School division announces third-party data breach
Melissa Topey reports:
Shenandoah County Public School administrators recently announced a vendor they once used had a data breach that compromised some student and administrator data.
The school division used software called AIMSweb 1.0, a product of Pearson Assessments, in its elementary and middle schools for about five years until the 2016-2017 school year, said Dave Hinegardner, director of administrative services and strategic planning.
Read more on The Northern Virginia Daily.
So if they had stopped using the service, why was their students’ data still on the server that was compromised? Did their contract call for all data to be removed or encrypted upon termination of the contract?
How many school districts actually write — and monitor for compliance — provisions in contracts with vendors as to what happens to data on the termination of a contract? Not enough, I’m betting…