This article explores the risks associations face in an increasingly interconnected digital landscape, why they cannot afford to treat cybersecurity as an afterthought and the practical steps they must take to safeguard their reputations.
When the Toronto District School Board (TDSB) announced a data breach in January 2025, the problem was not their servers. It was not even their systems. The breach happened in PowerSchool, the third-party platform TDSB relied on to manage student records. For a brief moment, that distinction seemed important. But not for long. The outrage wasn’t directed at PowerSchool; it landed squarely on TDSB.
The breach revealed something fundamental: trust is non-transferable. It does not matter where the breach occurs or who caused it. Accountability falls on the organization that promised to protect the data. For associations — many of which operate in equally complex ecosystems of partnerships and platforms — the TDSB incident is more than a wake-up call. It is a loud, jarring alarm.
Please select this link to read the complete article from Boardroom.