Schools’ information system EKIS allowed anyone to read and download descriptions of children’s medical condition, behavioral problems and family relationships for years. The Ministry of Education and Research blames careless employees of educational institutions some of whom admit mistakes while others say making such mistakes is impossible.
“The student’s school attendance and classroom work participation are complicated by serious behavioral issues, limited ability to concentrate, emotional instability; the student is also having trouble maintaining friendships,” reads one description by a class teacher of a student who yelled during class and wrote “the teacher is stupid” on the chalkboard.
“This summer, a boy came to the kindergarten and said his mother had hit him and that he has backache. He had exhibited signs of physical punishment before. The kid has been living with his father since then,” a letter sent to the police about an orphan whose mother regained her parental rights in court reads.
“Fits of rage manifested in destroying school property and physically attacking (using feet, hands and head) the body and head of a teacher who intervened. It took the student 30-45 minutes to calm down,” a school psychologist described repeated tantrums of a student on their personal development card sent to the Rajaleidja counselling committee.
These are only a few examples among hundreds that came up when the author set about combing through the database after a few cases were highlighted.
The Estonian Schools Information System (EKIS) holds roughly 4-5 million entries entered since 2009. The system combines the document registers of more than 500 schools and kindergartens. This means that the total number of documents and identities of people improperly made public stretches into thousands at least. Sensitive information leaked from the document registers of around 50 institutions.
It was possible to monitor the progress of a child from one document to another over several years: from counselling program Rajaleidja’s recommendation to move them to the opportunity class to criminal charges of physical abuse.
Descriptions of close relatives of at least two very well-known persons could also be found on EKIS.
Chancellor of Justice, Ombudsman for Children Ülle Madise believes it is utterly unacceptable this kind of data was publicly available. “The situation needs to be resolved as quickly as possible. We need to find out how it was possible and what to do to make sure it would never happen again,” Madise told investigative journalism program “Radar”.
Local governments, Police and Border Guard Board, Innove Foundation, education ministry and hospitals that maintain similar information systems also said that public access to sensitive information cannot be allowed.
“The North Tallinn city district government does not comment on families handled by child protection officials or divulge any relevant information to the press or other unconcerned persons,” District Mayor Raimond Kaljulaid wrote in reply to an information request for a document that was registered in February 2016 and freely available in EKIS. Other data managers gave similar replies. Results of the press investigation landed on the desks of the ministry and the Estonian Data Protection Inspectorate on September 28. The investigation looked at 200,000 documents registered in EKIS in 2015-2018.
Ministry points finger at schools
The investigation found 107 school readiness assessments, 35 Rajaleidja counselling committee decisions, 18 data requests or descriptions for criminal proceedings, 17 social welfare department queries or replies etc. This does not include documents that merely mention a person’s name, place of residence, age, grade, marks or school and documents that included personal information of school employees.
“It seems we have a lot of work to do,” said Kadri Levand, senior inspector of the data protection inspectorate who brought supervision proceedings against system administrator the education ministry.
The ministry’s preliminary analysis suggests schools and kindergartens are to blame for the leak. “The cause of the data leak is failure on the part of users [of the database] to pay attention to public access settings when entering documents,” Secretary General Tea Varrak wrote to local governments on October 2.
The ministry’s position is lent credibility by the fact headmasters of several schools and kindergartens told “Radar” their employees had made mistakes in registering documents, including those entered back in 2015.
On the other hand, accidentally making documents public should not be possible in EKIS. The default publication setting in the system is “do not show in public interface”. To make a document fully visible, a user has to check a box to remove access restrictions. That is not all. The system also displays a warning: “The object will be made public. Press Cancel if you want to review data or OK to proceed.”
“That is not human error, it is deliberate action,” said Headmaster of the Randvere School Leelo Tiisvelt when demonstrating how a document is registered in EKIS. Leaked descriptions of the school’s students were among the most sensitive.
Tiisvelt said she very much doubts the school removed access restrictions when entering the data in 2016. She said that documents became public after EKIS received an update this September. “As head of a school, I would like to know how the system has been monitored. How can there be so many human errors the system did not pick up on?” Tiisvelt asked.
The position of the Randvere headmaster is supported by the fact delicate documents were only found in EKIS but not in municipal document registers that schools and kindergartens also use.
That said, Tiisvelt’s timeframe does not fit. The first freely accessible descriptions of students were found in January of this year and the data protection watchdog pointed to publicly available documents of two schools already back in 2015.
Documents with personal information of children can no longer be found in EKIS today while the system still does not meet public document registry requirements. Documents with no access restrictions need to be accessible through public registers while EKIS only includes metadata. “These proceedings will likely take a long time,” senior inspector Kadri Levand said.