Audit: Sensitive student information released in 5,500 transactions
SALT LAKE CITY — State auditors recently found reasons to praise education administrators for the transparency, accuracy and reliability of financial reporting in public schools.
But in the process of looking through school transparency data reported on Utah's public finance website, auditors "stumbled across" a trend that concerned them, according to performance audit supervisor Chris Otto.
Since 2009, 39 school districts and charters released personally identifiable student information in more than 5,500 transactions, according to the audit released Wednesday by the Office of the Utah State Auditor.
Most of those transactions linked with student names contained information on academic services, testing, medical services, special education and legal information. When the trend appeared to be "widespread," auditors expanded the original scope of their report to address the problem, Otto said.
"That was identified and kind of turned some heads," he said. "We certainly didn't start out looking for that."
Auditors informed the Utah State Office of Education, which then contacted the website administrators and schools that were affected to remove the information, according to Brad Smith, state superintendent of public instruction.
Smith said some of the disclosures were due to practices in how reporting was regularly handled, and others appear to be clerical errors and less widespread.
"We were able to identify some systemic issues that were allowing that to occur," Smith said. "To the extent there was an inadvertent disclosure, it has been corrected and is no longer occurring. And going forward, I believe each district has a process in place to avoid it repeating."
The 39 districts and charters involved were not identified in the report, but Smith said they are responsible for reaching out to students and families that may have been affected.
The audit states that the problem could likely be more prevalent than the 5,500 transactions that were found with sensitive student data given the frequency of some first and last names, as well as other factors that limit auditors' ability to verify all potential disclosures. Overall, about 27 million transactions on the state website were reviewed.
Smith said the 5,500 transactions and even other potential disclosures would be "a needle in the haystack" given the large amount of data that is reported. It illustrates a difficult balance administrators have to strike between student privacy and public transparency, but the disclosure of sensitive student information is an issue they take seriously, he said.
"(The report) is a good, timely reminder that we need to be careful stewards of student data, and when we have Audit: Sensitive student information released in 5,500 transactions | Deseret News:
