Data Breach Notification

Data Breach Process:

In the event that Danbury Public Schools is notified that there was a breach of security that resulted in the unauthorized release of student information, a general notice will be posted here.

There are currently no notifications.


48-hour Notice of Breach of Security

Upon receipt of notice of a breach of security by a contractor, a board of education must, within forty-eight (48) hours, notify the students and the parents or guardians of the students whose student information, student records, or student generated-content was involved in such breach.  The local or regional board of education must also post notice of the breach on its website.

Source: Shipman & Goodwin



Requirements for Contractors: Restrictions and Data Breaches:

30-Day notification period in event of unauthorized release of student information

Upon the discovery of a breach of security that results in the unauthorized release of student information (excluding directory information)[v] a contractor must notify the board of education of such breach without unreasonable delay, and in no case later than thirty (30) days from discovery of the breach.  During that 30-day period, the contractor may (1) conduct an investigation to determine the scope of the unauthorized release and the identity of the students whose information was compromised or (2) restore the integrity of the contractor’s data system.

60-Day notification period in event of unauthorized release of directory information, student records, or student-generated content

Upon the discovery of a breach of security that results in the unauthorized release of directory information, student records, or student-generated content, the contractor must notify the board of education without unreasonable delay and in no case later than  sixty (60) days from discovery of the breach.  During the 60-day period, the contractor may (1) conduct an investigation to determine the scope of the unauthorized release and the identity of the students whose information was compromised or restore the integrity of the contractor’s data system, or (2) restore the reasonable integrity of the contractor’s data system.

Source: Shipman & Goodwin