Ca: Student hacks into school board database
Roger Belgrave reports:
The Catholic school board has beefed-up its computer network security after one of its high school students hacked into the system last spring.
Under direction from Ontario Information and Privacy Commissioner, the Dufferin-Peel Catholic District School Board has posted details of the computer security breach on its website at www.dpcdsb.org.
Read more on Brampton Guardian.
The statement posted on the district school board’s site on September 17 states:
On April 11, 2012, the Dufferin-Peel Catholic District School Board investigated a privacy breach involving the personal information of its students and school staff.
This Notification is to notify you of an unauthorized access to personal information, pursuant to Section 32 of the Municipal Freedom of Information and Protection of Privacy Act, by a student of the system. The information contained on the accessed database was as follows: for all students of the Board, their full name, their ID number, their grade and their school location. For all school staff of the Board, their full name, their ID number and their location and position.
The investigation indicated that while the student was able to view the information on the database, it could not be edited nor deleted. There is no reason to believe that any of the accessed information is being used inappropriately. Further, school and board staff received assurance from both the student and the student’s parent that the personal information accessed was not copied, used or disclosed and that the student no longer possesses any of the personal information.
The following steps have been taken to date:
a) A report was immediately filed with the local Police;
b) An internal investigation is on-going;
c) The office of the Information and Privacy Commissioner/Ontario was notified and we are working with them to ensure our obligations under the Municipal Freedom of Information and Protection of Privacy Act are being adhered to;
d) An internal review is on-going to determine any necessary need to strengthen the system and data security, for all accounts;
e) Students are reminded each year, prior to having access to school computers, of the Board’s ‘Rules and Guidelines for Student Computer System Use’ and are reminded of the Network Use Application and Agreement, which requires a signature of acknowledgment.
At Dufferin-Peel, we take the responsibility of protecting the privacy of student’s and employee’s personal information very seriously. On behalf of the Board, we wish to express our sincere regrets of this incident.
If you would like to discuss this matter or if you have any questions or concerns, please contact Claudia Campagnolo, Access and Privacy/Policy Services Officer at 905-890-0708 ext. 24443.