DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

NV: School district denies illegal record disposal accusation

Posted on May 28, 2010 by Dissent

Stephanie Carroll reports:

The Churchill County School District denied that student records are being disposed illegally, an allegation made recently by information protection professional Tom Considine during his radio show “Who Complys.”

Considine said CCSD employees contacted him last year asking about proper disposal of student records, claiming the district dumps special education and psychological files. Considine said this could be an extremely risky procedure because schools are targeted five times more for identify theft because students may not learn about it until years later.

He added there have been cases beyond Churchill County where dumped records were blown into a town after a wind storm. Plus, he said it is illegal.

“It is my belief these records fall under the Health Insurance Portability and Accountability Act (HIPAA),” Considine said. “Because these records may be covered under HIPAA, the fines for illegal dumping are $1.5 million per incident. All other forms of student records are also protected under various state and federal laws. Either way, should the school district suffer a breach of security, the costs involved with correcting the situation are immense.”

Read more in Lahontan Valley News.

Thanks to the reader who sent in this link.

With all due respect to Tom, I don’t think the records are covered under HIPAA as FERPA applies to health-related records maintained by a public school that is subject to FERPA and HIPAA only applies to HIPAA covered entities. A psychological report on a student is an education record. If the psychological file is the psychologist’s records of treatment sessions provided to the student in school, then it is a treatment record, and not an education record, but that doesn’t put it under HIPAA if the school isn’t a HIPAA covered entity as defined by HIPAA. For more on the intersection of FERPA and HIPAA, see the joint guidance (pdf) published by the Department of Education and Health and Human Services.

Related posts:

  • Kept in the Dark — Meet the Hired Guns Who Make Sure School Cyberattacks Stay Hidden
Category: Breach IncidentsCommentaries and AnalysesEducation SectorExposurePaperU.S.

Post navigation

← Poll: Canadian businesses unconcerned about privacy breach risk
Missing records on stolen laptop from Cincinnati Children's Hospital →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Integrated Oncology Network victim of phishing attack; multiple locations affected (2)
  • HHS’ Office for Civil Rights Settles HIPAA Privacy and Security Rule Investigation with Deer Oaks Behavioral Health for $225k and a Corrective Action Plan
  • HB1127 Explained: North Dakota’s New InfoSec Requirements for Financial Corporations
  • Credit reports among personal data of 190,000 breached, put for sale on Dark Web; IT vendor fined
  • Five youths arrested on suspicion of phishing
  • Russia Jailed Hacker Who Worked for Ukrainian Intelligence to Launch Cyberattacks on Critical Infrastructure
  • Kentfield Hospital victim of cyberattack by World Leaks, patient data involved
  • India’s Max Financial says hacker accessed customer data from its insurance unit
  • Brazil’s central bank service provider hacked, $140M stolen
  • Iranian and Pro-Regime Cyberattacks Against Americans (2011-Present)

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • On July 7, Gemini AI will access your WhatsApp and more. Learn how to disable it on Android.
  • German court awards Facebook user €5,000 for data protection violations
  • Record-Breaking $1.55M CCPA Settlement Against Health Information Website Publisher
  • Ninth Circuit Reviews Website Tracking Class Actions and the Reach of California’s Privacy Law
  • US healthcare offshoring: Navigating patient data privacy laws and regulations
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
  • Google Trackers: What You Can Actually Escape And What You Can’t

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.