Students begin this lesson by investigating some
of the world's biggest data
breaches to get a sense for how frequently data breaches happen
within companies and organizations,
and what kinds of data and information is lost or given up.
Afterwards, students will use the Data
Privacy Lab tool to investigate just how easily they could be
uniquely identified with a few
seemingly innocuous pieces of information. At the conclusion
of the lesson, students will research
themselves online to determine just how much someone
could learn about them by conducting the same
searches and "connecting the dots."
Students will be able to:
- Explain privacy concerns that arise through the mass collection of data
- Use online search tools to find and connect information about a person or topic of interest
- Explain how multiple sources of data can be combined in order to uncover new knowledge or information
- Analyze the personal privacy and security concerns that arise with any use of computational systems
While there are many potential benefits associated with the collection and
analysis of large amounts of data, these advances pose a constant risk to our collective security
and privacy. Large-scale data breaches mean that the details of our personal, professional, and
financial lives may be at risk. In order to prevent personal data from being linked to an
individual person, personally identifying information, such as name, address, or identification
number, is often removed from publicly available data. Nevertheless, through the use of
computational analysis it is often possible to "re-identify" individuals within data based on
seemingly innocuous information.
We need to help students acknowledge that as more of our lives is digitized, questions of security and
privacy become ever more prevalent.
Open the "Tool: Data Privacy Lab" resource and discuss it with students.
What kind of data is being lost? And how much? What kinds of issues could arise from this data
getting into the wrong hands? We've spent a lot of time looking at potential
benefits of collecting and analyzing data. There are some risks associated with collecting all of this information.
If it falls into the wrong hands or is used in ways we didn't intend, there may be serious risks
imposed on our privacy or security. The following activities are going to start looking more deeply at this problem.
In the data breaches that we just looked at,
some fairly important pieces of information
were stolen. Credit card numbers, passport information,
or government security clearances are
obviously not something we'd like to fall into the
wrong hands. Other pieces of information,
however, don't seem that bad. However, invite the students to think about
the information we usually share
without a second thought (ex. ZIP code,
Activity 1: Data Privacy Lab
- Open the "Tool: Data Privacy Lab" link under Resources.
- Students should type in their information
(birthday, ZIP code, and gender) to the "How unique are you?" section to
determine how many other people share those characteristics.
- In most instances, they will find that those
three pieces of information can
uniquely identify them.
- Ask them to think about: Why is it significant that you are one of
only a few people with your birthday,
gender, and ZIP code? What concerns does this raise?
Think about the following ideas and discuss:
we can be uniquely identified from just a few pieces of information.
Even information we would not normally consider to be
"sensitive" can still be used to identify us.
There are security and privacy concerns raised as a
result of most information about us being
- The discussion goal is to inform the students that there are security and privacy
issues that are raised, even when
small, seemingly unimportant pieces of information are
available online. Most of the time, we don't
actually think about what kinds of information are
available about us, or how someone might connect
the dots with that information.
Activity 2: Research Yourself
Open the Activity Guide - Research Yourself.
Students will work individually and will
need access to a computer and the Internet. The students will be
asked to research themselves online,
making note of any and all pieces of information they
are able to find. Some guidelines follow:
- 1: They should focus
their attention on information that is already publicly available (e.g.,
through a Google search, on the public pages of their school website,
a social network, etc.)
- 2: If students are
prevented from accessing some sites on the schools network, they should
still list information they know is publicly available elsewhere.
- 3. Students should
try to make connections between the data they find. "If I knew this about
me and that about me, then I'd also know..."
Activity: AP Practice - Identify the Data Concern
Ask the students to choose two responses below that would earn the
point as data storage, security, or privacy concern with justifications.
- Response A: Facial recognition technology stores data mapping a user's face, for example to unlock a phone. A privacy concern for this technology is that governments could force technology companies to turn over this data allowing them to passively and continuously monitor the movements of its citizens without their knowledge or consent.
- Response B: Software that tracks soccer player movements on the field can be used to generate new statistics that help value contributions of individual players. A data concern is that this information may be used to justify getting rid of less productive players.
- Response C: Social networks allow users to share vast amounts of private information about their lives. A security concern of this technology is that this publicly available data may enable stalkers or other criminals to identify potential targets.
- Response D: Self-driving vehicles store vast amounts of information about their location and the world around them. A data concern for the trucking industry is that all of this information could be coordinated to make trucks more efficient causing many people who drive trucks for a living to lose their jobs.
Use the following scoring guide to assess the students
Discussion question for the students: Share your feelings with the teacher and other
students if possible. What
information were you able to find about yourself? Were you
able to make connections in the
data you collected to figure out anything else? Were you
concerned about anything you were able
Ask the students to consider the following scenario:
In order to dampen the effect of a potential data breach or accidental release of records, a health care company has decided to remove a lot of personally identifiable information in its health records, like names, phone numbers and so on. In its place, along with all medical information, they plan to store ONLY the gender, age, and zip code of the patient.
Then answer the following:
Is this health care company doing enough to protect the personal information of patients? If yes, explain why this is the best they can do. If no, explain what they should do instead. (Limit the response to a few sentences).
- The students may want to check out Chapter 2 of
the book "Blown to Bits," which goes
into some depth about issues and concerns with data and
privacy. In particular, pages 32-35 are
related to this lesson.
- Link to the book "Blown to Bits"
- It takes a bit more reading but the Data
Privacy Lab project out of Harvard
has another fascinating (and scary) project called The
Data Map. The students could take a lot of the
information there for more rigorous research into
how data can be used to identify people.
- Computer Science Principles: 3.2.2 (D)
- Computer Science Principles: 3.3.1 (B, F)
- Computer Science Principles: 7.3.1 (G, J, K, L)