Susan Palmer reports:
An obscure state regulation — one that requires districts to keep student records for decades — is one reason several thousand Eugene School District students are at risk of having their Social Security numbers hijacked following a security breach of the district’s electronic records.
School districts must retain student records for 75 years, according to state administrative rules. And even though schools don’t require Social Security numbers to enroll students, once districts have the numbers, they can’t delete them, education officials said.
That means the Social Security numbers in school district electronic databases will be vulnerable for decades.
Read more in The Register-Guard.