Pittsford Central School District – Security of Personal, Private and Sensitive Information (PPSI) on Mobile Computing Devices and Extracurricular Cash Records and Collections (2016M-92)

Issued Date
August 12, 2016

Purpose of Audit

The objectives of our audit were to determine if District officials adequately safeguarded PPSI on mobile computing devices (MCDs) and cash collections for extracurricular activities for the period July 1, 2014 through January 21, 2016.

Background

The Pittsford Central School District is located in the Towns of Pittsford, Brighton, Mendon, Penfield and Perinton in Monroe County and the Town of Victor in Ontario County. The District, which operates nine schools with approximately 5,700 students, is governed by an elected seven-member Board of Education. Budgeted appropriations for the 2015-16 fiscal year totaled $122.6 million.

Key Findings

  • District officials have not adopted policies and procedures for staff use of personal removable storage devices or addressed security features such as passwords or data encryption, if PPSI is allowed on these devices, and did not have an inventory prepared evaluating where PPSI data resides.
  • Prenumbered receipts were not used by student treasurers.
  • Officials did not implement policies and procedures over athletic event admissions.
  • The athletic director did not monitor or periodically reconcile the athletic event ticket inventory to account for the number of tickets sold.

Key Recommendations

  • Adopt formal written policies to protect PPSI on MCDs and ensure that a complete classification and inventory of PPSI stored on all District computer equipment is prepared to ensure data confidentiality, integrity and availability.
  • Ensure that prenumbered cash receipt forms are used.
  • Develop policies and procedures for handling cash collections for athletic events.
  • Monitor and periodically reconcile athletic event ticket inventory to account for the number of tickets sold.