Citizen Portal
Sign In

Bullitt County reviews data-security and breach-notification practices ahead of new school year

5587619 · August 12, 2025

Get AI-powered insights, summaries, and transcripts

Subscribe
AI-Generated Content: All content on this page was generated by AI to highlight key points from the meeting. For complete details and context, we recommend watching the full video. so we can fix them.

Summary

District technology staff briefed the board on federal and state data-security rules, vendor safeguards, two-factor authentication, vulnerability scans and GoGuardian admin as a replacement for an older filter; presenters emphasized CIPA compliance for E-rate funding and outlined state reporting contacts.

District technology staff reviewed the district’s data-security and breach-notification procedures and described several layers of protection the district uses ahead of the new school year.

What was presented: The district’s annual data-security presentation covered federal laws and state rules that affect district practice — the Family Educational Rights and Privacy Act (FERPA), the Children’s Online Privacy Protection Act (COPPA) and the Children’s Internet Protection Act (CIPA). Staff emphasized that CIPA compliance is required to receive E-rate funding. Presenters also cited a Kentucky regulation governing school district data security and breach investigation procedures (presented as 702 KAR 1:170 in district materials) and described the district’s reporting obligations to state authorities in the event of an incident.

Notification and reporting: Presenters said the district must notify affected individuals immediately if their personal information is breached unknowingly and must report the incident within 72 hours to state authorities; the materials listed a form/email process that notifies the Kentucky attorney general, the State Police, the Department for Library and Archives and the State Office of Technology.

Security measures: Staff noted multiple technical and operational controls in place, including Google Data Loss Prevention tools, access-permission limits, two-factor authentication, third-party vulnerability scans run through a vendor identified as SISA, and an upcoming RapidIdentity user‑management rollout offering additional authentication options (including pictograph choices for younger students). GoGuardian Admin will replace the district’s older LightSpeed filter for web- and content-filtering; the district already uses GoGuardian Teacher for classroom management.

Why it matters: District staff framed the presentation as both a compliance review and a briefing on operational steps the district has taken to prevent data loss and to detect vulnerabilities, with biweekly vulnerability reports protected by two‑factor authentication.

Attribution: Technology staff who presented the review explained the systems in place and are responsible for follow-up actions; no board action was required on the day’s presentation.