NYS Comptroller report: More cybersecurity protections needed for schools

by: Jamie DeLine

Posted: May 17, 2023 / 05:55 PM EDT

Updated: May 17, 2023 / 05:55 PM EDT

ALBANY, N.Y. (NEWS10)– The New York State Comptroller’s Office recently released a New York State Education Department Audit looking into the privacy and security of student data.

“Cybersecurity incidents are increasing and they’ve tripled in the last three years in New York and a big reason for that is teachers have had to jump into action during COVID and had to use a lot of new programs, third party apps, rely on IT services in a different way and that really exposed school districts to becoming more vulnerable to data breeches,” explained Mary Mueller, Press Secretary for the New York State Comptroller.

Data could include information such as names of children their parents and teachers, as well as addresses and contact information.

An audit of the state education department looked at a sample of 131 data incidents reported by school districts as well as school websites focusing on March 2020 through November 2022— a time when schools were forced to move to remote or hybrid learning due to the pandemic.

The comptroller’s office found the state education department’s oversight needs to improve so that student information doesn’t end up in the wrong hands.

“They need to ensure that school districts are putting dates of time of reporting, dates of discovery of incidents, dates of when they’re notifying people otherwise how can they enforce the deadlines they have under their rules and regulations if they are not not mandating that the schools file them in their incident reports,” said Mueller.

Of the sample looked at, The audit found:

-30% of school data breaches the comptrollers office reviewed were not reported to the State Education Department within 10 days.

-73 schools did not have a parents bill of rights for any 3rd party contract on their website52 schools didn’t have a data security policy on their website

-14 did not have a data security officer

“The state education department has responded supportive of the recommendations, which is something we like to see,” said Mueller. “Obviously student data security is of the upmost importance to SED and they take the recommendations seriously and to heart. They have started working with this private company to start classifying data that they are responsible for.”

The full audit can be found here.