Documentos de Académico
Documentos de Profesional
Documentos de Cultura
Danny Leeming
There is, without question, great educational value in the use of technology. The use
of cloud based tools and web based applications is revolutionizing regular face to face
classrooms by blending the teacher-student relationship and contact times to a much more
fluid and flexible one. In my own classroom, through the use of the Google Apps for
Education platform, students are now able to work synchronously in groups whether they are
able to attend class, or they are on a bus travelling for extracurricular sports. They are also
able to edit and reflect, peer-share and connect, asynchronously. While the anchor of our
school buildings, and face to face contact, form the bedrock of our relationship the use of
these tools is invaluable at meeting learning where and when they are most comfortable
engaging in learning, reflection, and assessment. At what legal and personal cost do these
opportunities come?
legislation in British Columbia is a good, intermediate step towards more mindful privacy
legislation. However, given the complex and evolving nature of cloud and web platforms, it
will require a much broader, international framework to be truly successful as there are many
holes in compliance, data handling, and interconnectedness that make its full intention hard,
In 2011, the Province of British Columbia enacted some of the most aggressive,
forward thinking, privacy legislation in North America (Hengstler, 2013). This privacy
legislation, the Freedom of Information and Protection of Privacy Act (FIPPA), affects the
employees and clients of public bodies in the province. This legislation was the result of
several complaints and lawsuits. FIPPA, in practice, essentially sets the legal boundaries for
the use of technology, and its interaction with student information, for all BC public schools.
The impetus for change to existing privacy laws was brought on by the aftermath of
September 11, 2001, and the subsequent passing of the US Patriot Act (Privacy and the US
Running head: FIPPA and BCED 2
Patriot Act, 2004). The Office the Privacy Commissioner in BC put forward a lengthy report,
stemming from lawsuit brought by the BC Government Employees Union, to discuss the
privacy implications for government bodies using 3rd party companies based outside of BC
(“Privacy”, p. 11, 2004). While the report initially concerned itself with specific questions
about privacy, data, and US/foreign access, it tackled much deeper, broader questions and
determined that British Columbia “cannot wait for historians to tell us whether or how much
the shift towards a national security focus has imperilled our hard-won rights and liberties”
(“Privacy”, p. 11, 2004). The report was pivotal in taking an assessment of the current online
world being built and recognized that the fundamental pieces of privacy had changed
dramatically:
The Privacy Commissioner made many thoughtful recommendations based on input from
citizens, ministries, foreign police agencies, and more. These recommendations included
many key provisions in the 2011 legislation including the restriction of out of province data
storage, new conceptions of personally identifiable information, and the process for which
clients/users are informed and can consent to the sharing of their personal data (“Privacy”, p.
134, 2014).
To understand whether or not the implementation and goals of FIPPA are being met
we must first understand and define the theoretical backing of the legislation, its concerns,
The foundation of privacy law has, and continues to rest, on a concept called
personally identifiable information, or PII. The shifting nature of PII is incredibly problematic
for modern privacy legislation. The term PII, coined inis the late 19th century, is the
founding concept of privacy legislation across the globe and it primarily concerns itself with
key identifiers that directly attribute information to an identifiable person (Schwartz & Solove,
p. 1816, 2011). If a piece of information that directly identifies a user in a given set of data is
omitted, deleted, or removed then there is no privacy violation because anonymous data
was, and in many cases still is, considered non-identifiable (Schwartz & Solove, p. 1817,
2011). A practical example of this in action, under traditional conceptions of privacy laws,
would be if a teacher, school or district use exam data from a standardized test, such as the
English 12 provincial exam, and removed the names of students, their personal education
numbers, and their school and release or share the remaining grade and assessment data,
including written responses. This would be considered anonymous because no single piece
The advent of web based tools, powerful and sophisticated data crunching
databases, and an ever increasing amount of data have made this traditional approach to
privacy very problematic. One does not need to look far to find the terrifying instances of
deanonymization on a massive scale. For example, researchers were able to quickly identify
even though the data had no IP addresses attached, and had been “scrubbed” of names,
dates, locations (Ohm, p. 1717, 2009). Despite that, researchers quickly identified searchers
as real people and were able to contact them. Similar stories have emerged that further
illustrate this point. Researchers were also able to identify Flickr and Twitter users, despite
no links between their accounts, based only on patterns of posting and sharing (Ohm, p.
1743, p. 2009). Luckily, these examples were simply research experiments but the
ramifications in the wrong hands are easy for one to imagine. Ohm warns us of the danger,
Running head: FIPPA and BCED 4
stating that “re identification has formed the database of ruin and given our worst enemies
access to it.” (p. 1748, 2009). He also argues that every instance of re identification creates
a ‘snowball effect’ where any reidentification can never be undone, and will further
strengthen the next attempt at re identification by building a much larger series of points and
In a world where our the average person's digital footprint doubles in size every two
years with data mostly managed outside of their direct control the threat of linkability and
deanonymization becomes greater and greater each passing day (Rigele & Debbie, 2016).
This provides a clear context for why, in public education, the data we release about our
students for learning intentions, or not, has huge privacy implications going forward.
The approaches to defining and legislation the management of PII have traditionally
taken three models. The non-public approach legislates what PII is not. (Schwartz & Solove,
p. 1830, 2011.) For example, to once again use assessment data as an example, it could
define that aggregate grading data and anonymized written submissions are not PII, but
names, grades, and schools are. This is closely related to the specific types approach which
strictly defines categories like name, birth date, blood type, zip code, etc as strictly defined
categories that make information identifiable (Schwartz & Solove, p. 1829, 2011). These
have proven to be far too limiting, especially with the evolution of technology, because as we
have seen with the aforementioned deanonymization examples, what is and is not PII can
change rapidly. As stated by Schwartz and Solove, ‘[t]he line between P11 and non-PII is not
fixed, but depends upon technology. Thus, today's non-PII might be tomorrow's PII.” (p.
1846, 2011). Paul Ohm concurs stating that defining and constraining PII is a game of
whack-a-mole and it trusts “lawmakers can evaluate the inherent riskiness of data
categories, assessing with mathematical precision whether or not a particular data field
contributes to the problem enough to be regulated.” (Ohm, p.1734, 2009). FIPPA finds itself
taking a third approach, tautological, which is open and flexible in its definition and leaves
Running head: FIPPA and BCED 5
the specifics very open ended to changing landscapes (Schwartz & Solove, p. 1829, 2011).
The criticism of this approach is that there is no clear guidelines for what is, and is not,
acceptable. This can be problematic, especially in complex systems like public education,
but leaves the privacy protected for new developments. As we will come to see, this
Clearly the mere act of legislating privacy is difficult in the modern world. Ohm states
the benefits of unfettered information flow against its costs and must
calibrate new laws to impose burdens only when they outweigh the
FIPPA legislation could not just forbid the flow of information in the name of privacy. The
sword. Our modern systems need the ability to draw upon information to make our current
way of life possible and to cut off the flow of information completely would have serious
consequences. It should not be surprising that FIPPA took a firm, but open, approach to
privacy with public bodies and tries to balance the needs of personal privacy without
The implementation of FIPPA is a reflection of the changing scope, and definitions of,
privacy. This is deeply connected to the proliferation of cloud and web based services, and
the interconnected nature of data points in the modern world. Our schools suffer this shifting
FIPPA has done an adequate job at mitigating the theoretical and practical concerns
raised by modern computing. One of the foundational pieces of FIPPA is based around its
obligation for public bodies to create informed consent for data being shared. The
requirement for public bodies to tell citizens exactly how their data will be used, shared,
stored and disclosed in detail is a very forward thinking solution and allows users to weigh
the positive and negatives of their decisions. In a world where something as innocuous as an
anonymized search query on AOL can lead to your direct identification, consenting to each
contains many important and relevant regulations for public education and this includes the
requirement of detailed, informed consent for any and all information disclosed by a public
body (Freedom of Information and Protection of Privacy Act [FIPPA BC], 2016). A primer on
FIPPA prepared by the Office of the Privacy Commissioner details how FIPPA requires any
information that could be considered identifiable to be consented to, even to the point of
requiring something like a student journal that details information about several individuals to
gain the consent of every person involved (Cloud Computing Guidelines for Public Bodies, p.
4, 2012). While cumbersome, this certainly delivers on FIPPA’s goal of protecting user data
from unknown disclosure. It might read to some as ‘overkill’ but based on the power of
computers it does not take much to imagine the plethora of personal information stored in a
FIPPA also tackles storage and the risk of storing data outside of Canada (FIPPA
BC, 2016). Section 30 also strictly forbids unconsented storage of any personal information,
identifiable or potentially identifiable, outside the borders of Canada (FIPPA BC, 2016.) Julia
overview of what FIPPA requires of teachers to share student work or data online
(Hengstler, K-12 Primer, 2013). Any disclosure of data must answer what she has called
2) What, exactly, is being shared? Specific things - Work, birthdays, names, etc.
3) What content will be posted and how will it be identified?
4) Where will the content be posted & who will see it?
5) How and When is accessed?
6) Where is the data stored? What does that mean for my stuff?
7) Who is in charge of this at my school or at the school board office? What are they
doing to protect my information?
8) What if something changes? Or there is a data leak?
9) Is this written in a way that my parents and I can understand? (Hengstler, 2013).
This series of obligations any consent form must have greatly enhances the knowledge and
consent for students in public education and greatly enhance their ability to make a
Perhaps one of the most positive benefits of current BC privacy legislation is that it
may be contributing to a more thoughtful and positive conversation around privacy in our
schools. Digital citizenship as a curricular goal has never been more prominent, and with the
curriculum change currently being undertaken in British Columbia, this trend will continue.
meaningful and practical conversations with our students every time we approach them, and
their families, about a digital or web tool we wish to use with them in their learning. It should
be clear the hypocrisy of schools advocating educational programs to produce digital literate
citizens but not contemplating their own digital actions and tool use. The linkage between
legitimate care about student privacy through respecting and honoring the goals of FIPPA
legislation and the profession's desire to create digital citizenship, responsibility and
The law addresses this need and demand in our schools. A study completed by the
Fordham Institute on a sample of several US school districts found that cloud computing
platforms were being used in some capacity, totaling 95% of schools examined, and found
that privacy of student data was “poorly understood, non-transparent, and weakly governed.”
(Rigele & Debbie, 2016) The study also found that there was “rampant gaps” in the way privacy
Running head: FIPPA and BCED 8
was enforced, the types of agreements between schools, or districts, and service and
content provides, and the information received by students and parents (Rigele & Debbie,
2016). Speaking anecdotally, in the schools and districts I have worked with as a teacher,
this study rings as true in British Columbia. Privacy forms, even in the age of new FIPPA
legislation, show widely different interpretations of privacy law from school to school and
district to district.
With all the above in my mind, there are some areas in which FIPPA is not meeting
the needs of BC students, teaching professionals and districts. One of the most vocal critics
of British Columbia’s approach to privacy with regards to public education is Dr. Alec Couros.
He performed a review of legislation in 2016 and said outright that the way the legislation
function in practice is “not compatible or commensurate with the sector specific needs of
education bodies” (Couros & Hildebrandt, p. 5, 2016). He criticizes its strict, unclear nature,
and its restrictive grip on teacher creativity that are depriving BC student’s from valuable
learning experiences (Couros & Hildebrandt, p. 5, 2016). He also takes issues with the
tautological approach of the legislation and states that the open ended way in which it is
written essentially creates a situation where anything not mentioned as potentially disclosed
can open bodies up to legal action and as a result, freezes innovation, new technology
security for Canadian users and supports this stance by highlighting data sharing legislation
between the US and Canadian governments, and referencing revelations about data spying
by various governments (Couros & Hildebrandt, p.8, 2016). Finally, he focuses on how wildly
different the legal interpretations have taken and how some districts have just said ‘no’ to the
educational opportunities made possible by cloud and web based tools (Couros &
Hildebrandt, p. 10, 2016). To summarize his very detailed and well argued critique, British
Columbia students are being prevented from incredibly valuable learning by poorly written,
Running head: FIPPA and BCED 9
transmission that, at the end of the day, does very little to actually protect information.
Building on Couros’ argument about varied and different interpretations, one needs
only look at privacy forms from various school districts to see that FIPPA is seeing wildly
different methods of enforcement and adherence. The approaches districts have are widely
varied. Some districts, like SD57 in Prince George, have board office positions dedicated to
meeting privacy commitments, while others such SD36 still use blanket unspecific waivers
that, in my opinion and the advice given by Julia Hengstler and the Office of the Privacy
Commissioner, do not meet the obligations of FIPPA. I contacted several districts informally
requesting access to their waivers and information about their wireless infrastructure. While
this is very incomplete, it provides the ability to make some basic conclusions about FIPPA
in British Columbia.
District Waiver Exemplar Meets Fippa WiFi System Waiver for Wifi Access
Checklist by or FIPPA privacy in
Hengstler? Network Access
Agreement?
School District 61 Yes Yes Meraki by Cisco Cloud portal turned off, all
https://goo.gl/hQrytk Access points locally
managed to protect
privacy N/A
connected to my own concerns that build on what Couros is discusses. While classroom
teachers are very concerned with the classroom disclosures of information, and their legal
and ethical responsibilities to safeguard their students information, there are many systems
in place by school districts on the “business” side of education that may need an overhaul
with regards to privacy. Access to WiFi internet systems is quite common in British
Columbia schools, especially at the secondary level. Often, for practical reasons, these
wireless internet systems are built and maintained, and then managed remotely over
geographic distances by district IT staff. They allow staff to monitor connections, uptime,
security threats, and apply policies all through central web dashboards. With that, however,
Some of the popular systems include the Meraki system by Cisco Systems, and the
Aruba system by HP. These are only two examples known to be deployed in some BC
school districts. The issue with these services is the way in which identifiable data about
students is tracked and stored in the United States in contravention of FIPPA without student
knowledge or consent. Cisco Meraki uses a web based management dashboard, hosted in
the United States, which collects information from connected client devices, for example
student owned devices, such as MAC address, device type, physical geo location, operating
system, device name (Cisco Meraki Privacy Policy, 2013). If this was not concerning
enough, they are also able to track hostnames, different protocols running on the device,
port and IP information (Cisco Meraki Privacy Policy, 2013). To simplify that statement,
Meraki can track a student's device name, their device unique MAC address, and tie that to
their app and web history, and their physical location at different times of day (Cisco Meraki
Privacy Policy, 2013). Despite not having traditional red flag identifiers like full names, in a
Running head: FIPPA and BCED 11
world where users can be identified by anonymized AOL search queries the volume of
information Meraki and Cisco can collect about students can easily be used to not just
personally identify them, but build a very robust profile of their web and social media habits.
A further reading of the privacy policy reveals that Meraki has the right to disclose their
collected information to other service providers, for business purposes, to any affiliated
company who “may use and disclose personal information” disclosed to them by Cisco at
their discretion (Cisco Meraki Privacy Policy, 2013). Only one school district - SD61 in
Greater Victoria - using Meraki, as noted in Table 1 above, took this privacy worry into
consideration and has turned off the cloud dashboard in their Meraki system.
have deep concern about the implications for both educational technology and our legal and
ethical duties to our profession and our students. Let us propose a scenario in which a
district blocks any improper web and cloud tools in their classrooms and develops a rigorous
FIPPA approval process, but utilizes a system like Cisco Meraki for their wireless internet.
Even if a student is not using a teacher suggested tool, such as Google Apps, and is simply
using their own device to browse and search up basic information online, or browse social
media on their lunch break, the use of infrastructure such as Cisco Meraki opens up an
incredible amount of PII to a corporation which can buy, sell and trade the student
information without their knowledge or consent. This situation is one that needs remedy. On
Table 1, I have included information about several districts who use Meraki or something
similar. A complete, empirical study and further research is needed to determine the extent
of this problem that I have not seen mentioned in any of my research. Is this infrastructure
privacy concern being weighed and considered? How can schools deal with this and still
respect FIPPA? Should schools be forced to shut down wireless internet until further notice?
Must we end the culture of BYOD in our schools until we can properly protect student
information? Can we put this proverbial cat back into the bag?
Running head: FIPPA and BCED 12
FIPPA has been written with the very best intentions and has made a valiant and
substantial attempt at protecting British Columbia students from violations of their privacy
that could have long term and lasting impacts on their lives. Often, when discussing why
FIPPA is important with colleagues I often ask them if they would be okay if I were to set up
and run their child’s Facebook profile, or if they would be alright with a field trip permission
form that stated only that I may take their child on a field trip, on an unknown date, to an
unknown location, and that we cannot guarantee we will ever return. Once they finish looking
the privacy puzzle. Clearly, though, it is not perfect. As a practicing British Columbia teacher
I often weigh the time and work of developing adequate waivers versus the opportunity
offered by different tools and often opt for options that may not deliver the same impact, but
carry less privacy concerns. Many colleagues do not respect the legislation, avoid
technology at all costs, or find themselves on the lower end of what Julia Hengstler refers to
Hengstler, I believe correctly, writes that full compliance with FIPPA in its current
Continuum] p. 6, 2014). She also describes other stages of teacher reaction to tough FIPPA
compliance legislation, but the practical reality is a situation where it may never happen. If
that is the case, has FIPPA been truly effective? And what about the very serious concerns
raised here over the very infrastructure we use to access the internet in our schools?
I believe the proper approach to FIPPA is to elevate the conversation to the national
and international level. The report on cloud computing that made many of the
recommendations that found their way into current FIPPA legislation was prophetic in the
sense that it also recommended this next step as the only way to truly create a new privacy
Running head: FIPPA and BCED 13
framework that truly dealt with the instantaneous transmission of information across
international borders and the powerful, integrated computer networks that can harness and
connect so much information (“Privacy”, p. 134, 2004). That report on privacy recommended
these changes to FIPPA only in light of a pending multinational approach, and knew that was
I cannot help but back up this recommendation. I see immense value in the
protection of student privacy. Kids will post things that will be potentially socially
embarrassing and have impacts on things like future employment. Many also struggle with
deeply personal family or mental health issues that could show up in their work and writing.
As one author calls it, “the right to be forgotten” is an important part of youth and privacy
protections (Newman, p. 507, 2015). Newman talks of adolescent exploration, trial and error
nature of development, and other factors as things that should not follow people around as
they mature (Newman, p. 508, 2015). Only by uniting with the international community on
issues of data sharing, deanonymization, reselling of data, encryption, and handling can we
hope to tackle modern privacy issues. The current patchwork of province to province, state
to state, country to country frameworks can create something similiar to a taxation ‘race to
the bottom’. Firms which wish to be nefarious with user data can always find a new, more
lenient jurisdiction from which to operate and only by creating a universal set of principles
infrastructure, and how it interacts with student data, leaves the door open for much more
important research. I applaud the British Columbia government's leadership position on this
very important issue, but there is more work to be done on behalf of students, teachers, and
References:
Canada, Office of the Information and Privacy Commissioner for British Columbia. (2012). Cloud
Computing Guidelines for Public Bodies (pp. 1-7). Victoria, BC: OIPC.
Cisco Meraki Privacy Policy. (2013, December 17). Retrieved July 10, 2016, from
https://meraki.cisco.com/support/#policies:privacy
Couros, A., Dr., & Hildebrandt, K. (2016, January 25). STATUTORY REVIEW OF THE FREEDOM
OF INFORMATION AND PROTECTION OF PRIVACY ACT. SUBMISSION TO THE SPECIAL
COMMITTEE TO REVIEW THE FREEDOM OF INFORMATION AND PROTECTION OF
PRIVACY ACT. Retrieved June 10, 2016, from
https://docs.google.com/document/d/1R-mXsnH9I_Frs00Ynhw9krMhtcW9-LJ5mGnsm4dZzLQ/
edit.
Freedom of Information and Protection of Privacy Act. (2016, June 22). Retrieved July 05, 2016,
from http://www.bclaws.ca/Recon/document/ID/freeside/96165_00
Freedom of Information and Protection of Privacy Act, R.S.O. 1990, c. F.31. (2016, April 19).
Retrieved July 05, 2016, from https://www.ontario.ca/laws/statute/90f31
Hengstler, J. (2013). A K-12 Primer for British Columbia Teachers Posting Students' Work Online.
Vancouver Island University. Retrieved June 10, 2016, from
http://etec.ctlt.ubc.ca/510wiki/images/2/2b/Primer_on_Posting_Minor_Students_Final.pdf
Hengstler, J. (2014, April 24). The Compliance Continuum: FIPPA & BC Public Educators.
Retrieved June 18, 2016, from
https://jhengstler.wordpress.com/2014/04/24/the-compliance-continuum-fippa-bc-public-educato
rs/
Kelly, A. E., & Seppälä, M. (2016, August). Changing Policies Concerning Student Privacy and
Ethics in Online Education. IJIET International Journal of Information and Education
Technology, 6(8), 652-655. doi:10.7763/ijiet.2016.v6.768
Newman, A. L. (2015, January 29). What the "right to be forgotten" means for privacy in a digital
age. Science, 347(6221), 507-508. doi:10.1126/science.aaa4603
Rigele, A., & Debbie, A. (2016, March). I Agree, but Do I Know? Privacy and Student Data.
Knowledge Quest, 44(4), 10-21. Retrieved from http://eric.ed.gov/?id=EJ1092205
Russom, M. B., Sloan, R. H., & Warner, R. (2011, December 6). Legal concepts meet technology.
Proceedings of the 2011 Workshop on Governance of Technology, Information, and Policies -
GTIP '11, 29-37. doi:10.1145/2076496.2076500
Running head: FIPPA and BCED 15
Schwartz, P. M., & Solove, D. J. (2011). Pii problem: Privacy and a new concept of personally
identifiable information, the. NYUL Rev., 8
6, 1814.