It is the policy of the Board of Education that when unauthorized access or acquisition of data occurs, which would compromise the confidentiality or security of personal information maintained by the District, the District will take appropriate action to assess the risk and notify the affected individuals in accordance with its legal obligations.

A "security breach" means the unauthorized access and acquisition of data that compromises the security or confidentiality of personal information maintained by the District. Unauthorized access may be considered incidental access if the access meets all of the following:

Personal information for purposes of this policy means the person's last name, with either the first name or initial when linked to one or more of the following:

Promptly upon determining that a security breach has occurred, the employee shall notify the chief business officer and the Superintendent, in writing.

The Superintendent and the chief business officer shall promptly determine and implement the steps necessary to correct the unauthorized access and any legal requirements for notifying those individuals whose personal information may have been compromised.

Employees who intentionally violate this policy are subject to discipline, up to and including discharge, and may be subject to criminal penalties.

The Superintendent shall assure that employees receive a copy of and have readily available access to this policy.

M.C.L.A. 445.61 et seq.
M.C.L.A. 445.63 - Identity Theft Protection Act (452) of 2004

Adopted 1/26/09