DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Mississippi Public School Districts May Not Be Ready to Comply with New Statewide Cybersecurity Requirements

Posted on February 6, 2020 by Dissent

Adam V. Griffin and James A. Keith of Adams and Reese LLP explain:

The Mississippi Department of Education (MDE) is seeking public comment on a proposed rule pertaining to cybersecurity that will require Mississippi public school districts to take substantial actions to prepare. The rule would require each district to:

  • Implement 22 enumerated policies related to the privacy and security of data
  • Give written notification to MDE of any cyber incident or violation of state or federal security or privacy laws and regulations within 24 hours of the district becoming aware of the incident, breach, or violation
  • Cooperate with MDE in investigating incidents, including sharing with MDE any post-incident reports

The Proposed Rule

MDE recently posted the APA notice below:

Administrative Procedures Act (APA) Notice

Office of Technology and Strategic Services Mississippi Seeks Public Comment on State Board Policy Chapter 55, Rule 55.1, Office of Technology and Strategic Services

On January 16, 2020, the State Board of Education (SBE) granted approval to begin the Administrative Procedures Act (APA) process to revise the following Policy:

§  Miss. Admin. Code 7-3:55.1, State Board Policy Chapter 55, Rule 55.1

The proposed revision will provide guidance to the MDE regarding its operational responsibilities as it relates to Data Governance, Security, and Privacy, and the role of the Office of Technology and Strategic Services (OTSS) in meeting those operational responsibilities. The proposed revision will further provide guidance to OTSS regarding its role is supporting Local Educational Agencies as they address their local Data Governance, Security, and Privacy responsibilities. Please submit written comments to John Kraman, Chief Information Officer, Office of Technology and Strategic Services, via email at [email protected] or postal mail to 359 North West Street, Post Office Box 771, Jackson, MS 39205-0771, on or before 5:00 p.m., on February 19, 2020.

The proposed rule includes requirements on the MDE Office of Technology and Strategic Services (OTSS), none of which appear to directly impact school districts (see sections 1–8). However, section 9 is addressed specifically at public school districts, and imposes three new requirements on them. Each is discussed further below.

Creation of Policies, Standards and Procedures

The proposed rule requires districts to create numerous policies, standards and procedures, such as:

  • Access, Account Management, and Password Policy
  • Annual State of Security, Privacy and Data Governance Report for the State Superintendent of Public Education
  • Best Practices Guidelines
  • Data Classification Framework
  • Data Collection, Quality and Matching Standards and Procedures
  • Data Destruction Policy
  • Data Dictionary and Standards
  • Data Sharing and Public Request Procedure
  • Disaster Recovery and Continuity Policy
  • Email and Electronic Communications Policy
  • Incident Response Policy
  • Information Technology Security Policy
  • LEA Security and Privacy Notification Procedures
  • Mandatory Annual Training Program, including Security Awareness and FERPA Training
  • Safe, Appropriate, and Acceptable Use Policy
  • Security and Privacy Processes and Procedures
  • Security and Privacy Violation Reporting Procedure
  • Security Assessment and Compliance Policy
  • Separation of Duties Standards
  • Student and Parent’s Rights
  • Systems Capacity Planning Policy
  • Vendor and Third-Party Control Policy

Most districts do not have policies in place covering all such issues. Notably, the proposed rule provides no time period for implementation, so districts should consider having policies prepared now in anticipation of complying with these obligations.

Read more of their analysis and commentary Lexology.

Category: Commentaries and AnalysesState/Local

Post navigation

← Educational Enrichment Systems, Inc. – Notice Of Data Breach
Maryland Court Finds Coverage for Lost Data and Slow Computers After Ransomware Attack →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Nigerian National Sentenced To More Than Five Years For Hacking, Fraud, And Identity Theft Scheme
  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.