Stupid is as stupid does: the Lake Ridge Middle School breach
A breach that was not reported on this site initially but was covered on DataBreaches.net, apparently involved medical information, too, as we now learn…
As a follow-up to previous coverage about the stolen Lake Ridge Middle School stolen thumb drive here and here, Andrea McCarren of WUSA-9 provides some additional details that have infuriated parents (emphasis added by me):
The device was taken from a bag in an administrator’s unlocked car in her unlocked garage.
….. On the stolen thumb drive: personal information on more 1,200 students-their names, phone numbers and sensitive information, including whether they have a medical condition.
Dollars to donuts says they don’t report this to HHS even though it has names and medical conditions, because these things are considered education records. There is a huge gap in protection and notification laws here, folks…..