My sense is time and again parents are shocked and surprised when it happens - and simply presume that there must be some standard or law that offers them protection, when none exists.

Having said that, school systems (and other SLTT entites) have not been shy at seeking immunity from liability from their state legislatures. I'm not aware of a different 'powerful lobby' at work here.

Our tax dollars fund the school board attorneys and those who protect the interests of the districts and vendors -- not the parents, teachers, and students.

What a country.... ugh.

The notion that cybersecurity risk management is a wholly discretionary activity for K-12 school systems is the root issue here IMHO.

Yet, a K-12 cybersecurity standard of practice remains on the back burner due to a lack of broader public awareness of the issue and the lack of political will to deal with the costs of compliance.

I find college-student trust heuristics fascinating and don't pretend to have an accurate mental model of them.

"I trust an office if I've talked with an actual person from it" seems to be one tenet. I think it explains the Data Doubles survey finding that students do NOT trust librarians with their data -- they mostly haven't met any librarians.

IME students in higher ed operate under the same assumption. "Of COURSE my school protects my data well and doesn't exploit it!"

I've asked them why they believe this. They never have an evidence-based answer.

Yeah, we were a bit at it as well, especially given libraries' historical privacy commitments.

(Which we are very, very bad at communicating, for one thing, and aren't totally living up to, for another.)

But it was a strong finding: https://scholarworks.iupui.edu/server/api/core/bitstreams/5bcd839c-9fff-4f87-a43c-46a4fbe71391/content bottom of p 161

@dsalo
"Much of this research is reaching publication despite not employing best practices nor documenting respect for human-subjects research ethics, library-specific privacy and confidentiality ethics, and student data-privacy expectations."

😦 Well, that certainly cuts to the chase...

@dsalo
My generation (the Older Than Dirt Gang) grew up trusting librarians to protect our reading privacy and the First Amendment.

But now that so many kids don't want to hold actual books in their hands to enjoy, I can almost understand why they don't really appreciate how librarians and booksellers are great defenders and heroes.

weeeeeeeellllllllll we can be but sometimes also we're not.

I have a postprint just out about "sometimes we're not:" https://minds.wisconsin.edu/bitstream/handle/1793/85141/LLADataEthics_JLSC_4OA.pdf?sequence=1&isAllowed=y

Yup. Attach that to "it's assessment/QA so it doesn't need ethics review!" and you end up in very dark places very quickly.

I have the start of a theory/policy piece about this complex of fail; I was waiting to go further on it until the FuckLVA piece came out.

But you can see a bit of my thinking in my Library Publishing Forum keynote from last year, e.g. https://speakerdeck.com/dsalo/she-cant-say-that-can-she?slide=28

She can't say that, can she? (with notes)

Given for the Library Publishing Forum, 8 May 2023.

^{Speaker Deck}