January 18 (Albany) – NYS PTA is closely monitoring news that Questar Assessment, Inc., the vendor that administers the grades 3-8 Math and English Language Arts assessments, has had a data breach.
We were notified early this evening by the State Education Department (SED) that data for 52 students in five schools was breached, purportedly by a disgruntled former Questar employee.
We are very pleased with SED’s timeliness and transparency in responding to this incident, and support the mandates that SED has placed on Questar, which include:
1. Force password resets on all user accounts and closing accounts of all former employees;
2. Hire an independent third party to perform a security audit of Questar’s systems and security protocols, policies and procedures. Such security audit must be completed, and the results of such audit provided to SED, no later than February 20, 2018; and
3. Submit a written corrective action plan to the Department no later than January 26, 2018, detailing the actions Questar has taken and will take to ensure that this does not occur again in the future.
We further support other mandates and protections to appropriately censure Questar and to appropriately and adequately protect our children’s data.
Data privacy will remain the highest priority for NYS PTA, parents and families. Our Executive Director, Kyle Belokopitsky, sits on the new NYS Data Privacy Advisory Council and we will continue to engage on this critical issue.