Schools must handle data with more care
Various types and causes of school data breaches are raising alarm among educators and parents. Credit: Getty Images/iStockphoto/Naeblys
The broad and hazy term “cyber incident” has been gaining currency in school systems, for good reason.
This buzz phrase is purposely general. It covers various types and causes of data breaches that are raising alarm among educators and parents these days. One cause is ransomware attacks, by which computer hackers hold stolen data hostage for a price. Suffolk County's government knows all about this now.
But as state education officials report, cyber incidents due to human error also have increased. Better awareness or reporting may be driving up the numbers. But all the same, these mistaken releases can inadvertently invade the privacy of those whose data is breached. On Long Island, this type of error has included the public exposure of individual students’ disabilities, their placements in special education, and even psychological evaluations. Staff privacy has also been violated in some cases.
In Long Island schools, the tally of cyber incidents, including hacks, jumped from 10 in 2021 to 23 last year — 12 of them attributable to human error, according to state Education Department data obtained by Newsday under a Freedom of Information Law request. Statewide, the department’s privacy office in 2022 received 140 incident reports, up from 71 the prior year. Unauthorized access and unauthorized disclosure of student data accounted for much of the increase. That's about parallel to Long Island’s experience.
To illustrate: In Floral Park, an employee sent a notice to the wrong parents identifying students with disabilities. Weeks later, an employee sent a parent a schedule of special-education meetings with the names of the students. In Bay Shore, a teacher publishing an online article mistakenly named a pupil as a “classified” student, indicating a special education student or one with behavioral problems.
Clearly, a significant number of those running and working in the Island’s 124 school districts don’t fully understand privacy laws and protections. as officials have noted. Properly, the state is pushing to get these incidents routinely reported, and get the right training for employees who need it.
Levels of insurance, software protections, ransom policies and the daily use of information loom as cybersecurity issues in all public agencies, not just schools. But in our newly complicated world, it especially falls on those in the school system to handle children’s information with care and thought.
Learning and following relevant laws and rules is a start. But the problem demands a broader consciousness. Everyone with system access these days has to become their own electronic security guard. Employees and administrators must keep an eye on the information flowing by them on their screens, in and out of the gates of the district’s data system. They must ask themselves whether the releases are proper.
More than ever, this kind of caution is simply a job requirement for those who operate anywhere in cyberspace.
MEMBERS OF THE EDITORIAL BOARD are experienced journalists who offer reasoned opinions, based on facts, to encourage informed debate about the issues facing our community.
