Advertisement

STSCO taking steps to bolster security of students’ private digital data

Joel Sloggett, CAO of STSCO, says five students' records were accessed in an accidental release of student contact and busing information on social media in February. CHEX News File

A data security review has found the student transportation company in Peterborough which accidentally released students’ private information faced a “moderate risk” of unauthorized access.

On Feb. 7, the Student Transportation Services of Central Ontario (STSCO) discovered that an employee “inadvertently” posted an internal staff training document to STSCO’s social media sites (Facebook and Twitter).

The document contained private information such as students’ date of birth, address and busing information.

STSCO says it removed the posting within 90 minutes of discovering the error and closed access to the database.

Story continues below advertisement

But company CAO Joel Sloggett said in February, the records of five students were accessed.

Get the day's top news, political, economic, and current affairs headlines, delivered to your inbox once a day.

Get daily National news

Get the day's top news, political, economic, and current affairs headlines, delivered to your inbox once a day.
By providing your email address, you have read and agree to Global News' Terms and Conditions and Privacy Policy.

“This access of information was limited to several individuals who were notified directly about the issue,” STSCO stated Monday.

The company says it hired an outside security consultant to conduct a thorough review of STSCO’s data security processes — a request made by both the Kawartha Pine Ridge District School Board and the Peterborough Victoria Northumberland and Clarington Catholic District School Board. STSCO also serves the Conseil scolaire catholique MonAvenir, a French Catholic school board.

That security audit has been completed, STSCO said Monday.

“Overall, the consulting firm determined that STSCO was observing a number of best practices with respect to data security and found the organization faced a ‘moderate risk’ of unauthorized access to its internal network, comparable to similar size and type organizations,” STSCO stated.

STSCO and the school boards are now working to implement a series of short-, medium- and long-term recommendations such as enhancing software and technology, improving internal processes with respect to password protections and conducting regular internal and external security assessments.

“At STSCO, we take our responsibility to maintain the privacy and security of student information very seriously and we are committed to implementing the above recommendations to ensure our processes remain secure now and into the future,” STSCO stated.

Advertisement

Sponsored content

AdChoices