Parent plans to file class action lawsuit against Talawanda as board votes to censure board member

The Talawanda Board of Education has voted 4-1 to censure board member Dawn King, the same night a parent announced a class action lawsuit against the district for failing to secure sensitive student information through its use of Google Classroom.

Last month, the board voted to make public a cybersecurity investigation which showed that King’s credentials had been used to view staff calendars and sensitive student information last December, up to a week and a half before her husband made the issue public at a board meeting. The censure vote for her conduct came during an April 17 meeting, though King maintained that she acted within the scope of the technology use policy.

At the same meeting, parent Suzy Stein announced that she planned to file a class action lawsuit against the district for keeping student information including Individualized Education Programs (IEPs) — sensitive documents which can include accommodations, medical details and family history — in a publicly accessible format. Draft IEPs, teacher disciplinary hearing information and other documents had been attached to some staff Google Calendars visible to anyone with a Talawanda account.

After the issue was made public, the district said it provided additional staff training the next morning and set the universal Google Suite privacy settings to the “most restrictive setting.” The district statement did not address why some calendars were public in the first place but wrote that the situation was “a Google Suite issue, NOT an issue created by TSD” and that it had notified other school districts in the county.

Board members and members of the public alike weighed in on both sides during the fiery April 17 meeting, with calls for King, superintendent Ed Theroux  and other board members to resign.

What the Kings say

During a board meeting Dec. 19, Scotty King, Dawn King’s husband, read a statement he said was provided to him by an anonymous parent, detailing how some staff and administrator Google Calendars were visible to anyone with a Talawanda account. This included attachments ranging from teacher disciplinary information to drafts of students’ IEPs.

A cybersecurity investigation, conducted by a private company on behalf of the district and made public at a special meeting in March, found that Dawn King’s account was used to access administrator calendars and IEPs in the weeks before her husband brought the issue to the school board’s attention.

King confirmed in a statement provided to the Oxford Free Press and posted online after the April 17 board meeting that she accessed calendars using her district-issued credentials and said she believes her actions were within the scope of her duties as a board member.

According to Talawanda’s staff technology acceptable use, both the board and the Southwest Ohio Computer Association (SWOCA) “reserve the right to monitor any system or network information and activity to assure compliance with applicable policies, procedures, and rules.” Both SWOCA and the board have “a right to all material stored on the network which are accessible to others,” the policy states. All board members are required to sign the policy.

“I did not upload IEPs, expose student data, or make any calendar public,” King wrote in her statement. “That exposure occurred due to poor administrative safeguards — a fact I flagged internally long before this became public.”

Others on the board maintained that King had exceeded her authority. According to the investigation, King’s calendar settings were set to private on Dec. 8, 2024, and her account was first used to access IEPs on Dec. 14, five days before the issue was made public.

Scotty King said during the April 17 meeting that Dawn King doesn’t share information with him. He reiterated that an anonymous source provides him with information, which he shares “as a concerned citizen.”

The same night Scotty King revealed the issue last December, podcaster Sean Brooks posted a step-by-step process of how to access sensitive documents through Google Calendar to social media, along with screenshots of a student IEP with everything but the parent’s name covered. The district’s cybersecurity investigation found that student accounts were used to access the same IEPs as Dawn King’s account in the days after her account was used to access them.

“I did not take any screenshots, download, photograph or share any information or accessed data I saw in the Google calendar with anyone,” King told the Free Press after the April 17 meeting. “The information on how to access the calendars was shared with me but I did not share that with anyone else.”

During comments at the meeting, King said many administrators’ calendars were already set to private prior to December, but Theroux’s was not. That, she said, was evidence of a lack of respect among administrators who didn’t notify Theroux that his calendar was public.

King called for work sessions on how to protect student information going forward and on disciplinary action against Theroux. She also asked for the district to replace its current legal representation and a written retraction from the district to its blog stating that King was within her duties as a board member to access information.

King requested an additional retraction from the Oxford Free Press for its previous reporting on the school board and her alleged conduct. The Free Press declines and stands by its reporting, which accurately reflects the cybersecurity investigation report released by the school district, which labeled King’s access to documents as unauthorized.

The Free Press provided King with four opportunities to comment over a five-day period and received no response. King argued at the April 17 meeting that it is a mischaracterization to label her access to information as unauthorized, and this and future stories will specify her stance.

What members of the public say

The school board has been mired in controversy and infighting for months. Ted Caudill, co-president of the Talawanda Educators Association (TEA), said at the April 17 meeting that the TEA was “surprised and disappointed” by the results of the cybersecurity investigation and called King’s alleged actions unconscionable. He extended blame to the rest of the board, as well, for feeding into the “circus” of the past year.

“This has been embarrassing, and we’ve suffered a severe crisis of confidence, yet the district continues to succeed … We, as employees, parents and taxpayers are afraid that the security of our students and staff is under attack and that our board’s priorities and motivations are not in the best interest of students, parents, employees and the taxpayers of the district,” Caudill said. “The crises facing our district are those of the board’s making, either through inappropriate conduct or the inability to quell that conduct.”

Two parents called for King’s resignation April 17, while multiple others, including former school board candidate Mendy Napier, criticized district administrators and other members of the board for their handling of the situation.

Sean Brooks, who one parent accused last month of posting a photo of her child’s IEP on Facebook with everything except the parent’s name blurred out, said the district violated student privacy rights by making the SureFire investigation public. The investigation — provided to the Free Press and others through public records requests — included student IP addresses but redacted student credentials.

“You voted to release a document that exonerates Dawn King [and] indicts you as being careless in your Google system, and you voted to release this document with 17 IP addresses unredacted,” Brooks said.

King said the inclusion of IP addresses in the cybersecurity report had been why she voted against its release last March. 

Parent Jenny Fisher said she was disappointed that the security vulnerability was not immediately reported to district leadership when it was identified.

“It was mentioned in a different speech — if you see something, say something,” Fisher said. “At what point did it become if you see something, try to create a stir on social media and embarrass the school? I am not embarrassed for the school. I am embarrassed for the adults who thought this was a good idea.”

What members of the board say

All board members excluding King voted at the end of the April 17 meeting to adopt a resolution of censure against her. Censures are official reprimands but carry little weight. School board members may only be removed through a voter-initiated process for “gross neglect of duty, gross immorality, drunkenness or other flagrant misconduct in office,” according to the Ohio School Boards Association.

The language of the resolution alleges that King violated three district policies and one administrative guideline by accessing student information including IEPs, “using District technology resources for purposes which are inconsistent with the District’s educational goals/mission.” While King maintains that she had a legal right to access the information to “assure compliance” as stated in the technology acceptable use policy, the resolution alleges that King used district resources to access personally identifiable information without holding “a legitimate educational interest in” it.

The other policies referenced in the resolution include staff use of personal communication devices, access to district technology and information resources from personal communication devices and s

According to the administrative guideline on technology acceptable use, “must conduct themselves in a responsible, efficient, ethical, and legal manner” when using district technology. Technology use “must be consistent with the educational mission and goals of the District.” The guidelines also prohibit staff members from accessing other users’ and the district’s non-public files and says they may not “may not intentionally seek data/information on, obtain copies of, or modify files, data, or passwords belonging to other users.”

In adopting the censure resolution, King’s colleagues allege that her use of district technology to access calendars was inconsistent with the district’s educational goals and mission. Her conduct in “Not disclosing her use/access of personally identifiable student information to the Board of District administration and causing the Board to expend funds to uncover her misconduct” also constituted a violation of policy, the censure resolution alleges.

During heated remarks, board member Matt Wyatt accused King of destroying “every ounce of trust that her fellow board members, district employees and now families of Talawanda have for her.” Her and her husband’s actions over the past year, he alleged, including dozens of public records requests, had created a “climate of fear” among parents and staff.

King responded to some of Wyatt’s comments as he made them, and members of the audience erupted in shouts when he told her to “be quiet” and let him talk. He referred to the other parents alleged to have looked at calendars prior to the December meeting as “a group of halfwits.”

Board member Pat Meade said the focus on the cybersecurity investigation and personal conflicts has distracted from the board’s educational mission. Board member Chris Otto said Wyatt’s comments reflected his thoughts on the situation and that the district had “wasted time and money” on the issue because it wasn’t handled internally first.

A lawsuit against the district

One parent, Suzy Stein, announced plans to file a class action lawsuit against the district for putting sensitive student information including IEPs on Google Calendars without ensuring that the calendar settings were private. She announced the lawsuit to applause at the April 17 meeting.

Stein previously wrote in an April 13 email to administrators provided to the Free Press and posted online that she was one of the parents who used her child’s account to access calendar information. Her son would have faced multiple disciplinary actions if she didn’t acknowledge having opened the calendars herself through her son’s account, she wrote in the email. She characterized this as extortion both in the email and in comments made during the April meeting.

“We the citizens of this community did not elect you to be unprofessional, lack integrity, ethics and morals, as well as run this district through fear and intimidation,” Stein said. “We are calling for not only the immediate resignation of the superintendent and the one providing all the records that continue to repeatedly violate FERPA, but also the board members who voted yes to this investigation and extortion of students. This is absolutely unacceptable on every level, from all of you.”

The lawsuit had not been filed in county or federal court as of 1:30 p.m. April 21, according to Butler County and federal court dockets. Stein declined to be interviewed by the Free Press.

The board is set to meet again at 7 p.m. May 15 at Talawanda High School’s Performing Arts Center. All meetings are streamed on the district YouTube channel, where members of the public can also watch previous meetings.