DOB is not shared or displayed but is 'account glue'
When rosters are submitted several types of errors occur in the data provided by schools. For every 100 students, two or three will have names spelled incorrectly. Siblings and common names can get scrambled. Many schools provide student email addresses that contain only numbers and do not feature any part of the student name. When names are misspelt, it is also very likely that the email addresses sent to us will also be wrong.
Those of us concerned with protecting privacy and preventing identity theft tend to worry about a bad actor gaining access to account records 'in bulk.' It would be awful to have such data stolen from us, but a few things make our account data much less valuable and less useful than the copy held at your school. To start with, we don't have any family data, no payment information, no national ID numbers, no tax identifiers, no health records, no educational records, no assessment scores, no home addresses, and no emergency contacts. Any pipe can spring a leak, but ours could only be a trickle and the data we have is a low value target as a result.
Another type of privacy violation is possible when a student gains access to another student's account. This can happen innocently and accidentally during account maintenance if fixes are requested to a student's name or email address, or if a returning student's information changes from the previous registration.
We request date of birth (DOB) only as a way to verify student account ownership. It's not a perfect solution, but when we can match the DOB between the original record in our system and the update submitted by the school, this can help us confirm that we are editing the correct record. If we don't have a match the situation warrants investigation. We know how painful and stressful it would be in the classroom for a student to access another's kanban so we are doing what we can to keep that from happening.