Just weeks before hackers breached tens of thousands of NYC children’s personal information in a global cyberattack, the New York State Comptroller warned education officials to get serious about protecting student data.
A comptroller audit released in May found local school districts had not received “sufficient oversight” as cybersecurity incidents in schools across the state — whether through human error, data breaches or ransomware attacks — have more than tripled over the last few years.
“The State Education Department and school districts had a responsibility to strengthen and protect student data and systems well before the pandemic,” said Deputy Comptroller Tina Kim, who oversees state government accountability.
“But remote learning increased reliance on IT services, apps and third-party programs,” she added, “and it’s clear schools were not prepared for the heightened cyber risks.”
The probe, which ran from March 2020 to November 2022, reviewed 131 data incidents reported by school districts, including 15 in New York City, and found many were out of compliance with regulations.
There have been other cautions as well.
Before the state audit, the city public schools had received warnings from the oversight agency The Special Commissioner of Investigation for the New York School District. A review of its online portal showed watchdogs had recommended better safeguards of personal identifiable information five times since 2021.
“They’ve had a fairly laissez-faire attitude about this,” said Leonie Haimson, who co-chairs the Parent Coalition for Student Privacy, “and I think it hasn’t sufficiently protected student or teacher privacy, and shows a lack of real seriousness on their part.”
The state comptroller’s audit found that 80% in of incident reports from the city’s public schools lacked enough detail for the comptroller to say if officials told students and teachers their data was breached within a legally required 60-day…
Read the full article here
Leave a Reply