Private information of 2,841 students accidentally released; School division did not make proper notice — regulator

CBC reports:

A recent report by the Saskatchewan information and privacy commissioner’s office revealed that private information of 2,841 students was accidentally made public last year.

The records in question included students’ names, identification numbers, phone numbers, grades and parent email addresses.

The school division, which is in southwest Saskatchewan and has more than 6,000 students in total, said the privacy breach occurred Jan. 28, 2020, and was due to “human error.”

Read more on Yahoo!News

From the commissioner’s web site, notes:

Investigation Report 031-2020

Chinook School Division #211
August 11, 2021

LA FOIP 2(f)(viii), 23(1), 23(1)(b), 23(1)(d), 23(1)(e), 23(1)(k)(i), 23.1, 28(1)

The Chinook School Division No. 211 (School Division) proactively reported a breach of privacy to the Commissioner advising that a GitHub code repository was set to public instead of private for approximately 36 hours. The Commissioner found that a privacy breach occurred and that the School Division properly contained the breach of privacy. The Commissioner further found that the School Division did not provide proper notification of the breach and it failed to meet its duty to protect pursuant to subsection 23.1 of The Local Authority Freedom of Information and Protection of Privacy Act. Finally, the Commissioner found that although the School Division appropriately investigated the breach, it did not provide enough details of how it will prevent future breaches of GitHub or similar applications. The Commissioner recommended the School Division provide notification of this breach to all affected individuals. The Commissioner also recommended that the School Division implement a security assessment and ongoing security review process for new and existing applications, including GitHub.

About the author: Dissent

Comments are closed.