![]() The action taken against Illuminate comes just three months after the Federal Trade Commission announced efforts to ramp up enforcement of federal student privacy protections, including against companies that sell student data for targeted advertising and that lack reasonable systems “to maintain the confidentiality, security and integrity of children’s personal information.” Related: New Research: Security Report Finds Ed Tech Vulnerability That Could Have Exposed Millions of Students to Hacks During Remote Learning In a recent article in The 74, student privacy experts criticized the Big Tech-funded privacy forum for failing to sanction companies that break the agreement terms. “We will continue to monitor and enhance the security of our systems, and we will continue to work with students and school districts to resolve any concerns related to this matter while prioritizing the privacy and protection of the data we maintain,” Snyder said in a statement. Illuminate Education spokesperson Jane Snyder said the company is disappointed in the privacy forum’s decision, but it “will not detract from our commitment to safeguard the privacy of all student data in our care.” The privately held company founded in 2009 claims some 5,000 schools serving 17 million students use its tools. ![]() Illuminate Education CEO Christine Willig (Illuminate Education) The extent of the Illuminate breach remains unclear, but a tally by education news outlet THE Journal encompasses districts in six states affecting an estimated 3 million students. Though the privacy forum maintains that the pledge is legally binding and can be enforced by federal and state regulators, the move against Illuminate marks a dramatic shift in enforcement. Through the voluntary pledge, hundreds of education technology companies have agreed to a slate of safety measures to protect students’ online privacy. Illuminate reportedly used Amazon Web Services to store student data on accounts that were easy to identify. “Such a failure to encrypt would violate several pledge provisions,” Polonetsky said, including a commitment to “maintain a comprehensive security program” to protect students’ sensitive information and to “comply with applicable laws,” including an “explicit data encryption requirement” in New York.Įncryption is the cybersecurity practice of scrambling readable data into an unusable format to prevent bad actors from understanding it without a key. ![]() Donate here to support The 74's independent journalism. Sign up here for The 74’s daily newsletter. ![]() He said the decision to de-list Illuminate came after a review including “direct outreach” to the company, which “would not state” that such privacy practices had been in place. “Publicly available information appears to confirm that Illuminate Education did not encrypt all student information while” it was being stored or transferred from one system to another, forum CEO Jules Polonetsky said in a statement. ![]()
0 Comments
Leave a Reply. |