Poway News Chieftain and Rancho Bernardo and 4S Ranch News Journal

Trending

Advertisement

PUSD revises records policy

By Daniel Wheaton
Share

Poway Unified School District officials said on Wednesday that they will handle all public records requests internally, following a mishandled request by an outside attorney that resulted in the mistaken release of tens of thousands of student records.

The Poway Unified School District board held a special meeting about the data breach, in which one parent was given nearly all school records involving 70,000 people, including parents. Test scores, vision exam results, parental occupations, addresses and phone numbers were all released. Social Security numbers were excluded.

About 30 parents showed up to the hastily-announced meeting, seven of whom spoke. As the public commentary became more intense, the crowd responded with applause, and shouts of “yes” and “amen.”

“This board couldn’t lead a pack of wolves to fresh meat,” parent Jeff Riley told board members.

Poway students and families will receive a detailed account of how the data breach happened, officials said. The memo was to be sent to parents by today (Thursday). .

Michelle O’Connor-Ratcliff, board president, assured parents that steps will be taken to prevent a similar mistake from happening again.

“We can hold staff accountable,” she said after the meeting.

The data was released when Gabriela Dow, a parent and member of a district technology board, filed a public records request for all the information the district keeps about herself and her family. She sought the information to understand Poway’s technology practices.

For unknown reasons, attorney William B. Shinoff gave her a CD containing that information about every family in the district. Dow received the disc on May 6 and turned it over to the District Attorney’s Office for investigation of the breach on May 9.

Shinoff was not present at Wednesday’s meeting.

After taking public comments, the board retired to closed session for more than an hour. Members received legal counsel from the Lozano Smith firm regarding “significant exposure to litigation.”

From now on, district spokeswoman Christine Paik said, all public records requests will be handled in-house, instead of through Shinoff.

The board will also adopt a clear policy of how to respond to public records requests. Currently, there is a policy, but it was not officially reviewed or adopted by the board, O’Connor-Ratcliff said. The policy makes no mention of the importance of keeping student information private under the federal Family Educational Rights and Privacy Act.

Paik said that there have been 84 requests made since July under the California Public Records Act or PRA, some very large. Because of the load, the labor was shifted to Shinoff to keep the district running, she said.

“Starting in late January/early February of 2016, due to the sheer number and volume of the PRA requests, and the lack of district staff available to do the work of processing, collecting, and responding to the PRAs, the superintendent made the decision that the PRAs would go to our attorneys,” she said. “This was to prevent the district from getting sidelined from its mission of educating our kids and keeping the district running. We also wanted to respond as quickly to the PRAs as possible and abide by all the laws surrounding PRAs. We have been doing our best to keep up.”

The board was notified of the data breach on May 9, and notified parents eight days later — after The San Diego Union-Tribune asked about the situation. The delay in telling parents angered several who attended Wednesday’s meeting.

“It was a substantial amount of information, and we have a process we had to go through to find out what was contained in it,” O’Connor-Ratcliff said about the delay.

Jeff Riley, a Poway parent and a veteran, said that releasing occupational information was particularly dangerous for military families. Riley said knew of two people in Poway who were on an ISIS hit-list, and now their lives are in danger.

Citing board policies that dated back to the early ’90s, Riley said that Poway was ill-equipped to deal with the digital age. Without clear guidelines on cybersecurity, more breaches may happen, he said.

“As board members, we acknowledge that we are not technology experts,” O’Connor-Ratcliff said to one concerned parent.

The data breach comes as Poway has been put through various institutional troubles. Superintendent John Collins was put on administrative leave in April.

Chris Garnier, a veteran and Poway parent, said he believes the leadership on the board has lost institutional control. Garnier and his wife, Kim Garnier, called for O’Connor-Ratcliff to step down.

She responded by slowly nodding with a smile.

Following the meeting, O’Connor-Ratcliff said she “didn’t have any thoughts,” on the calls to step down.

Melissa Lázarao, another concerned parent, asked for an audit of cybersecurity. She was also angered by the time that it took the district to notify families.

For the meeting, Dow prepared a 22-page statement of the events that she sent to the board — and to the governor’s cybersecurity team. Once she gets approval, she said, she will release the statement to the media.

Wheaton writes for the San Diego Union-Tribune.

Support local journalism

At a time when local news is more important than ever, support from our readers is essential. If you are able to, please support the Pomerado News today.

Advertisement