file and it took them maybe about four or five months to respond — they went past the period and had to get permission (from OIPC) to extend it.”

When he finally received the data package, it had been heavily redacted by lawyers, but many students’ names were inadvertently missed. Seeing this as a breach of privacy for those students, he thought he’d investigate the document further. He noticed an URL at the bottom of the printout, pinged the IP for the server, and found it to be a server in Oregon.

“I immediately became concerned,” he said. “There are very clear privacy laws of data not crossing the border.”

Through further research he found the connection between School District 33 and Educational and Community Supports was for the use of a program called Positive Behaviour Information System (PBI-SWIS). This research was being used to gather information to develop a technique known as positive behaviour support for behaviourally challenged students. Data was sent across the border for the program, and the school district paid a licensing fee for the software.

In their public letter, the district states the program is used to track behavioural incidents.

“PBI-SWIS was used to gather information about the type and frequency of school based behavioural interventions on an individual and aggregated basis. Only information pertaining to students receiving behaviour support or intervention was affected,” the district says. “We estimate that the number of students affected was approximately 1,000.”

They also have been working with the Office of the Information and Privacy Commissioner to respond to privacy concerns and say there is “no information to suggest that any of this research information was used or disclosed or any purpose other than the university research.”

The OIPC confirms they’ve been working on the matter, but declined to speak about any details.

Mielke says the breach of information is also a breach of trust. He searched the internet for examples of people in the education field using Chilliwack information for their own purposes, publicly, and was able to find several examples. One of them was a PowerPoint presentation about First Nation students at a Chilliwack elementary school.

There are specific sections of the Freedom of Information Act and Protection of Privacy Act that school districts must adhere to. The letter from the school district admits that this partnership contravened that act, but does not spell out exactly how. Mielke says it was through violation of sections 30.1 (transferring student data outside of the country) and 35 (not having an agreement in place to do so).

The district says despite the breach, they feel confident that no identifying student data was compromised.

“All information shared with the researchers was stripped of student identifiers immediately upon receipt by the researchers and we have also confirmed with the researchers that all personally identifiable records have been permanently destroyed,” their letter states. In addition, they say, researchers involved were bound by confidentiality contracts.

The Chilliwack School District said that they believe the risk of any adverse impact on individual privacy is minimal. However, any individual who has questions about this matter should contact Ms. Tamara Ilersich, Director of HR at tamara_ilersich@sd33.bc.ca for more information.

Privacy Notification.docx by Jess Peters on Scribd

Just Posted

‘Police are ready’ for legal pot, say Canadian chiefs

But Canadians won’t see major policing changes as pot becomes legal

On Oct. 19, gospel musician, Rob Berg, hosts first concert in Chilliwack in 25 years

Held at the Sardis Community Church, the concert celebrates his career and new album release

Outgoing Chilliwack board chair says anti-SOGI trustees won’t be allowed in schools

Candidates’ anti-LGBTQ rhetoric makes for awkward situations with students, teachers, administrators

The Fraser Valley Comedy Festival hosts its first annual 10-day festival

With low-cost shows featuring top comics, the FVC Festival is sure to tickle your funny bone

Chilliwack’s Aaron Douglas to be retried for first-degree murder

Sentenced to life in prison for one 2014 killing, first jury couldn’t come to a decision on second

Video: An up-close look at beluga whales in Hudson Bay

An up-close look as some belugas greet whale watchers off the coast of Churchill, Manitoba

5 tips for talking to your kids about cannabis

Health officials recommend sharing a harm reduction-related message.

Elderly pedestrian killed in Burnaby collision

Police are looking for witnesses

NHL players say Canada’s legalization of marijuana won’t impact them

NHL players say the legalization of marijuana in Canada won’t change how they go about their business.

Automated cars could kill wide range of jobs, federal documents say

Internal government documents show that more than one million jobs could be lost to automated vehicles, with ripple effects far beyond the likeliest professions.

Private marijuana stores should shut down, Mike Farnworth says

B.C. has approved 62 licences, but they still need local approval

HPV vaccine does not lead to riskier sex among teen girls: UBC

Girls are less likely to have sex now than they were a decade ago

Koreas agree to break ground on inter-Korean railroad

The rival Koreas are holding high-level talks Monday to discuss further engagement amid a global diplomatic push to resolve the nuclear standoff with North Korea.

Most Read