School XYZ accidentally released personally identifiable information to the wrong students, which included the name of the student, the amount of financial aid the student was eligible to receive, and the student’s school identification number, which is used in accessing the student portal. Roughly 100 students were affected. How should the school handle this mistake?
The U.S. Department of Education’s Privacy Technical Assistance Center (PTAC) has a document called the Data Breach Response Checklist, which the school may find helpful in this situation.
The Data Breach Response Checklist identifies what a data breach entails, items to consider when coming up with a response strategy, what to do before a breach, how to respond once a breach occurs, and additional resources. Since the data breach has already occurred, the recommended steps are summarized below:
More detailed guidance can be found in the Data Breach Response Checklist document.
Publication Date: 10/19/2017