Aug 182016
 

An audit concerning:

Security of Personal, Private and Sensitive Information (PPSI) on Mobile Computing Devices and Extracurricular Cash Records and Collections

Report of Examination

Period Covered:
July 1, 2014 – January 21, 2016

Of relevance to this site:

The Pittsford Central School District (District) is governed by the Board of Education (Board), which is composed of seven elected members. The Board is responsible for the general management and control of the District’s nancial and educational affairs. The Superintendent of Schools is the District’s chief executive of cer and is responsible, along with other administrative staff, for the District’s day-to-day management under the Board’s direction. District of cials are responsible for developing comprehensive written policies and procedures to properly protect personal, private and sensitive information (PPSI)1 from unauthorized access on the District’s nearly 3,050 mobile computing devices (MCDs).

[…]

District officials need to improve their security policies and procedures to ensure District MCDs are adequately safeguarded and prevent unauthorized access to PPSI. Our review of 80 District-owned MCDs disclosed PPSI on 16 (20 percent) of these devices. Without proper safeguards in place, any confidential data on these MCDs could be at risk of exposure. We also found that District officials have not developed a classification scheme or performed an adequate inventory of the PPSI stored on District MCDs. Unless District officials identify all the PPSI maintained, it could be difficult to promptly notify the affected students and their families and other parties if a data security breach should occur.

Read the full report (pdf).

  3 Responses to “Audit of Pittsford Central School District by NYS Comptroller”

  1. I read the 10 questions to ask your child’s school but comments are closed on there.

    Many district employees DO ACCESS their work email accounts on their smartphones. So yes, there is something to be said about all of this.
    I do not use my email account on my phone but it’s not just for securing privacy but also about ensuring boundaries between work and personal life.

    • And by the way, many district employees encourage administrators to access email on smart phones. It is sometimes mandated in the district contracts to check email daily.

  2. Actually I wrote that backwards . District administration encourage employees…you can change that for me.

    Can I blame that mistake on not enough coffee?

Sorry, the comment form is closed at this time.