CEOS and Boards of Directors:
Take control of cybersecurity liability
Are You Certain You’re Protected?
Could you demonstrate, in court or to regulators, that you exercised active, informed oversight of your district’s cybersecurity?
Do you have documentation and processes that would withstand legal scrutiny if a student or parent sued after a data breach?
Are you confident your current approach would be seen as reasonable and sufficient by a judge-not just your IT team?
CBS Reports: Cyber Attack Cripples Tucson Unified School District
Your IT staff and vendors can describe what systems are in place, but their guidance is “as-is”—not a judgment on whether those measures meet legal standards.
As Superintendent, you're ultimately accountable for evaluating the quality of that advice.
That means exercising discernment, not delegation.
When legal liability is on the line, only legal expertise counts.
School Districts In The News
Toledo Public Schools Faces Legal Action After Data Breach Leaks Personal Data
Under public scrutiny and legal risk, steady leadership proved key to weathering the storm.
Toledo, OH — The Toledo Public School System is facing a lawsuit following a cybersecurity breach that exposed sensitive personal information of students and staff, including names, dates of birth, and Social Security numbers. The breach has raised concerns about potential identity theft and other harms to those affected. Legal proceedings were initiated to determine the school district’s liability in connection with the exposure of the data and to assess the adequacy of its cybersecurity measures and incident response. In the wake of the attack, district leadership came under significant scrutiny. Public pressure mounted for a swift and transparent explanation of how the breach occurred and what was being done to mitigate its impact. Deputy Superintendent Jim Gant played a key role in the district’s response. According to sources familiar with the investigation, Gant demonstrated a clear understanding of the district’s cybersecurity framework and helped coordinate the district’s legal and operational response to the incident. These sources indicated that planning steps taken prior to the incident, along with Gant’s cooperation with federal investigators and the district’s timely notifications, were important factors in meeting the district’s legal obligations. While the district itself was ultimately held accountable for the breach, no personal liability was attributed to Gant. Sources close to the matter noted that his role in managing the crisis response helped prevent further fallout at the leadership level.
Memphis-Shelby County Schools vs. PowerSchool Holdings Inc.
A Legal Battle Over Data Breach, Student Privacy, and Negligence in K–12 EdTech
Memphis, TN — In May 2025, Memphis-Shelby County Schools, one of Tennessee’s largest public school districts serving over 110,000 students, filed a federal lawsuit against PowerSchool Holdings Inc. following a major cyberattack in December 2024 that compromised sensitive data. The lawsuit alleges that hackers infiltrated PowerSchool’s widely used student information system, gaining unauthorized access to highly sensitive personal data of students, parents, and staff, including names, addresses, dates of birth, Social Security numbers, and phone numbers. According to the complaint, PowerSchool failed to implement basic cybersecurity measures that could have prevented the breach, violating its contract and engaging in false advertising by promising robust data protection. The district claims it was not notified of the breach for nearly two weeks, during which time stolen information may have been sold on the dark web, and some districts were even extorted by hackers. The lawsuit seeks financial relief for actual and compensable damages, including costs related to mitigating identity theft, addressing community concerns, and managing significant operational disruptions caused by the breach, which has deeply affected the community and its trust in data security.
Superintendent Faces Public Scrutiny After LA School District Cyberattack
Carvalho pressed for transparency as parents and advocates demand answers on leaked sensitive student data
Los Angeles, CA — After the major cyberattack on Los Angeles Unified School District, Superintendent Alberto Carvalho faced intense scrutiny from parents, advocates, and the media over the district’s handling of the breach. Many in the community expressed frustration with what they saw as inconsistent and limited communication from district leadership, especially regarding whether sensitive student and staff information had been compromised. Carvalho repeatedly assured the public that the data release was limited and insisted there was no evidence of a widespread leak of truly sensitive or confidential information. However, independent investigations revealed that the breach was more severe than initially disclosed, with thousands of files-including student psychological evaluations, Social Security numbers, and other highly sensitive records-leaked on the dark web. The district ultimately acknowledged that approximately 2,000 student assessment records, including psychological evaluations for both current and former students, were exposed. This revelation fueled further demands for transparency and accountability, as parents and legal advocates criticized the district for failing to notify affected families promptly and for not acting on known cybersecurity vulnerabilities. Lawsuits were filed alleging that the district’s mitigation efforts were inadequate and that LAUSD violated state data breach notification laws. The fallout from the breach has left many families worried about the long-term risks to their children’s privacy and has intensified calls for stronger data protection measures in public schools
PowerSchool Data Breach Class-Action Lawsuit
Unpacking the Fallout: How the Breach Impacts Students, Schools, and the EdTech Industry
San Diego, CA—A class-action lawsuit has been filed against PowerSchool Holdings Inc. following a major data breach in December 2024 that exposed the sensitive personal information of an estimated 60 million students, families, and school personnel across North America. The breach, which occurred through PowerSchool’s widely used Student Information System (SIS), allowed hackers to access names, addresses, dates of birth, Social Security numbers, medical information, grade and attendance records, and other confidential data. The lawsuit alleges that PowerSchool was aware of the significant risks associated with storing such vast amounts of sensitive data but failed to implement basic cybersecurity measures, such as multi-factor authentication and proper access controls, that could have prevented the breach. Internal reports indicate that PowerSchool ignored known security vulnerabilities, and the breach went undetected for months until the hacker contacted the company directly. Plaintiffs claim that PowerSchool’s negligence has resulted in ongoing risks of identity theft and financial harm for affected students, families, and educators, as the stolen data may be sold repeatedly on the dark web. The legal action seeks financial compensation for those impacted and demands that PowerSchool strengthen its security systems to prevent future breaches. The lawsuits also highlight the lack of timely notification to victims, further limiting their ability to protect themselves from potential misuse of their personal information
WHY YOUR ORGANIZATION NEEDS TEMVI
New Title
All organizations use some form of cybersecurity. But did you know that —by law--you must verify that your level of protect ion is adequate. As a CEO or board member, what assurance do you have that you will not be held liable in the wake of a cyber attack on your organization? Ask your current cybersecurity provider if they offer you any of the following: LEGAL ASSURANCE AGAINST CYBER RISK Do they guarantee that their services will offer you sufficient protection from third-party liability if you are attacked? TEMVI provides CEOs with a guarantee that their oversight is legally sufficient. Seeking and following legal advice protects you from liability. CONFIDENTIALITY OF DATA If you are sued, your IT and cybersecurity vendors can be called to testify against you. Their work for you can also be subpoenaed by the government or a plaintiff. TEMVI—as lawyers—must protect your privacy. We can never disclose your information to any party for any reason. This includes the government or law enforcement. ADMISSIBILITY OF EVIDENCE IN YOUR DEFENSE TEMVI gives you a legal assurance that evidence--in your defense--will be admissible in court. INSURANCE CLAIM ASSURANCE Did you know that your Errors and Omissions or Cybersecurity Insurance policies require "legal due diligence" as a condition of paying any claim? Many parties only discover that they have not met this high and specific standard following an incident from the Insurer’s attorney. TEMVI assures you that your cyber-insurance policy will pay your claims. Essentially, we provide your board and CEO with the peace of mind that comes from knowing that all parties who touch, connect with, or use your IT system will be doing so with legally appropriate CEO and board oversight. We look forward to having a conversation to help you negotiate this exciting process. Thomas View, Esq. General Counsel and Managing Director TEMVI, PLLC
About Us
The Problem We Solve CEOs and board members are personally responsible for cybersecurity. Following a cyberattack, injured parties will often seek to hold CEOs and board members legally responsible for damages. Under the law, CEOs and directors are considered fiduciaries and are personally accountable for damages suffered. Our Mission Mastery of cybersecurity is a required core leadership competency for most organizations in the current world. TEMVI provides affordable, easy-to-understand and follow cybersecurity roadmaps for leaders who wish to master the management and security of information. Information is the core of our knowledge-based society and is the cornerstone of our ability to collaborate. Accurate, secure information is the core of every modern enterprise, government and society. We strive to lead the effort to encourage the spread of this knowledge throughout the world. Our Firm TEMVI, PLLC is a law firm with deep cybersecurity expertise. We help CEOs and board members understand and manage their cybersecurity duties. Failure to manage these duties could result in civil or criminal liability for CEOs or board members. The Internet has become more and more connected with the physical world. Following a cyber attack, the cars, trucks and machines connected to the Internet can malfunction. Parties sometimes are seriously injured or die from these malfunctions. Injured parties typically will name CEOs and board members--in their personal capacity--as defendants in legal actions. Our attorneys and engineers have more than 30 years of experience understanding and managing this cyber risk. TEMVI is led by Donald Temple, Esq.,, Dr. Timothy McKnight, MD,MHS, Thomas View, Esq. and Bruce Hargrave, CISSP. TEMVI, PLLC is a joint venture between TEMVI, PLLC & Team Consulting, Inc.
Team
Donald Temple, Esq. BA, JD, LLM
Managing Director
LLM, Georgetown University Law Center JD University of California Santa Cruz BA Howard University
Dr. Timothy McKnight, MD, MSHM
Chief Strategist and Advisor, Healthcare Administration
MD, Tufts University School of Medicine MS, Healthcare Management, University of Texas BS, Biology, Brown University Pediatric Residency, University of Chicago
Mr. Thomas View, Esq., BA, JD
Managing Director
JD Georgetown University Law Center BA Oberlin College Technische Universiteit Delft University of Minnesota - Carlson School of Management
Bruce Hargrave CISM, CDPSE, PMP, ITIL
Managing Director
University of Virginia BS, University of Maryland