The video above is from a previous report.

BAY VILLAGE, Ohio (WJW) – The Bay Village City School District gave an update Thursday after private student records for the entire senior class were released last month.

A Bay High School staff member intended on emailing seniors and their parents a copy of their transcripts back in November, according to a letter to parents.

Instead, the email sent out to families included incomplete transcripts for all of the senior class, including students’ names, addresses, phone numbers, grades, permanent student ID numbers, state test scores and college readiness test scores. According to the district, this was human error, not a technology breach.

The district said the staff member in question was immediately placed on paid administrative leave. That staff member has since announced their retirement, which was approved by the board of education on Monday.

After the breach happened, interim superintendent Char Shryock said the district took the following steps:

  • Immediately upon notification that the email had been sent, pulled back the email and link to the attached pdf file from all student/district email recipients.
  • Initiated steps to notify students of the need to change passwords, then monitored accounts to ensure passwords had been reset. 
  • Searched student Google accounts for the pdf file and deleted any copies that had been saved. 
  • Worked with School Messenger, the component within PowerSchool that allows them to send email messages to students and families, to ensure the link was disabled and the file was no longer available for download.

The district reported it to the U.S. Department of Education’s Federal Student Privacy Policy Office, who responded with the following statement:

“We want to acknowledge and thank you for your November 23, 2021 self-report of the data breach incident that occurred at Bay High School. We appreciate when institutions take a proactive approach by instituting a corrective action plan based on their assessment of their institution’s data breach while concurrently providing notice to the Department so that we may better address any complaints received relating to your institution’s breach incident. Based on the information you provided within the Self-Report, we have determined that we need take no action at this time as your remedial actions appropriately address your incident.”

The district also reported it to the Ohio Department of Education, who released the following statement:

You’ve handled everything as it should be done and there is nothing from a state perspective that needs to happen.”

Social security numbers, discipline information, special education plans and financial, medical and insurance information wasn’t included in the email.

“Please know that I take student data privacy seriously, and I am continually looking for ways to ensure this does not happen again. My sincere apologies to all who were affected by this very unfortunate situation. I am here to answer your questions,” Shryock said.