KBS Reference Desk: Cybersecurity Breach

Q:        The district received notification from a vendor of a potential cybersecurity breach involving confidential student information. Do we have a policy addressing next steps?

 A:        Yes, look to policy CQ (LEGAL) and (LOCAL) for your district’s internal response procedures, as well as any provisions set forth in the data protection agreement with the vendor.

 Note that your obligations concerning response to cybersecurity breaches will change, however, starting September 1, 2019 in light of the legislature’s recent passage of Senate Bill 820 (“SB 820”). SB 820 adds Section 11.175 to the Texas Education Code, which will require districts to: (1) adopt a cybersecurity policy; (2) designate a cybersecurity coordinator; and (3) report cybersecurity incidents to the Texas Education Agency (“TEA”) and to parents of impacted students beginning with the upcoming school year.

SB 820 tasks the superintendent with responsibility for appointing a cybersecurity coordinator to serve as the liaison between the district and TEA and to fulfill certain reporting obligations. In particular, SB 820 requires the cybersecurity coordinator to report to TEA “any cyber attack or other cybersecurity incident against the district cyber infrastructure that constitutes a breach of system security as soon as practicable after the discovery of the attack or incident.” Tex. Educ. Code § 11.175(e). Additionally, for any incident requiring a report to TEA, the coordinator must also “provide notice to a parent of or person standing in parental relation to a student enrolled in the district of an attack or incident…involving the student’s information.” Tex. Educ. Code § 11.175(f).

Be on the lookout for upcoming TASB policy updates and seek assistance from your school district’s attorney regarding required TEA and parent notification should a cybersecurity breach occur compromising personal information.  

Related Posts

Recent Articles

KBS Reference Desk: Felony Conviction and School Board Candidates
April 9, 2021
KBS Reference Desk: T-TESS Rubric Virtual
April 2, 2021
KBS Reference Desk: COVID-19 Vaccination Status Questions and EEO Laws
March 26, 2021
KBS Reference Desk: Certification Addendum
March 19, 2021
KBS Reference Desk: Lifting of Mask Mandate and Implications for UIL Activities
March 12, 2021
KBS Reference Desk: Identification of TPIA Requestor
March 5, 2021
KBS Reference Desk: Pay During Closure
February 26, 2021
KBS Reference Desk: Vaccines and Quarantine
February 19, 2021
KBS Reference Desk: Face Masks and the First Amendment
February 12, 2021
KBS Reference Desk: Virtual Learning and Child Find
February 5, 2021
KBS Reference Desk: American Rescue Plan
January 29, 2021
KBS Reference Desk: Spring Testing
January 22, 2021
KBS Reference Desk: TOMA Suspension Extension – Additional 30 days
January 15, 2021
KBS Reference Desk: Updated FFCRA Guidance
January 8, 2021
KBS Reference Desk: New Stay-at-Home Protocols
December 18, 2020
KBS Reference Desk: Vaccine as a Requirement for School Attendance
December 11, 2020
KBS Reference Desk: Campus Closure due to COVID-19 and Funding
December 4, 2020
KBS Reference Desk: Nonexempt Volunteer Work
November 20, 2020
KBS Reference Desk: Required Transition from Virtual to ON-campus Learning
November 13, 2020
KBS Reference Desk: TPIA – 10-day Extension
November 6, 2020
KBS Reference Desk: Discontinue Virtual Learning
October 30, 2020
KBS Reference Desk: Political Dress
October 23, 2020
KBS Reference Desk: Emergency Safety Drills
October 16, 2020
KBS Reference Desk: Requests for Homebound Instruction During COVID
October 9, 2020
KBS Reference Desk: Mask Exception
October 2, 2020