Among the frequent targets of cyberattacks are schools and universities. In the wake of such attacks, New York State regulators are taking action to protect personally identifiable information (PII) that schools collect and maintain. The regulations (which were adopted in January) require schools and their vendors to implement strong programs for data security and privacy. Measures include adding a Parent’s Bill of Rights in every contract with businesses that receive PII, and requiring schools to provide data security awareness training to employees. Schools are encouraged to contact qualified legal council for assistance.

Key Takeaways:

  • Although data breaches can effect any business, it’s an unfortunate fact that government entities, such as universities, are frequent targets.
  • As a single example, students in the Pittsburgh Unified School district of California were victims of a ransomware episode which targeted the school’s servers.
  • An ed-tech company, Naviance, also bears witness that the malicious attacks also target school vendors.

“School contracts – including “click wrap” agreements — with vendors who receive PII must state that the vendor will maintain all information in accordance with federal and state law and the school’s security and privacy policy.”

Read more: