I tell my students they must write down their passwords. I do not secure the paper and some one takes it and uses the passwords for nefarious purposes. (OK, this is hypothetical!)
Am I responsible for the breech?
What actions should school and IT leaders take?