The new proposed amendments seek to protect the personally identifiable information for students and school personnel accessible by both educational agencies and contractors.
In the wake of 2018’s massive data breaches and lawsuits involving employers not protecting PII, organizations are waking up to the need to put specific policies, processes, and solutions in place to ensure the security of the personal information they maintain.
The proposed regulation includes a level of focus found in current consumer privacy laws such as GDPR, CCPA, and the Ohio Data Privacy Act. While most aspects of the security required remain generic, one aspect of the plan stands out – the specific need for Security Awareness Training. The regulation seeks to have all officers and employees with access to PII undergo annual training. It also intends that all employees take training around data security and privacy. The regulation also seeks to apply the same standards to third-party contractors.
Organizations employing Security Awareness Training elevate their user’s understanding of first, why being security-conscious is critical and needs to be in place as part of their job. Specific training around data security, privacy, handling of data, and good security practices will help to protect PII and other sensitive data sets. Lastly, Security Awareness Training educates users on cyberattacks, scams, and social engineering techniques used by cybercriminals to gain access to credentials, endpoints, and entire networks.
New York’s State Education Department is on the right track – by putting Security Awareness Training in place, the organization, its’ data, and users will all be more secure, lowering the risk of threat and data breach.