Our private data is being pillaged
How do we stop it?
Friends, if you’re like me, you’re totally overwhelmed by all the information crashing around us like so much rubble in an avalanche, which is not only pummeling but is also terrible. I wrote about this elsewhere. It’s close to putting me into a kind of stasis. Maybe you too.
But we can’t lose sight of our goals, and we can do little small acts every day to inch closer to those goals. And I have one such little small act for you. It’s only for Illinoisans. (Sorry, non-Illinoisans.)
Here is a letter we just received from Chicago Public Schools. It’s the second one of these we’ve gotten since 2017. Which is to say both my kids have had their data stolen and it is God knows where now.
A very blah blah blah anodyne letter for an incident described by Chalkbeat thusly: “In a ransomware attack last year, Russian hackers stole private information for more than 700,000 current and former Chicago Public Schools students and put it on the dark web, district officials said Friday.”
It’s kind of enraging, yes? I know. Also creepy, and scary, and one more damn thing to worry about. Read that whole Chalkbeat piece if you really want the hair on the back of your neck to feel all crickly.
But I’m not here to make you crankier and more anxious than you already are. I’m here to tell you that you can take some action to help keep this from happening in the future.
In Illinois we already have a student data protection law, SOPPA (the Student Online Personal Protection Act). But SOPPA has no serious enforcement provision—because Big Tech really doesn’t want that. Currently SOPPA offers no private right of action—that is, the ability of families to sue tech vendors who violate the law. So SOPPA has no teeth: enforceable only by the IL Attorney General, our AG hasn’t enforced it even once since it became a law in 2017. So when there are egregious data breaches, we have no recourse. And when testing companies like the College Board continue to sell student data in violation of the law, there is nothing we can do.
Hence, a new bill. May I introduce HB 2696.
This bill does 2 things:
It would give families that much-needed private right of action to bring lawsuits against tech vendors who violate SOPPA. It would also reinforce the fact that testing companies with state contracts cannot sell data.
HB 2696 is small, it’s simple, and it really should help families and students. And it needs all the help it can get from us, because I am sure Big Tech lobbyists are buzzing around Springfield even now. I have watched them buzz. It’s cringey, yet sadly effective.
There are a few easy things you can do to help.
Do this letter campaign. It’s all laid out for you, you just have to click on it.
Fill out witness slips as a PROPONENT. If you haven’t done this before, here are some directions. We need you to do 2, one each for two hearings next week. Even if you’ve already done this for this bill, you need to file again as the hearings were rescheduled and the witness slip tally starts over from scratch.
Witness slip for March 19th hearing
Witness slip for March 20th hearingCall your state representative and ask them to sign on as a sponsor. Here’s where you can find your rep. And here’s what you can say when you call.
I'm a constituent [include your name and zip code], and I'm calling to ask my representative to co-sponsor HB 2696, a bill to strengthen our student data privacy law, SOPPA. State test vendors are selling student data, and data has been exposed in breach after breach, but so far the AG hasn't done anything. Families should have the right to sue under SOPPA to protect kids' data from being sold or left insecure. We need the General Assembly to step up. Please sponsor HB 2696.
Alone, we can’t do much about Russian hackers or our students’ data being put up for sale. But all together, our small 5 minutes of action add up to a powerful voice that can impact our children’s future in a significant way. Thanks for trying with me.