Cedar Springs Public School District
Bylaws & Policies
 

8351 - SECURITY BREACH OF CONFIDENTIAL DATABASES

It is the policy of the Board of Education that when unauthorized access or acquisition of data occurs, which would compromise the confidentiality or security of personal information maintained by the District on a database, the District will take appropriate action to assess the risk, and notify the affected individuals in accordance with its legal obligations.

A "security breach" means the unauthorized access and acquisition of data that compromises the security or confidentiality of personal information maintained by the District as part of a database of personal information covering multiple individuals. Unauthorized access may be considered incidental access by an employee or other individual if the access meets all of the following:

 A.the individual acted in good faith in accessing the data

 B.the access was related to the activities of the agency or person

 C.the individual did not misuse any personal information or disclose any personal information to an unauthorized person

Personal information for purposes of this policy means the persons last name, with either the first name or initial when linked to one or more of the following:

 A.social security number

 B.driver's license or State Personal Identification

 C.demand deposit or other financial account numbers, credit or debit card numbers, when combined with access code, security code or password which would allow access to the financial accounts

Promptly upon determining that a security breach has occurred, the employee shall notify the chief business officer and the Superintendent, in writing.

The Superintendent and the chief business officer shall promptly determine and implement the steps necessary to correct the unauthorized access and any legal requirements for notifying those individuals whose personal information may have been compromised.

Employees who intentionally violate this policy are subject to discipline, up to and including discharge and may be subject to criminal penalties.

The Superintendent shall assure that employees receive a copy of and have readily available access to this policy.

M.C.L. 445.61 et seq.

© Neola 2008