The school district must exercise caution with the handling and storage of personal information. At times, there may be an unauthorized disclosure of personal information (breach) or there may be a risk of an unauthorized disclosure. A privacy breach occurs when there is unauthorized access to the collection, use, disclosure, or disposal of personal information. A privacy breach happens when personal information of students, their parents, outside agencies, or employees, is disclosed to someone not authorized to access the information. For example, when personal information is on a stolen computer, when an email sends personal information to a recipient that is not their personal information, or when a lost USB flash drive contains personal information.
The school district is responsible for managing any breach of personal information in order to minimize the harm that may result from the privacy breach. The Privacy Breach Management Procedure outlines the process for dealing with a privacy breach. Any employee, officer, or director of the school district, or an employee or associate of a service provider, who knows there has been an unauthorized disclosure of personal information that is in the custody and control of the school district must immediately notify the Superintendent. The Secretary Treasurer is responsible for overseeing the management of the breach.