Judge: Clark County schools may have immunity in lawsuit over 2023 cybersecurity breach:
Does Nevada state law provide them with a "Get Out of Jail Free" pass? It sounds like it may.
@douglevin @funnymonkey @brett @mkeierleber
#databreach #EduSec #cybersecurity #edtech #accountability #infosec
Judge: Clark County schools may have immunity in lawsuit over 2023 cybersecurity breach
A Clark County judge said she’s leaning toward granting the Clark County School District’s motion to dismiss a class action lawsuit related to a 2023 cyberattack.Rocio Hernandez (The Nevada Independent)
Doug Levin
Unknown parent • • •My sense is time and again parents are shocked and surprised when it happens - and simply presume that there must be some standard or law that offers them protection, when none exists.
Having said that, school systems (and other SLTT entites) have not been shy at seeking immunity from liability from their state legislatures. I'm not aware of a different 'powerful lobby' at work here.
Dissent Doe :cupofcoffee:
in reply to Doug Levin • • •Our tax dollars fund the school board attorneys and those who protect the interests of the districts and vendors -- not the parents, teachers, and students.
What a country.... ugh.
Doug Levin
Unknown parent • • •The notion that cybersecurity risk management is a wholly discretionary activity for K-12 school systems is the root issue here IMHO.
Yet, a K-12 cybersecurity standard of practice remains on the back burner due to a lack of broader public awareness of the issue and the lack of political will to deal with the costs of compliance.
Dissent Doe :cupofcoffee:
in reply to Doug Levin • • •Doug Levin
Unknown parent • • •Dorothea Salo
Unknown parent • • •I find college-student trust heuristics fascinating and don't pretend to have an accurate mental model of them.
"I trust an office if I've talked with an actual person from it" seems to be one tenet. I think it explains the Data Doubles survey finding that students do NOT trust librarians with their data -- they mostly haven't met any librarians.
Dorothea Salo
in reply to Doug Levin • • •IME students in higher ed operate under the same assumption. "Of COURSE my school protects my data well and doesn't exploit it!"
I've asked them why they believe this. They never have an evidence-based answer.
Doug Levin
in reply to Dorothea Salo • • •Dorothea Salo
Unknown parent • • •Yeah, we were a bit at it as well, especially given libraries' historical privacy commitments.
(Which we are very, very bad at communicating, for one thing, and aren't totally living up to, for another.)
But it was a strong finding: https://scholarworks.iupui.edu/server/api/core/bitstreams/5bcd839c-9fff-4f87-a43c-46a4fbe71391/content bottom of p 161
Dissent Doe :cupofcoffee:
Unknown parent • • •@dsalo
"Much of this research is reaching publication despite not employing best practices nor documenting respect for human-subjects research ethics, library-specific privacy and confidentiality ethics, and student data-privacy expectations."
😦 Well, that certainly cuts to the chase...
Dissent Doe :cupofcoffee:
in reply to Dorothea Salo • • •@dsalo
My generation (the Older Than Dirt Gang) grew up trusting librarians to protect our reading privacy and the First Amendment.
But now that so many kids don't want to hold actual books in their hands to enjoy, I can almost understand why they don't really appreciate how librarians and booksellers are great defenders and heroes.
Dorothea Salo
in reply to Dissent Doe :cupofcoffee: • • •weeeeeeeellllllllll we can be but sometimes also we're not.
I have a postprint just out about "sometimes we're not:" https://minds.wisconsin.edu/bitstream/handle/1793/85141/LLADataEthics_JLSC_4OA.pdf?sequence=1&isAllowed=y
Dissent Doe :cupofcoffee:
Unknown parent • • •Would this be a good time to remind everyone that I filed an inquiry and then FOIA on U.of Alberta over their social media research on "mental health" that left a crate DB exposed -- and that they haven't answered me in more than a year? The provincial regulator is investigating a formal complaint I filed with them asking them to look at whether the uni needed, or obtained any consent.
Dorothea Salo
Unknown parent • • •Yup. Attach that to "it's assessment/QA so it doesn't need ethics review!" and you end up in very dark places very quickly.
I have the start of a theory/policy piece about this complex of fail; I was waiting to go further on it until the FuckLVA piece came out.
But you can see a bit of my thinking in my Library Publishing Forum keynote from last year, e.g. https://speakerdeck.com/dsalo/she-cant-say-that-can-she?slide=28
She can't say that, can she? (with notes)
Speaker Deck