Monday, February 8, 2010

Brock Student Information Accidentally Put Online

"Brock University officials scrambled this week to secure the private information of thousands of students that was inadvertently put up on the Internet.

An error was made on Dec. 22 when a library staff member accidentally uploaded a file containing all student names, student numbers, phone numbers, mailing and e-mail addresses to the publicly accessible Brock website.

The privacy breach was discovered on Jan. 28 -- four weeks after the file was uploaded -- by a student who accessed some of his own information when he did a Google search of his name."

- St. Catherines Standard - Brock student info inadvertently posted online

Why is this an issue?

Suppose there is a stalker out there someplace?

Also, it demonstrates how easy it is to have a privacy breach - or an "information spill".

There have been instances where people have massive databases with contact and other information onto memory sticks. And then forget to delete it. Or do delete it and don't realise there is still an image of the file left on the memory stick.

This happens with alarming regularity in the medical records field - where people will erase a hard drive - or even format the drive thinking that will get rid of the sensitive data.

NOT!

Minimum 3 times overwrite with random data to get rid of ghost images. Better seven times overwrite.

Or, my preferred method - a hard drive shredder. The drive is worth maybe $10 used by the time it is ready to be retired. Better to turn it into metal powder.

Here is a story from the U.S. with several breaches:

"...27.7 million pages of scanned documents containing information about 446,000 enrollees and their physicians"

"Kaiser Permanente announced it had sent letters of apology to 15,500 members in Northern California after an employee's laptop containing sensitive information was stolen from her home"

"...drives contained hundreds of thousands of video and audio recordings of customer service calls. The company announced that as many as 500,000 members' information was contained on the drives"

- American Medical News - Connecticut sues Health Net over data security breach

No comments:

Post a Comment