Jaikumar Vijayan at Computer World is reporting an interesting case -- where reporting a data breach brought about some personal grief for both the person, who reported it -- and the person they reported it to.
This person, who was a student, was almost expelled for bringing the matter to light. And the person, who it was reported to is no longer employed.
I guess whistle-blower laws don't apply at institutions of higher-learning?
For more information on whistle-blower laws, whistleblower.com is a decent reference.
Jaikumar writes:
A student at Western Oregon University who accidentally discovered a file containing personal data on a publicly accessible university server and then handed that data over to the student newspaper has narrowly escaped being expelled for his actions.Institutions of higher learning are frequently the targets of hackers stealing information. This has been well documented by the Privacy Rights Clearinghouse, Attrition.org and PogoWasRight.
But a contracted adviser to the newspaper has been dismissed for allegedly mishandling the data and for failing to properly advise the students on the university's policies relating to handling of personally identifiable data.
Brian Loving, a student at WOU, stumbled upon a file containing the names, Social Security numbers and grade point averages of between 50 to 100 students on a publicly accessible university server in June. Loving downloaded a copy of what he discovered and handed it over to the Western Oregon Journal, the campus newspaper.
Given all this evidence, it amazes me that the highly educated people running these institutions still insist on using social security numbers as the primary method of identifying their students.
Social security numbers are worth money to the people, who like to steal them. Perhaps, if these institutions of higher learning, understood this a little better, they wouldn't be targeted nearly so often.
A little common-sense goes a long way.
Computer World story, here.
If you get a chance, read the comments on Jaikumar's story. Some of them are pretty good!
No comments:
Post a Comment