Chilliwack parent raises flags over school district privacy breach

Up to 1,000 student records could have been compromised in 10-year data breach

About 1,000 past and present students in the Chilliwack School District may have been affected by a privacy breach that took place between 2005 and 2015.

A letter explaining the breach was published by the district on their website on Dec. 22, 2017, but the information has not come up in any recent public meetings. It happened through the district’s participation in research with a not-for-profit group called Educational and Community Supports, a program of the University of Oregon.

Parent Brian Mielke has been attempting to hold the district accountable for the breach for many years, with the help of the Office of the Information and Privacy Commissioner (OIPC). He cottoned onto the breach when delving into his own child’s records several years ago.

“I wanted a copy of my child’s student file,” he said. “I had to do an FOI request to get the file and it took them maybe about four or five months to respond — they went past the period and had to get permission (from OIPC) to extend it.”

When he finally received the data package, it had been heavily redacted by lawyers, but many students’ names were inadvertently missed. Seeing this as a breach of privacy for those students, he thought he’d investigate the document further. He noticed an URL at the bottom of the printout, pinged the IP for the server, and found it to be a server in Oregon.

“I immediately became concerned,” he said. “There are very clear privacy laws of data not crossing the border.”

Through further research he found the connection between School District 33 and Educational and Community Supports was for the use of a program called Positive Behaviour Information System (PBI-SWIS). This research was being used to gather information to develop a technique known as positive behaviour support for behaviourally challenged students. Data was sent across the border for the program, and the school district paid a licensing fee for the software.

In their public letter, the district states the program is used to track behavioural incidents.

“PBI-SWIS was used to gather information about the type and frequency of school based behavioural interventions on an individual and aggregated basis. Only information pertaining to students receiving behaviour support or intervention was affected,” the district says. “We estimate that the number of students affected was approximately 1,000.”

They also have been working with the Office of the Information and Privacy Commissioner to respond to privacy concerns and say there is “no information to suggest that any of this research information was used or disclosed or any purpose other than the university research.”

The OIPC confirms they’ve been working on the matter, but declined to speak about any details.

Mielke says the breach of information is also a breach of trust. He searched the internet for examples of people in the education field using Chilliwack information for their own purposes, publicly, and was able to find several examples. One of them was a PowerPoint presentation about First Nation students at a Chilliwack elementary school.

There are specific sections of the Freedom of Information Act and Protection of Privacy Act that school districts must adhere to. The letter from the school district admits that this partnership contravened that act, but does not spell out exactly how. Mielke says it was through violation of sections 30.1 (transferring student data outside of the country) and 35 (not having an agreement in place to do so).

The district says despite the breach, they feel confident that no identifying student data was compromised.

“All information shared with the researchers was stripped of student identifiers immediately upon receipt by the researchers and we have also confirmed with the researchers that all personally identifiable records have been permanently destroyed,” their letter states. In addition, they say, researchers involved were bound by confidentiality contracts.

The Chilliwack School District said that they believe the risk of any adverse impact on individual privacy is minimal. However, any individual who has questions about this matter should contact Ms. Tamara Ilersich, Director of HR at tamara_ilersich@sd33.bc.ca for more information.

Privacy Notification.docx by Jess Peters on Scribd

Get local stories you won't find anywhere else right to your inbox.
Sign up here

Just Posted

VIDEO: Fraser Valley singing ensemble overcomes isolation, creates music using digital technology

Members of Belle Voci record ‘a capella’ song together even though they were unable to meet in person

Chilliwack neighbourhood bangs pots and pans in front of war veteran’s house

Residents bring nightly ritual to 95-year-old D-Day veteran Warner Hockin to include him

‘We’re not going to fail you’: Chilliwack trustee sends assuring message to students

Trustee Barry Neufeld says he knows the pain of online learning, and tells kids to ‘hang in there’

Council meetings now closed to the public in Chilliwack

Changes comply with provincial orders for no public gatherings and help development applications

Chilliwack elementary schools roll parades through their neighbourhoods, past students’ homes

Unsworth and Central are two of many schools trying to connect teachers with students in fun way

Canadian Olympian diagnosed with heart failure, possible exposure to COVID-19

Olympic soccer star Karina LeBlanc diagnosed with pleural effusion

B.C. unveils $5M for mental health supports during the COVID-19 pandemic

Will include virtual clinics and resources for British Columbians, including front-line workers

B.C. First Nations Health Authority launches virtual doctor program

Program to provide primary health care through COVID-19 pandemic

UPDATE: Canadians awake to extra COVID-19 emergency benefit money, feds clarify changes

The CRA and federal officials are working to clarify the confusion around payments

VIDEO: B.C. singer creates frontline workers tribute song

Cambree Lovesy’s song saluting those battling COVID-19 draws interest online

Statistics Canada report looks at COVID-19’s impact on violence in the family

Police across Canada reported almost 100,000 cases of intimate partner violence in 2018

132,000 B.C. jobs lost just the start of COVID-19 impact, finance minister says

Finance Minister Carole James says ‘this isn’t the entire picture’

B.C. asking companies to contribute through online COVID-19 supply hub

New platform to co-ordinate, source, expedite supplies and equipment to support front-line workers

Most Read