Is Prepping for the SAT Putting Your Children’s Personal Information in the Wrong Hands?

(Huffington Post) by Rob Sawicki

 

“We all have memories of high school. Most of them, like the time spent with our friends, are great memories that we will always cherish. However, other memories, like the stress of taking the SAT’s, are ones we try not to think about. In fact, just thinking about it now makes me sweat.

Being a teenager is stressful enough, but the idea that so much of your future depends on this one test is beyond nerve wracking. That is why so many parents try to help by paying for their kids to take test prep courses, so they will walk in on test day feeling prepared.

You probably have heard of the Princeton Review, one of the most popular SAT test prep services, and Tutor.com, which is a site where students can hire tutors. What you may not know is that they are owned by the Match Group, a network of dating and hookup sites that includes Tinder, OKCupid, Chemistry.com, FriendScout24, Plenty of Fish and Match.

The Match Group of dating sites has built a vast and growing online dating empire by effectively using personal and behavioral data to not only drive its marketing, but also to pair its users for successful dates. All of this mass collection of data is critical to driving the company’s revenue.

So, how problematic is it that a service collects personal information from high school-aged students preparing for the SAT’s is also owned by the company that uses personal information for dating sites? As a parent, I find the answer to this question quite troubling.

The fact is, very little regulation exists to protect student data from being transferred wholesale from one company to another under the umbrella of The Match Group. Thousands of students who have used Princeton Review’s test prep service are vulnerable to having their private data transferred to Tinder, Match.com, and other dating sites.

For a company built on mining personal data for marketing purposes, what are two education services that are generally geared for high school students doing in the mix? How are student interests being protected?

A look at Princeton Review’s privacy policy is not comforting:

We may from time to time ask you for Personal Information, and we may collect certain information from your computer each time you visit our Site. “Personal Information” means personally identifiable information and includes, for example, your name; street address; e-mail address; SMS or text message address; phone number; credit card and other payment information; information that you choose to provide regarding your academic and extracurricular activities and interests that may identify you; and/or other information that may identify you as an individual or allow online contact with you.

The policy also places the burden “to opt-out of having your Personal Information shared with third parties” on the user.

If Match’s own privacy policy allows it to use the data of high school students using the Princeton Review to its dating and hookup sites, who is going to step up and stop this from happening?

How Match chooses to use this data isn’t the only issue. Online dating sites are popular targets for hackers to steal unsuspecting users’ personal information. In fact, in its IPO filings to the Securities and Exchange Commission in October, Match admitted its dating sites are frequently targeted for hacks and can’t guarantee that users’ personal information can be safeguarded:

“We are frequently under attack by perpetrators of random or targeted malicious technology-related events, such as cyber attacks, computer viruses, worms or other destructive or disruptive software or distributed denial of service attacks,” the company writes. “While we have invested heavily in the protection of our systems … there can be no assurance that our efforts will prevent significant breaches in our systems or other such events from occurring.”

The filings go on to say that it isn’t just Match’s systems that are at risk of attack — but also the systems of outside, third-party vendors that store user’s personal data on their own servers. If hackers went after these companies, the filings acknowledge, they could potentially expose the personal data, payment information and site history of millions of users.

It is not enough to just trust that Match will not use the data of students inappropriately. It is also clear they do not have the safeguards in place to protect personal information from falling into the hands of hackers. If Match won’t come forward and not only pledge to build a wall between the data collected by the Princeton Review and its dating sites, then parents, regulators and even legislators must step up the pressure.

As a parent, I would not want my children’s personal information to be exploited by dating and hookup sites, merely because they used a service to help them prepare for one of the most stressful days of their lives. Nor would I want it vulnerable to being hacked. Our children deserve better.”