Search This Blog

Wednesday, October 31, 2007


HIGHER EDUCATION ACCOUNTS FOR OVER 25% OF ALL PERSONAL DATA BREACHES


The figure is frightening. 25.6 percent of total personal data breaches occur in higher education. A recent survey by CDW Government (CDWG) of 151 college and university IT directors and managers called the rise in data loss “alarming,” in an InformationWeek article. CDW sells computer equipment and technology, and their CDWG subsidiary provides services to colleges and universities. Also from the report, less than 50 percent of campus networks are safe from attack, and 58 percent said they’d had at least one security breach in the past year. And this is all a 10 percent increase over last year. Even scarier, only 8 percent of the respondents felt they had “very secure” networks. I went back to our standby, Privacy Rights Clearinghouse Chronology of Data Breaches, to update the latest in higher education. As of October 30, there have been a total of 714 breaches since the first recorded in January of 2005. Of those, 183 have occurred in colleges or universities for a whopping 25.6 percent of the total. Medical data breaches come in second at around 14 percent. The educational community cites “Lack of staff resources” as the biggest obstacle to securing their systems. Ah yes, protecting our names and private information seems to always be the step-child when it comes to funding programs. CDWG rates the administrations at these schools a “B” for their support of IT security, but the faculty and students get a “C” because of a lack of awareness. As we know, apathy prevails in the public’s mind when it comes to their privacy, particularly for something like ID theft which they feel could never happen to them. But the worst finding of all in the CDWG report was that during the three years they have been conducting the survey, there has been no improvement. On another front, the Miami Hurricane Web site exposed their administration giving up student personal data, including Social Security numbers, to Sallie Mae, one of the largest providers of student aid loans in the U.S. In the online article, “the university confirmed that they had sent the personal data of students to private lender Sallie Mae, even though these students had not authorized them to do so.” There is some confusion as to whether the student application for eligibility counts as an actual loan application, which the U. of M says allows them to provide the data to Sallie Mae. Not so says John Beckman, dir. of financial aid for New York U. And according to Jim Bradshaw, a Dept. of Education spokesperson, the U. of M. may have violated the Family Educational Rights and Privacy Act, which protects student private information. OK folks, here’s the big question. Did the University of Miami get paid for the sensitive data they gave to Sallie Mae? If so, it is just one more example of the manipulation of our names and personal data in an attempt to exploit the American public. In this case the victims are young people who could be devastated at this age with the loss of their identity. If not, it still qualifies as reckless handling of our sensitive data.

No comments: