HF0101 SF1118 is in Education Committee at position 8.
Essays
Essay
Iaong Yang
Camden High School, Minneapolis, MN
IB HL Global Politics Yr1
Brionna Harder
November 25, 2025
Bill HF0101
There have been quite a few cases where schools have used parent contact information as a public directory without parents or students permission. This could cause unwanted attention to families and even potentially stalking. Not only that, but this also doesn’t let parents or students use their rights to speak up for themselves. All legislators should vote yes on HF0101 because the purpose of this bill is to prohibit schools from leaking parent’s contact information to the public and from it being used as a directory. It’s to keep parents' contact information confidential while also making school a safer environment for everyone. My bill also gives parents and their children the opportunity to give consent about what they want. This makes it safer for parents and their children to feel more comfortable knowing that their personal information will be protected, and will not be used as a public directory unless given permission.
There’s been about 2,691 data breaches in educational institutions between the years 2005 to 2022, PowerSchool being one of them (PowerSchool data breach, 2025). PowerSchool was hit by a cyberattack on January 7th, due to a hacker stealing the credentials to get access to the customers support portal. According to reports, the hacker downloaded lots of personal information, including names, addresses, social security numbers, grades, and possibly medical records. However, PowerSchool said they paid a ransom to prevent the stolen data from being leaked and even received a video from a threat actor claiming to delete the data (PowerSchool data breach, 2025). But these actions resulted in angering many parents, teachers, and school administrators who spoke about the breach. This data breach ended up affecting around 62 million students and 10 million teachers.
According to NBC News they have collected and analyzed school files from hacker sites and found out it was personal information of children (Collier, 2021). In 2021, ransomware gangs leaked data from more than 1,200 American K-12 schools (Collier, 2021). When school resumed, parents had little recourse when their children’s personal information would be leaked. Parents were anxious as the information leaked about their children included medical conditions, family financial statuses, SSN’s, their birthday, etc. With all of this going on it makes public school systems even less equipped to protect their students' data from hackers. “‘I think it’s pretty clear right now they’re not paying enough attention to how to ensure that data is secure, and I think everyone is at wits’ end about what to do when it’s exposed,’” Levin said, the director of K12 Security Information Exchange, a non-profit organization helping protect schools from cyberthreats (Collier, 2021, p.7). Experts say that schools have always been a target for hackers that steal people’s data. Hackers would then sell it to identity thieves and on illegal websites. But even through all of this, schools aren’t really sure of what to do when their students' information is stolen.
These security breaches have affected many schools. With over 1,600 publicly disclosed cyberattacks from 2016 to 2022. As well as being the fifth most target industry in the United States. Thus why it is so important to implement preventive measures and protocols, as well as data encryption, strong password protection, cybersecurity training, and lastly incident response plans (Christ, 2025). There are five parts to why data breaches are so common in school. The first one is the lack of cybersecurity training. Around 44% of schools don’t offer cybersecurity training to their staff and administrators, and because of that educators aren’t sure of how to not only protect themselves but also their students from cyberattacks. However, learning cybersecurity will reduce the vulnerability of educators from phishing scams and less likely to click abnormal links. The second reason is possession of valuable data. Schools hold tons of data of their students and their staff, such as names, birthdays, and home addresses. Although this may not seem as important as other information like your SSN, hackers could use this information to impersonate you or someone you may know. Making it easier for others to fall for scams increasing data breaches as they may think it is a reliable link. The third reason is reliance on virtual platforms. Schools rely heavily on technology to grade work, administrative processes, email communications, and feedback collection. Technology plays a big role in the world and although it has a lot of benefits it also has a lot of disadvantages. Educational networks hold many systems, devices, online programs, and applications making it hard to keep track of it all but even more harder without proper security protocols and up-to-date software (Christ, 2025). The fourth reason is limited resources. Not every school gets the same amount of resources, so some schools are able to get cyber security however not so many can either. This could lead to inadequate security systems, outdated software, and undertrained personnel resulting in schools falling more for cyberattacks (Christ, 2025). The average school spends less than 8% of its budget on cyber security and nearly 40% of K-12 schools don’t have a cyber security response plan in case something were to happen to their database (Christ, 2025). The final reason that makes data breaches so common in schools is a wide playing field. Meaning that because there’s so many people in one area it's hard to know who’s really in charge of the cyberattack. Educators with no proper cyber security training may share sensitive credentials without knowing. A student that advances in technology could infiltrate the school system, either trying to cheat or cause disruption. Third-party vendors could also be in charge of leaking data either on purpose or on accident. Then there are cybercriminals that exploit weak school computer networks to steal data or funds.
My bill can help solve these problems because it prohibits parent contact information from being used as a public directory. Its importance is also to protect the privacy of parents and families. With so much information being exposed, my bill specifically requests that educational agencies and institutions must share student personal or parents contact information whether it is private or public to the Minnesota Department of Education, for federal reporting purposes, as it is required. To keep track of the family's information in case anything were to happen to it. Educational agencies and institutions are also not allowed to designate a student or parent’s home address, phone number, email address, or any other personal information given to the educational agency or institution as directory information unless given permission to do so. These examples show how serious this issue is, and how little these databases are secured. With all these schools holding this much confidential information, it’s really important to have strong security to protect it from cybercriminals, but also to protect the privacy of families.
Many schools are getting their databases breached or potentially releasing it themselves, there’s really no way of knowing. However a lot of information has been getting leaked and it’s a serious issue because if it were to get in the hands of cybercriminals, they would have a lot of access to confidential information and could potentially sell it on the dark web. My bill would be able to help this because it prohibits schools from using parents' contact information as a public directory. Gives parents and students the ability to say what information they would or wouldn’t want to be used as a public directory. Also it is now required for educational agencies and institutions to report to the Minnesota Department of Education when using a student or parents information for a public directory. Finally, I ask that you other legislators support my bill as it will help protect families and make school security tighter for the sake of our future generations so that they could keep learning to help make new bills that will benefit all of us.
References
CMIT Solutions. (January 8th, 2025). PowerSchool data breach: What parents and students need to know. Accessed on 11/20/25. PowerSchool data breach: What parents and students need to know. Date Accessed November
Kevin Collier. (September 10, 2021). Hackers are leaking children’s data - and there’s little parents can do. Accessed on 11/24/25. https://www.nbcnews.com/tech/security/hackers-are-leaking-childrens-data-s-little-parents-can-rcna1926 Date Accessed November
Bryan Christ. (June 11, 2025). The Impact of Security Breaches on Educational Institutions. Accessed on 11/24/25. https://www.idsalliance.org/blog/the-impact-of-security-breaches-on-educational-institutions/ Date Accessed