PIT +1 412-566-1212
HAR +1 717 234-4121
info@tuckerlaw.com
Home
Attorneys
Capabilities

Capabilities

Services

Alcoholic Beverages/Liquor Licensing Arbitration, Mediation and Alternative Dispute Resolution Bankruptcy & Restructuring Business & Finance Business Succession Planning Commercial Litigation Compliance & Risk Management Criminal Defense Education Law Elder Law Employee Benefit Plans/ERISA Environmental ERISA Litigation Estates & Trusts Family Law Fiduciary Services & Risk Management Finance Franchise Government Relations Import/Export Control & Compliance Insurance Disputes Intellectual Property Labor & Employment Medical Marijuana Mergers & Acquisitions Personal Injury Privacy, Data Security & Technology Products Liability Real Estate Real Estate Transactions and Title Insurance Securities Special Needs Planning Taxation Toxic Tort and Asbestos Litigation Defense White-Collar Criminal Defense Women‘s Business Enterprise (W.B.E.) Workers’ Compensation Zoning & Land Use

Industries

Construction Energy Finance Healthcare Higher Education Hospitality Long-Term Care Manufacturing Municipal & School Non-Profit Organizations Privacy, Data Security & Technology Utilities Law Veterinary Services

Departments

Business and Finance
Business & Finance Business Succession Planning Elder Law Employee Benefit Plans/ERISA Estates & Trusts Fiduciary Services & Risk Management Finance Franchise Hospitality Intellectual Property Labor & Employment Manufacturing Mergers & Acquisitions Non-Profit Organizations Privacy, Data Security & Technology Real Estate Real Estate Transactions and Title Insurance Securities Special Needs Planning Taxation Veterinary Services
Litigation
Arbitration, Mediation and Alternative Dispute Resolution Bankruptcy & Restructuring Commercial Litigation Compliance & Risk Management Construction Criminal Defense Environmental ERISA Litigation Family Law Insurance Disputes Labor & Employment Personal Injury Products Liability Toxic Tort and Asbestos Litigation Defense White-Collar Criminal Defense Workers’ Compensation
Government and Regulatory
Alcoholic Beverages/Liquor Licensing Education Law Energy Government Relations Import/Export Control & Compliance Medical Marijuana Municipal & School Utilities Law Zoning & Land Use
Bankruptcy & Restructuring Business & Finance Commercial Litigation
News & Insights
About Us
About Our Firm
Awards
Firm Structure & Management
Historical Legacy
Law Firm Alliance Affiliation
Join Us
Associate Life
Summer Associate Program
Career Opportunities
Diversity & Inclusion
Women@Tucker
Pro Bono & Community
Diversity & Inclusion
Contact Us
Blog Logo
Blog Logo

Tucker Arensberg

Contact information

Email Address
    BOOKMARK SHARE
    View All News & Insights
    BACK TO Tucker’S PROFILE

    School Districts to Undergo Cybersecurity Audit

    Missouri Auditor Nicole Galloway recently announced plans to conduct cybersecurity audits of five school districts. Coinciding with National Cybersecurity Awareness Month, the audits are intended to reveal how school districts protect the personal information of its students.  Considering the amount of information school districts are entrusted with storing, it is surprising these types of audits have not been conducted sooner or on a wider scale.

    School districts store a tremendous amount of personal information including educational records, health records, and financial information.  Further, school districts do not just store the personal information of its students.  The personal information of teachers and other employees is also at risk.

    School districts must take steps to ensure this personal information is properly protected.  Audits, as suggested by the Missouri cases, can be a good way to assess the security measures a school district has in place as well as identifying potential weaknesses.

    For example, school districts rely on a number of vendors to provide the services needed to run its day to day operations. These vendors may include those third party entities that provide outsourced IT services, software platforms, and distance learning tools.   Not properly vetting vendors is one common area of weakness in a school district’s data security plan.

    It is critical that school districts conduct sufficient due diligence of its vendors before purchasing their services.  This due diligence must include an assessment of the security measures the vendor has in place as well as its privacy policy.  In addition, the school district must carefully review and negotiate its contracts with these vendors to ensure their sufficient security obligations are imposed with respect to any personal information they may store, transmit, access, or otherwise use in performing its obligations. These contracts must also provide for appropriate indemnification of the school district in the event a breach occurs.

    Properly vetting vendors is just one way school districts can proactively reduce their risk of a data breach.  Other best practices include maintaining a breach notification policy and providing periodic training on security issues for employees.

    October 12, 2015

    Contact Now

    Get support from our trusted attorneys.

      Serving our clients successfully since 1900

      The same attributes that have anchored over a century of success are still our guiding principles today.

      Capabilities Find an Attorney

      Stay up-to-date on the latest News & Insights by subscribing to our alerts

      Enter your email address below and be notified when we post new information.