G360  DATA BREACH AND PROTECTION

School corporations store a number of educational records in electronic data systems and have a legal and ethical responsibility to protect the privacy and security of that data, including personally identifiable information (PII), under the Family Education Rights and Privacy Act FERPA).  It is the expectation of the Mt. Vernon Board of School Trustees that School Corporation employees and students understand their role in preventing data breaches and that employees understand their responsibility should a data breach occur. 

The School Corporation shall notify the Indiana Office of Technology within 48 hours of any data breach.  In addition, Indiana residents must be notified if a security breach has resulted in exposure of their personal information, defined as a social security number or name in combination with a driver’s license number, account number, state identification card number, credit card number, financial account number or debit card number in combination with any required security code.  Should such a security breach occur, the School Corporation will notify affected persons by mail, telephone or email.  The School Corporation will also notify the Indiana Attorney General’s Office and, if more than 1,000 individuals are impacted by the breach, the School Corporation shall disclose to each national consumer reporting agency information necessary to assist the agency in preventing fraud, including personal information of an Indiana resident affected by the breach of the security of a system. 

Should an School Corporation employee or student become aware of a data breach, they are asked to notify the Director of Technology as soon as possible. The Director of Technology will coordinate with the superintendent, Chief Financial Officer and building level administrator (if applicable) to ensure that the breach is quickly addressed and that any required notification is sent.   The Chief Financial Officer will ensure that an appropriate separation of duties is in place to secure financial data.  The Director of Technology will ensure that only specified users have access to PII and that accounts are managed appropriately and deactivated when necessary.

The School Corporation will provide regular training on privacy and information security to all employees to ensure they are aware of protocols for recognizing and reporting data breaches and attempted data breaches.

Mt. Vernon Community School Corporation

• IC 4-13-.1-3-9, IC 24-4.9

• Adopted: 7/23/24
• Revised:9/8/25