For the second time in as many years, the Virginia Department of Behavioral Health and Developmental Services (VDBHDS) has breached the privacy of children.
According to WTVR, VDBHDS said it is,
. . . investigating after technical issues halted applications for a program that provides financial help to families with developmentally disabled loved ones.
WTVR stated it was made aware of the breaches by people who contacted the news organization and said,
. . . they had submitted applications, but when they received confirmation emails and double-checked the information they found the application and personal information of other people.
Thursday, October 7, 2021, VDBHDS posted information on Facebook about problems with the portal, but by then the damage was already done.
Virginia Has a History of Breaching the Privacy of Children
October 6, 2021, just one day before the VDBHDS breach, the Virginia Department of Education (VDOE) announced that it is opening an investigation into Fairfax County Public Schools (FCPS), focused on systemic privacy violations. See: Virginia Department of Education to Investigate Fairfax County Public Schools for Systemic Privacy Violations
FCPS has been breaching the privacy of children for years. However, VDOE refused to open such an investigation previously — even after it was provided the internal FCPS document “Hot Topics”, in which FCPS stated:
“Confidentiality of student records is a significant concern across the division.”
September 27, 2021, Debra Tisler and I filed another complaint with VDOE and made it aware that FCPS was again at fault for breaching the privacy of students.
It wasn’t until after FCPS took legal action against us — and after news stories started breaking about FCPS’s newest breach and its legal actions toward us — that VDOE announced it would open the investigation. See: Fairfax County Public Schools Threatens Legal Action Against Parents Who Exercised Their First Amendment Rights And Right To FOIA
Virginia Leadership Knows, but the Status Quo Remains the Same
VDOE itself is at fault for breaching the privacy of children in the past. Its own FOIA office provided me unredacted, personally identifiable information about children who were the focus of past due process hearings. Hence, VDOE has long been well-aware of the existence of confidentiality problems under its own roof, to include all the local education agencies (LEA) over which it is supposed to have supervisory responsibilities.
Although Governor Ralph Northam’s, Senator Mark Warner’s, and Senator Tim Kaine’s offices, were all made aware of the continued breaches within Virginia and VDOE’s past refusals to investigate, the problems remained, the breaches continued.
In June of 2020, the U.S. Department of Education’s (USDOE) Office of Special Education Program (OSEP) issued a Differentiated Monitoring and Support (DMS) report about VDOE. In its DMS report, OSEP called VDOE out on its failures to investigate noncompliance that falls “outside of formal dispute resolution procedures”. In addition, OSEP stated:
Completely ignoring credible allegations of noncompliance is not a reasonable method of exercising the State’s general supervisory responsibilities.
The VDOE has a history of ruling in favor of the local school districts. Given the national attention this last breach has received, it will it be especially interesting to see which way VDOE goes in its letter of findings.
Given the upcoming election in Virginia, perhaps those running can commit to stopping these breaches — and ensuring that VDOE and all the local school districts remain in compliance with the Individuals with Disabilities Education Act (IDEA).
Please join me in asking that the privacy of our children — in addition to the education of our children — be made a priority.
(Hat tip to Debra Tisler for bringing the VDBHDS breach to my attention.)