Several years ago, I wrote to the NYC Comptroller’s Office and asked them to re-audit the NYC Department of Education on information technology/data security. To my knowledge, they haven’t done so.
If you are a parent of a student in the NYC schools, this should concern you because the previous audit and two re-audits showed pretty dismal data security.
Here is the first page of the 2004 re-audit that explains the background and gives an overview of the findings, below. I’ll meet you on the other side.
Scary, isn’t it? And the second page and balance of the report is even scarier.
You can read the full report on the Comptroller’s web site (pdf, 29 pp.)
So what has happened since 2004? Why hasn’t the city gone back and ensured that students’ personal and sensitive information is being adequately secured?
As best I can tell, other than the 2013 SESIS audit, which is (only) for the DOE’s Special Education Student Information System (and which also found data security issues), there has been no audit or independent assessment as to whether the DOE is keeping your child’s personal and sensitive information secure.
If you are concerned, you can use a form on the Comptroller’s site to suggest that they audit/re-audit the Dept. of Education for data security of students’ personal and sensitive information. I’d encourage you to do so.