Author: Meghan Peterson

A company called Allium Data has recently requested public records from several schools. We expect that more of you will also receive these requests. Allium Data is a private company that gathers and reports data on the insurance industry. The request asks for:

“1. A copy of the last property & casualty insurance renewal summary for all lines of insurance purchased by the school district (general liability, auto, workers comp, professional, directors and officers, etc.). This document summarizes the insurance terms, limits, deductibles, premium and exclusions.

2. A copy of the last employee benefits insurance renewal summary for health, dental and vision plans sponsored by the school district. This document shows plan options available to the district’s employees and the pricing for employee, employee plus spouse, employee plus family.”

These two requests are straightforward and there are no exemptions that allow the district to withhold the records described. If you receive this request from Allium Data, you should treat it as you would any other public records request. First, you should identify whether you have the record so that you can provide the requester with written acknowledgment of the request within five (5) business days. This acknowledgment should provide the requester with one of three answers: (1) yes, we have the record; (2) no, we do not have the record; or (3) we do not know whether we have the requested record.

Districts should complete the response to a records request within 15 business days of receiving the request unless there are circumstances that justify a delay. If you fail to complete the response to a records request within 15 business days, you should give the requester written notification of a reasonable estimated date of completion. Usually, a response to a records request is complete when you have provided all requested records and/or statements explaining what records were not provided or why information was redacted from the records provided.

If you receive the above requests, we recommend providing the requested records without unreasonable delay. If you have any questions about responding to this or another public records request, please contact your school’s general counsel or PACE Legal Services at [email protected] or (503) 485-4900.  

A new video from PACE, Oregon’s leading provider of property and liability insurance for public education, demonstrates how vital it is to protect Oregon students from boundary invasion.

PACE, which stands for Property and Casualty Coverage for Education, has posted the video on its website. It offers a dramatic portrayal of how young people’s lives are scarred by incidents of sexual abuse and molestation, and the important role that students, school staff, parents and others can and should play in preventing and reporting such behavior.

Dave Harvey, PACE administrator, said the new video is part of PACE’s ongoing efforts to protect students.

“Our primary focus is keeping students safe,” Harvey said. “Because of societal taboos, for many years we’ve faced an uphill battle in reporting grooming behaviors that place young people in harm’s way. As a result, we have seen a steady toll of claims that damage students physically and emotionally.

“As a society we need to do better, and as an institution PACE is committed to leading the way.”

Harvey said that PACE members will be required to have their staff members watch the video as part of securing their 5% general liability discount. He said the video is an extension of the training and educational work being undertaken by McKenzie Nix, PACE’s sexual abuse prevention consultant.

Harvey also noted that anyone with a tip on school safety may report it anonymously to SafeOregon by texting or calling 844-472-3367 or sending an email to [email protected]. Emergency situations should always be reported to 9-1-1.

By: Patrick Massey, CISA Region 10 Regional Director, [email protected]

The relationship families have with their children’s schools has changed dramatically over the last few years. Today, parents and students interact online with schools and teachers in a variety of ways.

Through online grading, information shared on class assignments, instructor communication and scheduling classes, families have never been more electronically connected to schools.

While technological advances have increased accessibility and communications, malicious cyber actors are hard at work trying to exploit vulnerabilities in these systems.

Cybersecurity is a new challenge facing school administrators and school board members that could have far-reaching negative impacts if not addressed BEFORE a cyberattack occurs.

As elected school board members, you have the vital task of representing your respective communities to ensure students have access to the best education. But there is also the responsibility of a vast array of operational issues – most importantly personal data safety and information technology security.

Schools are particularly vulnerable to cyberattacks and are an especially lucrative target given the presence of sensitive student and staff data. A cyberattack can immediately damage a school and halt students’ learning. Cyberattack impacts range from restricted access to networks and data, delayed exams, canceled school days, and unauthorized access to personal information of students and staff.

The Cybersecurity and Infrastructure Security Agency (CISA) has developed resources to help K-12 schools and school districts address cybersecurity risks. CISA also offers simple steps school board members, administrators, principals and teachers can take to strengthen their cybersecurity efforts.

CISA recognizes that many K-12 entities may not have the resources needed to defend themselves from cyberthreats, like ransomware attacks. These entities are referred to as “target rich and cyber poor.”

To address these issues, CISA provides three recommendations to help K-12 leaders build, operate and maintain resilient cybersecurity programs:

1. Invest in the most impactful security measures and build toward a mature cybersecurity plan. See: Cross-Sector Cybersecurity Performance Goals | CISA
2. Recognize and actively address resource constraints.
3. Focus on collaboration and information-sharing. Consider joining the Multi-State Information Sharing and Analysis Center: MS-ISAC (cisecurity.org)

Additionally, CISA recently released a report Partnership to Safeguard K-12 Organizations from Cybersecurity Threats” with an accompanying toolkit to give schools targeted resources to improve their cybersecurity. 

The report provides recommendations and resources to help K-12 schools and school districts effectively reduce their cyber risk. This information is also critical to school board members to support their information technology staff who are working to improve resiliency against cyber intrusions.

The toolkit aligns resources and materials to each of CISA’s three recommendations along with guidance on how schools can implement each recommendation based on their current need. The toolkit also details free cybersecurity trainings and resources available for the K-12 community. 

This report is only a starting point. CISA will continue to engage with federal partners, such as the U.S. Department of Education, and work closely with state and local officials, school leaders and the private sector to identify areas for progress and provide meaningful support that measurably reduces risk.

We hope that leaders in the K-12 community – including superintendents, district and school administrators, school boards, and state policymakers – will take advantage of this report and toolkit to better understand and reduce their cyber risks. 

There is no more important institution to the future prosperity and strength of the United States than our K-12 education system. CISA stands ready to partner with schools to improve your cyber defenses and resiliency.

For more information or assistance, please contact the Northwest regional office for CISA at [email protected].