Donna St. George reports:
A contractor working with the Montgomery County school system has informed the parents of about 340 special-education students that the children’s private data was on a computer stolen during a break-in.
WestEd, a nonprofit research organization, acquired the student data from Montgomery County school officials as it conducted a review of special-education processes and procedures for a report that was issued in October.
WestEd officials say the data was on the hard drive of a laptop that was stolen Nov. 3, when intruders broke into the organization’s D.C. offices and carted off five computers.
[…]
The data included parent and student names, addresses, phone numbers, students’ birth dates, school status, disability, race, home language spoken, mediation and hearing outcomes, most- recent individualized education program meeting date and type, and school enrollment information. No Social Security numbers were included.
Read more on Washington Post. The school district flapped its gums:
“We are frustrated with their carelessness toward our records,” said Montgomery schools spokesman Derek Turner.
Okay, but what had the district done in advance to protect and ensure data security by its contractor? Did it have a contract that specified that such data was to be encrypted using strong encryption? Did it ever monitor its contractor for security?