A data security review has found the student transportation company in Peterborough which accidentally released students’ private information faced a “moderate risk” of unauthorized access.
On Feb. 7, the Student Transportation Services of Central Ontario (STSCO) discovered that an employee “inadvertently” posted an internal staff training document to STSCO’s social media sites (Facebook and Twitter).
The document contained private information such as students’ date of birth, address and busing information.
STSCO says it removed the posting within 90 minutes of discovering the error and closed access to the database.
But company CAO Joel Sloggett said in February, the records of five students were accessed.
“This access of information was limited to several individuals who were notified directly about the issue,” STSCO stated Monday.
The company says it hired an outside security consultant to conduct a thorough review of STSCO’s data security processes — a request made by both the Kawartha Pine Ridge District School Board and the Peterborough Victoria Northumberland and Clarington Catholic District School Board. STSCO also serves the Conseil scolaire catholique MonAvenir, a French Catholic school board.
That security audit has been completed, STSCO said Monday.
- Life in the forest: How Stanley Park’s longest resident survived a changing landscape
- Bird flu risk to humans an ‘enormous concern,’ WHO says. Here’s what to know
- More youth are seeking EI amid rising unemployment rates: StatCan
- Mental health support still lacking 4 years after mass shooting: Nova Scotia mayor
“Overall, the consulting firm determined that STSCO was observing a number of best practices with respect to data security and found the organization faced a ‘moderate risk’ of unauthorized access to its internal network, comparable to similar size and type organizations,” STSCO stated.
STSCO and the school boards are now working to implement a series of short-, medium- and long-term recommendations such as enhancing software and technology, improving internal processes with respect to password protections and conducting regular internal and external security assessments.
“At STSCO, we take our responsibility to maintain the privacy and security of student information very seriously and we are committed to implementing the above recommendations to ensure our processes remain secure now and into the future,” STSCO stated.
Comments