The Information Practices Act Notice Requirement of Data Security Breach Applies to School Districts (K-12)

Effective January 1, 2014, the Information Practices Act (“IPA”) will now require a local education agency (“LEA”) that owns or licenses computerized data that includes personal information to disclose any breach of the security of the system following discovering or being notified of the breach in the security of the data to any resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. Personal information means an individual’s first name or first initial and last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted: