In the wake of the Midland ISD breach where 14,000 current and former students’ information was on hard drive stolen from an administrator’s car, I asked:
Was the administrator violating any established policy or was there no policy in place that says, “Hey, dummy, don’t leave PII lying around?”
It turns out there really wasn’t any clear policy. Matt Rist reports:
There really was no specific policy in place about employees bringing sensitive data home.
[…]
We asked what guidelines were in place to take computerized records off campus.
Warren said a “network acceptable use” policy was in place.
CBS 7 took a closer look at the policy, which says nothing about these types of instances beyond “computer users are responsible for their individual accounts and should take all reasonable precautions to prevent others from being able to use them.”
The policy does not mention anything about hard drives or sensitive student data.
Warren says changes are on the way.
Read more on CBS7.