School district IT woes

Washoe County School District’s IT security is overseen with a staff of three. Despite that, it is in the top 12 percent of districts in the nation that actually devotes considerable efforts to monitoring its online and network security.

But recent data concerns have impacted the district. It was announced in July that a data breach by a vendor impacted more than 100,000 students between 2001 and 2016. In September, charter school Coral Academy sent text messages to other WCSD parents, which the district said was a violation of federal law.

“This was caused by a programming error in the process we use to provide data to Coral Academy’s parent/guardian communication tool, SchoolMessenger,” a district email to parents announced. “Unfortunately, additional data was provided to SchoolMessenger, including some directory information as well as student ID and gender for WCSD students. We are notifying you of this error because the distribution of this information to someone other than the student (age 18 or over) or the parents without your written consent constitutes a violation of the Family Educational Rights and Privacy Act (FERPA).”

That note was sent the same day the school board of trustees approved an updated audit of the district’s IT security. Between 2016 and now, only a handful of recommendations have been implemented to improve the district’s IT security.

The reason: WCSD officials said it has no money to make the necessary improvements. The audit also showed that the district conducted a scan for vulnerabilities and found 14 issues in March of this year.

“Further funding is required to secure a regular frequency of vulnerability scanning,” the audit said.