Zachary Reid reports:
Richmond school officials are conducting an intensive internal investigation of student records after a School Board member shared confidential information about at least 20 students with a vendor that provides mental health services.
Tichi L. Pinkney Eppes, of the 9th District, publicly apologized a day after her colleagues were told about the breach, but they weren’t quick to offer forgiveness.
[…]
During a closed session at the end of its Monday work session, the board learned that on Sept. 10, a vendor tried to access an electronic file assigned to Eppes that contained the names of 20 students with discipline issues. Each name included a link that led to records for each of those students.
When the vendor didn’t know the password, it triggered a security feature in the school computer system that alerted officials about a possible breach.
“We can confirm that our security protocol worked,” Larson said. “But human things, we can’t control. We can’t guard against me giving you my password. … We don’t know beyond this what might have been shared.”
Read more on Times-Dispatch. It’s not clear to me from any of the coverage I’ve read what the board member’s intentions really were, nor why she would ever be willing to share any student’s records with a vendor. That does not strike me as being within the discretion of a school board member.