Copyright © 2018 ALM Media Properties, LLC. All Rights Reserved.
While data breaches at Equifax, Yahoo, Anthem and Target have made the national news, data breaches at school districts are not as widely publicized. Schools are a treasure trove of children’s personally identifiable information (PII) (e.g., name, address, Social Security number) and protected health information (PHI), as well as the PII and PHI of faculty and payment card information (e.g., debit and credit card numbers) of parents. Schools are particularly vulnerable to attack because districts with scarce funds must devote them to education, and cannot always divert precious resources to cybersecurity. However, economizing on cybersecurity can be shortsighted. The Federal Trade Commission (FTC) reported that identity thieves often steal children’s information from schools, noting that a child’s identity is attractive to thieves because it is a “clean slate,” enabling a thief to use a child’s Social Security number to obtain employment, government benefits, or credit without detection until the child is of age to obtain credit. See Prepared Statement before the Subcommittee on Social Security of the House Committee on Ways and Means on Child Identity Theft Field Hearing Plano, Texas Sept. 1, 2011.