Graham Cluley comments on the stolen USB drive from Lake Ridge Middle School. He draws the same inference I did — that because there is no mention that the drive was encrypted, he assumes it wasn’t. And…. wait for it…. it was stolen from a school official’s car.
Speaking of school data breaches, I learned something new and disturbing this week. I thought public school districts in New York State were required to report breaches to the state. According to a friend who spoke with the NYS Consumer Protection Board, however, districts are not required to report breaches to the state — only to their “municipalities.” So…. what ensures that parents of students in New York State are notified of breaches involving their children’s personal and sensitive information or their own personal and sensitive information? FERPA doesn’t require notification, and if NYS doesn’t…..
When the NYS legislature takes a breath from all its scandals, perhaps it could look into this issue?