Scott Pettigrew reports:
The Ontario information and privacy commissioner has released a report following a massive privacy breach through technology used by many schools in the province.
The PowerSchool incident, which affected millions of Canadians across the country, saw personal information stolen in December of 2024. The company admitted to paying a ransom to recover the information
The key findings of the investigation:
- Failed to include certain privacy and security-related provisions in their contractual agreements with PowerSchool to ensure that the educational bodies meet the requirements of applicable provincial public sector privacy law.
- Lacked policies and procedures to effectively monitor and oversee PowerSchool’s technical and security safeguards to ensure the company complied with its contractual terms and conditions, including in respect of user access privileges for remote support personnel and the use of multi-factor authentication.
- Failed to limit remote access to their student information systems by PowerSchool support personnel for only as long as necessary to address specific technical issues.
- Lacked adequate breach response plans or protocols.
Read more at Your Kenora.
Learn more: