My wife and I homeschool, so we include our kids in a lot of extracurricular “stuff” to hopefully keep them well-rounded. One of the things my oldest son does is take a Lego engineering class at a small local school that caters to homeschoolers.
Last year, when we first signed up for the school, we found out that they published a report on the Web that listed the personal information (names of parents and kids, emails, street address, phone numbers, etc.) of all the families of the attendees. This was meant to be a resource for the attendees of the school, which is somewhat understandable since the homeschool community is fairly close knit. But when I saw that our info was included by default, AND that the report was secured by just a password, AND that password was emailed to everyone on the list, I kinda freaked a bit. So my wife sent out an email requesting that our info be pulled from the list.
I honestly expected a fight of some kind since I have seen small groups like this that just don’t get security and that a password just ain’t enough, but I was pleasantly surprised to find that they complied immediately with the request. All’s fixed, right? Well, it was for a few months. Now they are publishing a new list. But no big deal, right? We’ll just request to be removed again, right? Nope. Now they are acting as I expected them to last year. They are pushing back because, in their words, “they don’t have the time to reformat the report”. In fact, the email response in general was completely rude.
So I thought I would send off an email to them with a little bit of attitude of my own.
As to the matter of this directory, the last time the database was published, My wife and I were given the option of having our personal information deleted from the report. When we opted to be removed, there was no argument about whether or not anyone has the time to remove this information, and the request was acted upon quickly. So you can imagine our surprise when we received your reply when we asked to be removed again.
I understand that it takes time to format the report, and I understand that you are busy. But as a parent that pays tuition to your school, I fail to understand how this request can be so blatantly refused. In fact, I fail to understand why the information is needed by anyone outside of the staff at the school. If other parents have requested this information, then it should be provided on an opt-in basis, not by default.
While it may seem paranoid to you that we do not wish to have our personal information included in this database, I hope you understand our concern for privacy in this day and age. My career is in information security, so I know on a technical level how easily this type of report is compromised, and how the personal data can be misused.
Please remove our personal information from the report at your earliest convenience.
We’ll see what comes back.