Share
))
HBO and The Ringer's Bill Simmons hosts the most downloaded sports podcast of all time, with a rotating crew of celebrities, athletes, and media staples, as well as mainstays like Cousin Sal, Joe House, and a slew of other friends and family members who always happen to be suspiciously available.
…
continue reading
When student data is hacked & stolen: Regulators’ lessons from the #PowerSchool data breach
Privacylawyer - Canadian privacy and technology law with David Fraser
Manage episode 524239979 series 3689633
Content provided by David Fraser. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by David Fraser or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://staging.podcastplayer.com/legal.
A close look at the #PowerSchool #cybersecurity incident, perhaps the largest education-sector data breaches ever investigated in Canada, and the findings issued by the Information and Privacy Commissioners of Ontario and Alberta.
PowerSchool is widely used by Canadian school boards to manage student information, including enrollment, grades, contact details, and medical alerts. In late 2024, a threat actor gained access to PowerSchool’s systems using compromised credentials belonging to a support contractor, allowing them to exfiltrate sensitive student and educator data affecting millions of individuals across multiple provinces.
This video explains:
► What PowerSchool is and how school boards rely on it
► How the cyberattack occurred and what data was accessed
► What Ontario and Alberta privacy regulators investigated
► Where the regulators’ findings align — and where they differ
What this case teaches about outsourcing, vendor oversight, and accountability under Canadian privacy law
Both regulators concluded that school boards remained legally responsible for protecting personal information, even though PowerSchool operated the systems. The investigations highlight failures in cybersecurity safeguards, contract management, data retention practices, and breach preparedness — and underscore the heightened sensitivity of children’s personal information.
Relevant links:
► Ontario finding: https://www.ipc.on.ca/en/resources/powerschool-report
► Alberta finding: https://oipc.ab.ca/wp-content/uploads/2025/11/FINAL-Investigation-Report-Regarding-PowerSchool-Breach-FOIP2025-IR-02.pdf
► Saskatchewan finding: https://oipc.sk.ca/assets/la-foip-investigation_003-2025-035-2025.pdf
Where you can find me
► Privacylawyer blog: https://blog.privacylawyer.ca
► My law firm: https://www.mcinnescooper.com/people/david-fraser
► Twitter: https://twitter.com/privacylawyer
► LinkedIn: https://www.linkedin.com/in/davidtsfraser
Disclaimer: This is intended for education and information only and should not be taken as legal advice. If you need advice for your particular situation, you should seek out qualified counsel.
All views expressed are solely those of the creator and should not be attributed to his firm or any of its clients.
18 episodes
