Audit of Pittsford Central School District by NYS Comptroller

An audit concerning:

Security of Personal, Private and Sensitive Information (PPSI) on Mobile Computing Devices and Extracurricular Cash Records and Collections

Report of Examination

Period Covered:
July 1, 2014 – January 21, 2016

Of relevance to this site:

The Pittsford Central School District (District) is governed by the Board of Education (Board), which is composed of seven elected members. The Board is responsible for the general management and control of the District’s nancial and educational affairs. The Superintendent of Schools is the District’s chief executive of cer and is responsible, along with other administrative staff, for the District’s day-to-day management under the Board’s direction. District of cials are responsible for developing comprehensive written policies and procedures to properly protect personal, private and sensitive information (PPSI)1 from unauthorized access on the District’s nearly 3,050 mobile computing devices (MCDs).

[…]

District officials need to improve their security policies and procedures to ensure District MCDs are adequately safeguarded and prevent unauthorized access to PPSI. Our review of 80 District-owned MCDs disclosed PPSI on 16 (20 percent) of these devices. Without proper safeguards in place, any confidential data on these MCDs could be at risk of exposure. We also found that District officials have not developed a classification scheme or performed an adequate inventory of the PPSI stored on District MCDs. Unless District officials identify all the PPSI maintained, it could be difficult to promptly notify the affected students and their families and other parties if a data security breach should occur.

Read the full report (pdf).

About the author: Dissent