Seventeen-year-old Jordan Shiffler felt exposed. There was his unsmiling face on a school-related Internet site. His date of birth, home phone number and address. His SAT scores, grade-point average and class rank.
The Riverside County teenager was ribbed by classmates about his test scores and, with his life out there for the world to see, Shiffler and his parents feared the site might attract identity thieves, sexual predators, stalkers, child abductors or killers who troll the World Wide Web for prey.
“I was embarrassed, then I was mad,” Jordan said as he sat at the kitchen table, staring at the golf course beyond his parents’ backyard. Like other kids in the southwestern part of the county, he grew up with a golf club in hand, near green, manicured fairways. “I started to get headaches,” Jordan said. “I got depressed.”
His father, Dale Shiffler, said he “just went bonkers” when he saw the Web site. A salesman and computer consultant, he knows about the Internet’s dark side.
The Shiffler family filed a complaint with the U.S. Department of Education. The confidential information was posted on the Internet last year by a golf coach at Paloma Valley High School in Menifee without their authorization, the Shifflers said. Information about the other team members also was on the site.
Principal Carl Phillips did not return phone calls seeking comment. Through an attorney, Perris Union High School District Supt. Dennis Murray declined to comment on the case, citing student confidentiality rights. The Department of Education is still investigating the Shifflers’ complaint.
Privacy-rights advocates have latched onto the cause, warning schools and parents that the Shiffler incident foreshadows a flurry of similar cases in schools nationwide, particularly as technology becomes faster, easier and more commonplace.
The Shiffler case “is a wake-up call,” said Catherine McCarthy, an education project counsel with Privacy Rights Clearinghouse, a San Diego-based nonprofit consumer advocacy group. “The Internet can be a scary and dangerous place.”
The Department of Education receives an estimated 1,000 complaints about possible student-privacy violations a year. However, the agency does not have specific tallies on how many of those are Internet-related. But by all accounts, there is growing concern about breaches of student privacy online.
Under federal law, schools can release student information such as names, phone numbers and addresses unless parents or guardians object. But parents or guardians don’t have to take any steps to protect academic or disciplinary records, which can be released only with written parental consent or a court order.
Privacy-rights advocates argue that in most districts, many parents -- inundated with school forms littered with bureaucratic jargon -- miss the distinction. “It’s easy to do,” McCarthy said, “especially in today’s busy life.”
Schools Face Penalties
Districts that violate student-privacy laws risk losing federal funds.
A Department of Education report released in March found that the 6,776-student Perris school district “was not in compliance” with the federal law in handling the Shiffler case.
No school district has lost money under the privacy law, said Jim Bradshaw, a U.S. Department of Education spokesman. Most administrators are eager to comply, he added.
A DOE spokesman would not comment on the Shiffler case because it remains open.
In press accounts and federal documents, Perris school officials have acknowledged the impropriety of the golf team’s Web site. They also said they have a policy prohibiting the release of personal information about students and employees.
Officials noted that Coach Tim Daniel created the Web page without district approval. His page was not part of the authorized school site but was linked to it.
No one is certain how long the Web site was online, but Perris officials said that within hours of learning that the site contained personal student information they removed the link from their site and Daniels closed his site. Daniels was also suspended with pay for four days.
Daniel is the first to admit he made a mistake. He had a friend create the Web site to promote student golfers to college recruiters. It simply did not occur to him to ask that personal information be withheld, he said.
“It was an honest error, an honest mistake,” said Daniel, who has access to his teams’ information to ensure that players meet academic requirements. “One of my best qualities is that I care about the kids. I want to help them get to college.”
The Web site contained confidential information on at least eight other teammates, but few parents complained. "[Daniel] did not do it on purpose,” said Ricardo Falero, whose son was also on the golf page.
“There’s nothing worse than punishing someone who was trying to help,” he said. “He loves the kids. He goes out of his way for them.”
Parents went to the school district to demand Daniel’s reinstatement. They told officials they had encouraged Daniel to create a Web site. Many said releasing the information was a minor offense. Some suggested that Dale Shiffler overreacted.
Privacy-rights experts beg to differ.
“If that had happened to my kid, I’d be very upset,” said Mari Frank, an attorney, author of the “Identity Theft Survival Kit,” and a victim of identity theft who helped push for the 1999 state law that cracked down on the crime. “Nowadays, with all these crazies around, and all this data out there, it’s not paranoid to be concerned.”
Identity fraud is the fastest-growing financial crime in the nation, according to the Federal Trade Commission. It documented 161,819 complaints last year, nearly double the number in 2001.
With a person’s date of birth, and for as little as $25, experts said, con artists can find an information broker on the Internet and get a Social Security number or a mother’s maiden name. They can assume an identity, obtain credit cards and run up debt. They can buy houses and cars and deplete bank accounts, potentially ruining the victim’s credit for years.
Con artists can use a student’s grade point average and academic record to get a job or into college. They can scan a photo off the Internet and create a fake identification card, privacy-rights experts said.
The National Center for Missing and Exploited Children discourages posting personal tidbits or photos on the Internet, warning that it can be used by abductors, sexual predators and stalkers.
“You wouldn’t put a sign in front of your house with all that information,” said Ruben Rodriguez, a director at the nonprofit in Alexandria, Va. “That’s essentially what you’re doing when you put it out on the Internet. You’re inviting the world into your house.”
Dale Shiffler, who notified credit agencies to put a fraud alert on Jordan’s records, said he doubts he’ll sue the school district. Legal experts said it would be hard to prove that Jordan Shiffler suffered damage.
The Shiffler family said they want to prevent such a mishap from happening to other students.
They hope to testify before legislators considering tougher laws on privacy.
For instance, U.S. Sen. Dianne Feinstein (D-Calif.) has introduced four bills calling for increased penalties for identity thieves and restricted access to credit card and Social Security numbers.
Dale Shiffler said he supports tougher legislation on privacy rights.
“This is a new frontier,” he said. “People aren’t aware how easily information can get out to the public.”
‘A Lot of Depression’
“Fighting” the school district for the last year -- and dealing with cold shoulders from those who believe the Shifflers have made too big a deal -- caused “a lot of depression around [here], a lot of bad days,” Dale Shiffler said. “But I would do it again.”
So would Jordan Shiffler, now 18 and attending a nearby community college. He said his friends on the golf team sided with the coach. He felt ignored, ostracized and discouraged about how school officials handled the case.
“They cared more about themselves,” Jordan Shiffler said. “There were a lot of down days around here. It’s funny how things get twisted, how life works out.”