VIP Focus: Learning the Basics of Data Breaches to Protect Your District

DashBoard, April 12, 2017

Submitted by Travis Van Tighem, Senior Property/Casualty & Workers’ Compensation Sales & Development Specialist, SET SEG School Insurance Specialists

SET SEG School Insurance SpecialistsThe only thing constant about technology is that it’s always changing. Our world has evolved to work and communicate virtually everything online or through a cloud platform. Storing such large amounts of data online creates a constant threat for confidential information to get into the wrong hands.

School districts house data that is considered sensitive or personally identifiable information, such as Social Security Numbers, account numbers or medical records. In today’s changing realm of technology, it’s more important than ever before to understand the basics of data breaches, the threats they pose and how to protect your district against them.

What is a data breach? 

A data breach is the unauthorized exposure of personally identifiable information that can be used for fraud. Data breaches can happen through a variety of situations including:

  • Loss or theft of personal items
  • Hacking
  • Accidentally posting information on a nonsecure website
  • Not shredding important physical documents

What are the most common data breaches schools face?

  • Improper disposal of sensitive documents
  • System access
  • Theft

Lately, many school districts are focusing their concerns on online attacks, but they should still be mindful of breaches caused by human error. This could be as simple as a teacher publishing grades publicly or someone using scrap paper found in recycling containing sensitive information.

How should districts handle a data breach?

When a breach has occurred, the district should notify its insurance carrier immediately. If a district has data breach coverage, a data forensics review will take place to determine how the breach occurred and will determine the severity of the breach.

Legal requirements for responses to data breaches vary by state. In Michigan, a large breach would require a school district to notify affected individuals and provide them with one year of an identity theft protection service.

How can districts stay protected against data breaches?

Every district should practice the following security measures:

  • Train employees in the district’s security policies
  • Ensure secure information is encrypted
  • Implement proper security measures, such as locking doors to rooms with computers that house sensitive information
  • Destroy sensitive documents before disposal
  • Continually update security software

Additionally, it’s important that districts have adequate insurance coverage in the event of a data breach. Policies should cover items such as response expenses and defense and liability expenses.

Travis is the Senior Property/Casualty & Workers’ Compensation Sales & Development Specialist at SET SEG. You can contact him at 517.816.1663 or

VIP Focus articles are company-sponsored advertisements and do not necessarily reflect the views or positions of MASB. It’s intended to provide Very Important Partners with a space to share information of value to you and your district.

Read More DashBoard Articles