Talawanda board member’s account was used to access IEPs without authorization, investigation finds

Talawanda Board of Education member Dawn King’s district email was used to look at private IEP information last December, Board President Rebecca Howard said at a special session March 26.

Howard introduced a resolution to censure King, but the motion did not get any seconds to move to a vote.

At a school board meeting last Dec. 19, Scotty King, Dawn King’s husband, read a statement he said was from another parent who wrote that the district’s Google Calendar settings allowed anyone with a Talawanda email to access many teacher and administrator calendars. Some of those calendars included details on IEP meetings and disciplinary hearings which could have violated FERPA.

Later in the meeting, Dawn King said she was “kind of confused about the Google email data breach thing” and suggested that “maybe that is something we need to look into.”

The district subsequently began an investigation to determine who accessed Google Calendar and IEP information, Howard said on March 26. The investigation was under attorney-client privilege and required board approval to be released to the public. Only King voted against releasing the report.

The Oxford Free Press has requested the report.

King’s email account was used to access privileged information on “multiple occasions” between Dec. 8 and Dec. 16, including both IEP documents and calendars which her email account was not authorized to access, Howard summarized from the report.

The district partnered with a cybersecurity firm to determine which email accounts accessed which calendars and attachments. King’s email account was first used to access private information more than a week before her husband revealed the security issue. The access level on King’s Google Calendar was changed on Dec. 8 to prevent unauthorized access before the issue was made public.

The investigation also determined that multiple student accounts were used between 11:55 a.m. Dec. 15 and 10:26 p.m. Dec. 18 to access IEP documents without authorization. A student account was also used to access an administrator’s calendar on Dec. 14.

On Dec. 19, the same night Scotty King spoke at the board, an Oxford resident with no students in the Talawanda School District posted screenshots of a student’s IEP and calendar events in a public Facebook group, with redactions. Molly Farler, the parent of that student, spoke out against those who violated privacy laws during the March 19 board meeting.

“Those events have been under investigation for the last three months to determine who accessed those records and gave them to [that resident] to share,” Farler said. “We want to know the results of that investigation. I think every person in this room wants to know the results of that investigation.”

The investigation came after the district took action to secure the calendars, Howard said. The district accepts responsibility for correcting the calendar settings, a process that she said will continue.

In a statement posted the day after the December meeting, the district wrote that a “Google Suite setting issue” had allowed “students, staff, and third-party individuals with Talawanda email accounts to search and access Talawanda employee calendars.” The issue was “immediately addressed” by changing the universal privacy settings, and administrators met with staff to provide “additional training on how to utilize the necessary privacy settings.”

After the board addressed the calendar settings, Howard said the district had a responsibility to investigate the actions of those who “exploited and shared privileged information.”

Board member Pat Meade called for King’s resignation at the March meeting.

King, in turn, said that she “had enough” of being “relentlessly harassed, targeted and degraded by people who should know better.” She did not address how or why her email address was used to access privileged information and said she was “not going anywhere.” When asked directly by Meade, she stated that she declined to comment on the situation.