Data Breach Protocol

What is a data breach?

An event in which student education records or sensitive staff information are inadvertently disclosed as defined by the U.S. Department  of Education. Information that can be compromised, through user, technology or hacking. The type of information may include: names, addresses, social security numbers, ID numbers, credit card numbers, grades, and the like, student records, special services information and similar information. 

How is it communicated?

Notification may come from any stakeholder in the school district, i.e., parent, staff, student, or may be a notification from a Third Party Data Host, i.e., publisher, vendor, or contractor. Anyone who suspects or knows of a possible data breach are required to communicate with a member of the Education Data Protection Team.

Who are the members of the Education Data Protection Team?

• Superintendent of Schools
• Assistant Superintendent, Curriculum, Instruction & Professional Learning
• Director, Digital Learning - Chairman
• Director, Human Resources
• Director, Pupil Personnel Services
• Director, Technology
• Executive Assistant to the Superintendent

**The above roles or similar titles should be included as part of this team. The Education Data Protection Team will involve other stakeholders including the Powerschool Administrator, the Data, Analytics, and Assessment Officer and building-level leadership as appropriate and will be determined on a case-by-case basis.

What are the Steps in the Data Breach Response Protocol?