5,800 Palm Beach County teachers notified of data security breach
May 2- 6 is Teacher Appreciation Week. Showing appreciation for teachers generally does not include exposing their identity information, but unfortunately, that’s what happened in Palm Beach County School District.
The district issued a statement about the unintended disclosure to a vendor:
Superintendent Robert Avossa has alerted employees that approximately 5,800 teachers had their Social Security numbers accidentally transmitted to a District vendor.
The affected teachers have been notified of the error. While state law does not require such notification, Dr. Avossa said he felt it was important to communicate directly with teachers.
“When we make a mistake, we need to take responsibility and be transparent about what we’re doing to correct it,” Dr. Avossa said. “We alerted teachers to the error, and are taking corrective action to ensure this does not happen again.”
The teachers’ Social Security numbers and names were inadvertently included in a file sent to an outside contractor, Educational Resource Strategies (ERS), as part of an ongoing budget review.
ERS immediately took all necessary steps to purge the Social Security data from its system, and ensured that the Social Security data was not stored to any backup or storage system with ERS. The company provided an affidavit affirming the steps they took, as well as confirming the Social Security data was not used for any purpose or transmitted prior to deletion.
The District is changing its policies and procedures to strengthen its protection of confidential employee data, including providing additional staff training and instituting additional protocols for handling sensitive information such as Social Security numbers. Employees’ Social Security numbers will be replaced with employee identification numbers in all non-Human Resources systems, where applicable.