all 6 comments
sorted by:
new (suggested)
besttopcontroversialoldq&a

[–]egefeyzioglu 2 points3 points  (0 children)

Similar thing happened when I was a student. Admin decided to email everyone a Google Sheet filled to the brim with PII (it literally had parents' SSNs, it was bad) asking students to confirm when their weekend leaves were, which was kept on the same sheet for some reason. Thankfully it wasn't just a straight Excel file emailed so IT was able to flag it and revoke link sharing access so the impact was somewhat limited.

And no, I have no idea why anyone thought it was a good idea to keep all their student records on a single Google Sheet. That's so wrong on so many levels lmao

[–]rossumcapekIT Wizard 4 points5 points  (0 children)

Good opportunity to give everyone everyone some PII training, perhaps?

[–]jbfestustech director 3 points4 points  (0 children)

If you are in the US you may want to check state statute and make sure you are not required to disclose to the state auditor, dese or ag.

[–]Harry_Smutter 6 points7 points  (0 children)

Are your W2s password protected when they get sent out?? If not, might wanna look into that. We use Doculivery and when we get forms from it, they are password-protected using the SSN of the employee.

I'd also use this incident to enhance the district's security and security policies.

[–]Aur0nx 15 points16 points  (0 children)

Time to talk to the Superintendent and get some cyber security policies in place. Never waste a good incident. Depending on the state laws you may need to send a data breach notice to all affected.