KBS Reference Desk: Cybersecurity Breach

Q:        The district received notification from a vendor of a potential cybersecurity breach involving confidential student information. Do we have a policy addressing next steps?

 A:        Yes, look to policy CQ (LEGAL) and (LOCAL) for your district’s internal response procedures, as well as any provisions set forth in the data protection agreement with the vendor.

 Note that your obligations concerning response to cybersecurity breaches will change, however, starting September 1, 2019 in light of the legislature’s recent passage of Senate Bill 820 (“SB 820”). SB 820 adds Section 11.175 to the Texas Education Code, which will require districts to: (1) adopt a cybersecurity policy; (2) designate a cybersecurity coordinator; and (3) report cybersecurity incidents to the Texas Education Agency (“TEA”) and to parents of impacted students beginning with the upcoming school year.

SB 820 tasks the superintendent with responsibility for appointing a cybersecurity coordinator to serve as the liaison between the district and TEA and to fulfill certain reporting obligations. In particular, SB 820 requires the cybersecurity coordinator to report to TEA “any cyber attack or other cybersecurity incident against the district cyber infrastructure that constitutes a breach of system security as soon as practicable after the discovery of the attack or incident.” Tex. Educ. Code § 11.175(e). Additionally, for any incident requiring a report to TEA, the coordinator must also “provide notice to a parent of or person standing in parental relation to a student enrolled in the district of an attack or incident…involving the student’s information.” Tex. Educ. Code § 11.175(f).

Be on the lookout for upcoming TASB policy updates and seek assistance from your school district’s attorney regarding required TEA and parent notification should a cybersecurity breach occur compromising personal information.  

Related Posts

Recent Articles

KBS Reference Desk: Temporary Suspension of TPIA due to Catastrophe
August 6, 2021
KBS Reference Desk: Standard for Reporting Child Abuse and Neglect
July 30, 2021
KBS Reference Desk: Bullying Policies and Reporting SB 2050
July 23, 2021
KBS Reference Desk: Homeschoolers and UIL
July 16, 2021
KBS Reference Desk: TOMA Suspension Extension
July 9, 2021
KBS Reference Desk: Revision to Resignation without Penalty Deadline
July 2, 2021
KBS Reference Desk: SB 179 School Counselors
June 25, 2021
KBS Reference Desk: 2021 TRS Surcharge SB 202
June 18, 2021
KBS Reference Desk: When do Virtual Board Meetings End
June 11, 2021
KBS Reference Desk: Buy American Program
June 4, 2021
KBS Reference Desk: Board Member with Substantial Interest Closed Meeting Attendance
May 28, 2021
KBS Reference Desk: Administrator Reassignments – Same Professional Capacity
May 21, 2021
KBS Reference Desk: Vaccine Complications and FFCRA
May 14, 2021
KBS Reference Desk: Importance of Contract Legal Review
May 7, 2021
KBS Reference Desk: Negotiating Resignations
April 30, 2021
KBS Reference Desk: Authority to Create New Position
April 23, 2021
KBS Reference Desk: Vaccine Incentive Programs for Employees
April 16, 2021
KBS Reference Desk: Felony Conviction and School Board Candidates
April 9, 2021
KBS Reference Desk: T-TESS Rubric Virtual
April 2, 2021
KBS Reference Desk: COVID-19 Vaccination Status Questions and EEO Laws
March 26, 2021
KBS Reference Desk: Certification Addendum
March 19, 2021
KBS Reference Desk: Lifting of Mask Mandate and Implications for UIL Activities
March 12, 2021
KBS Reference Desk: Identification of TPIA Requestor
March 5, 2021
KBS Reference Desk: Pay During Closure
February 26, 2021
KBS Reference Desk: Vaccines and Quarantine
February 19, 2021