At MySchool, protecting your data is our highest priority. We are committed to maintaining the trust you place in us by implementing world-class security measures and exceeding all regulatory requirements. Recent events, such as the PowerSchool data breach, highlight the importance of robust privacy practices and proactive risk management. We want to reassure you that MySchool’s security infrastructure is designed to prevent similar incidents and safeguard your data at every level.
Background
The recent PowerSchool data breach appears to have been caused by compromised credentials belonging to a support contractor, which were exploited to access on-premise servers. This led to the unauthorized extraction of sensitive student and teacher data. While such breaches are a reminder of the evolving cybersecurity landscape, MySchool has implemented key safeguards that make a similar incident highly unlikely in our environment:
- Mandatory Multi-Factor Authentication (MFA): All staff accounts are protected with MFA, significantly reducing the risk of unauthorized access even if credentials are compromised.
- No Outsourced Technical Roles: Unlike many organizations, we do not subcontract technical roles involving access to sensitive systems or data. All employees undergo thorough vetting and adhere to strict security protocols.
- Streamlined Infrastructure: MySchool operates a unified platform with centralized monitoring and controls, making it easier to detect and mitigate potential threats quickly.
These differentiators reflect our proactive approach to security and our commitment to protecting your organization’s data.
BC's Privacy Obligations for School Vendors
In British Columbia, schools and their vendors must comply with the Personal Information Protection Act (PIPA) and the Freedom of Information and Protection of Privacy Act (FIPPA), which regulate the collection, use, and disclosure of personal information. These laws emphasize the importance of protecting student, parent, and staff data through "reasonable security measures" and require contracts with vendors to enforce compliance with BC privacy laws. Key obligations include ensuring that schools retain ownership of their data, providing rights for data return or secure destruction upon contract termination, and adhering to industry best practices for data security.
Ongoing Security Measures at MySchool
To ensure your data remains secure, MySchool adheres to rigorous security standards, including GDPR compliance and ISO 27001 certification. Here are some of the key measures we have in place:
- Infrastructure and Technology:
Data is encrypted both in transit (TLS 1.2/1.3) and at rest (AES-256).
Automated monitoring tools detect and respond to potential threats in real time. - Policies and Procedures:
Regularly updated policies for incident response, disaster recovery, and business continuity ensure readiness for any scenario.
Comprehensive risk assessments, vulnerability scans, and penetration testing are conducted regularly to improve our security posture. - Staff Training:
Employees receive ongoing training on cybersecurity best practices and compliance requirements such as GDPR. - Third-Party Management:
We perform thorough due diligence on all vendors to ensure they meet strict privacy and security standards.
GDPR vs. PIPA: Ensuring Comprehensive Protection for MySchool Users
The GDPR (General Data Protection Regulation) is widely regarded as the strictest data privacy regulation globally, setting a higher standard than BC’s PIPA (Personal Information Protection Act). GDPR mandates explicit consent for data processing, requires Data Protection Impact Assessments (DPIAs), and enforces significant penalties for noncompliance, ensuring proactive and robust privacy protection. While PIPA focuses on "reasonable security measures" and includes criminal sanctions for violations, it does not require the same level of transparency or accountability as GDPR, such as mandatory breach reporting within 72 hours. Despite these differences, MySchool’s adherence to GDPR ensures that users in British Columbia benefit from protections that exceed PIPA’s requirements. Moreover, any gaps in PIPA’s scope are fully addressed by MySchool’s comprehensive security measures, including ISO 27001 certification and rigorous data ownership policies. These measures ensure that all MySchool users, regardless of jurisdiction, are safeguarded against cyber risks.
Looking ahead
MySchool is committed to further enhancing our platform’s security features. This includes implementing native MFA support for schools, improving reporting tools for better visibility into security configurations, and exploring the establishment of a Canadian data center to better serve local clients. Your feedback on these initiatives would be greatly appreciated as we continue building a secure future together.
Thank you for trusting MySchool as your partner in education technology. We remain dedicated to safeguarding your data while delivering exceptional service.
Best regards,
Patrice Peyre
Managing Director
Comments
0 comments
Please sign in to leave a comment.