The Information Practices Act Notice Requirement of Data Security Breach Applies to School Districts (K-12)

November 15, 2014

Effective January 1, 2014, the Information Practices Act (“IPA”) will now require a local education agency (“LEA”) that owns or licenses computerized data that includes personal information to disclose any breach of the security of the system following discovering or being notified of the breach in the security of the data to any resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. Personal information means an individual’s first name or first initial and last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted:

The material and information on this web site are made available by School & College Legal Services (“SCLS”) for informational purposes only and should not be considered legal advice. The transmission and receipt of information on the web site do not form or constitute an attorney-client relationship. Persons receiving information on this web site should not act upon the information provided without seeking professional legal counsel. Some links within this site may lead to other sites. The SCLS site does not incorporate any materials appearing in such linked sites by reference, and the firm does not necessarily sponsor, endorse or otherwise approve of such linked materials. SCLS wants you to be aware that when you click on links, which take you to third-party web sites, you will be subject to such third-party privacy policies. While we support the protection of privacy on the Internet, SCLS expressly disclaims any and all liability for the actions of third parties, including without limitation actions relating to the use and/or disclosure of information by third parties.

Contact SCLS