Data Breach Disclosures

Introduction

At Minooka CCSD 201, we prioritize the security of student, family, and staff data. We understand the significant responsibility entrusted to us and are committed to safeguarding personal information. This disclosure statement outlines our dedication to data protection and the steps we take in the unfortunate event of a data breach, including those that may arise from issues with third-party vendors.

Our Commitment to Data Security

We employ a comprehensive range of security measures to protect personal information from unauthorized access, use, or disclosure. These measures include:

  • Data encryption: Sensitive data is encrypted both during transmission and while stored.
  • Access controls: We strictly limit access to personal information, granting it only to authorized personnel with legitimate educational interests.
  • Regular security assessments: We conduct regular security assessments and vulnerability scans to identify and address potential weaknesses in our systems.
  • Employee training: We provide mandatory data security and privacy training to all employees and contractors.
  • Vendor selection and oversight: We carefully select vendors and require them to adhere to strict data security and privacy standards. We regularly assess their security practices and compliance.

In the Event of a Data Breach

While we strive for perfect security, data breaches can still occur. In the event of a data breach, whether originating from our systems or a vendor's, we will:

  1. Immediately investigate: We will promptly investigate the breach to determine the scope, cause, and specific data affected.
  2. Contain the breach: We will take immediate action to contain the breach, prevent further unauthorized access, and mitigate damage.
  3. Notify affected individuals: We will notify affected students, families, and staff as quickly as possible if their personal information is compromised, providing details about the breach and recommended actions.
  4. Provide support: We will offer guidance and resources to help affected individuals protect themselves from potential harm, which may include credit monitoring services or identity theft insurance.
  5. Cooperate with authorities: We will fully cooperate with law enforcement and relevant regulatory agencies in their investigation of the breach.
  6. Review and improve: We will thoroughly review our security practices and vendor agreements to identify areas for improvement and prevent future incidents.

Addressing Vendor-Related Breaches

We recognize the potential risks associated with third-party vendors. In the event of a vendor-related breach, we will:

  • Hold vendors accountable: We will hold vendors accountable for their role in the breach and require them to take appropriate remedial actions.
  • Reassess vendor relationships: We will reassess our relationship with the vendor and consider alternative solutions if necessary.
  • Enhance vendor oversight: We will strengthen our vendor oversight processes to minimize future risks.

Notification Procedures

We will notify you of a data breach in accordance with applicable laws and regulations, such as the Family Educational Rights and Privacy Act (FERPA). Notification may include:

  • Written notice: We may send you a written notice by mail or email.
  • Telephone notice: We may contact you by telephone.
  • Public notice: We may post a notice on our website, in local media, or through other communication channels.

Contact Information

If you have any questions or concerns about our data security practices or this disclosure statement, please contact us at:

Aaron Souza
Director of Information Technology
asouza@min201.org

Updates to this Statement

This disclosure statement may be updated periodically to reflect changes in our practices or applicable laws. We will post any changes on our website and notify you as required.

Effective Date: 01/08/2025