In December, a vendor of a special education database mistakenly released personal information about about 160 Austin students to people other than the children's parents or guardians, according to documents obtained by the Statesman.
The issue was resolved within 24 hours, and the 74,000-student district and the company responsible for the database declared it a mistake that was highly unlikely to happen again. Austin School District officials cited incorrect information in a Jan. 5 memo to the Texas Education Agency as part of an update to the state regarding remediation orders for the district's chronic backlog of special education evaluations. Documented disclosure.
more:'A hard pill to swallow': AISD accepts TEA's special education proposal.avoid maintainers
The report details a Dec. 16 update to the system for processing special education reports that resulted in a coding error. According to the TEA report, the bug “altered notification settings and sent notifications and signature requests to non-parental contacts listed in the EasyIEP.” EasyIEP is a product of Public Consulting Group, which manages the Austin area's special education data platform.
The company did not respond to several requests for comment from the Statesman.
The district said the notices included links to documents containing the student's most recent record of special education and 504 plans, which identify and adjust a child's learning environment.
According to the school district, the system sent the notification on Dec. 16 around 11 p.m.
According to the district, district staff learned of the reported issue on Dec. 16 around 3:20 p.m., immediately contacted the vendor, Public Consulting Group, and had the link disabled by about 30 minutes later. That's what it means.
The system incorrectly sent links to people parents had identified as secondary emergency contacts, the district said.
“In many cases, these contacts may have had an educational right to review the information,” the district said in a statement. “In some cases, it could have been a neighbor or a grandparent, for example. It all depends on who the parent or guardian has listed as an emergency contact.”
Approximately 160 student records were opened by someone who was not the child's parent or guardian, according to a report to the TEA.
The school district sent a letter to parents alerting them to the incident.
“We recognize the seriousness of this issue and how important it is to build and maintain trust in our system,” the district said in the letter. “We continue to work closely with our vendors to ensure additional precautions, reviews and data validation are in place.”
The company also planned to review the system's update and notification processes to prevent the problem from happening again, according to an FAQ the district provided to parents.
According to the contract, Public Consulting Group has been working with the district on data management and reporting for special education students since December 2020.
Under a special education improvement order agreed to with the state, districts must improve their data monitoring systems to better track students' special education plans.
Public Consulting Group is a public sector management consulting and operations company with an education division.
The school district also planned to report the incident to the TEA.