Re: Marketscore and Higher Ed

[Joel Rosenblatt <joel () COLUMBIA EDU>]

Just for the record, I contacted the GC office at Ernst & Young when we
first started looking into Marketscore.  They have certified that the
connection between the client computer and the Marketscore servers meet the
requirements for their WebTrust logo.  They had no official comment on what
the MarketScore company was doing, since that was not what they were asked
to check on.  They basically certified that when you "sign up" for the
MarketScore service, your data is safe.

Joel Rosenblatt

Joel Rosenblatt, Senior Security Officer & Windows Specialist, AcIS
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
http://www.columbia.edu/~joel


--On Friday, January 07, 2005 10:29 AM -0600 Theresa Semmens
<theresa.semmens () NDSU NODAK EDU> wrote:

> Mike, are you going to request a formal written statement from Marketscore
> that states it is doing everything in your best interests to protect the
> university data you are responsible for?
>
> While it may look like they are meeting industry standards in privacy
> protection, I am not comfortable with any public, sensitive, intellectual,
> confidential university data traveling through any third party server for
> which I have no specific formal written guarantee stating that it is doing
> everything within all federal laws and regulations to protect the
> information it gleans.
>
> HIPAA requires a Business Associate Agreement.  Are you going to request
> one from them? I know I'm reaching a bit far here, but I think it's
> important to make such a point.
>
> Theresa Semmens
> IT Security Officer
> North Dakota State University
> IACC 210C
> Ph: 701-231-5870
> E-mail: theresa.semmens () ndsu nodak edu
>
> -----Original Message-----
> From: The EDUCAUSE Security Discussion Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Mike Wiseman
> Sent: Friday, January 07, 2005 10:15 AM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] Marketscore and Higher Ed
>
> I did a little investigation (well, web surfing) of Marketscore's claimed
> privacy policy
> which proved to be interesting.
>
> On their home page is a WebTrust icon. Following the hyperlink is a report
> from the
> WebTrust organization that says Marketscore has met the requirements of
> their 'WebTrust
> Online Privacy' assurance service as determined by Ernst & Young. The
> WebTrust main
> website http://www.webtrust.org/overview.htm lists four assurance services
> that they
> provide: WebTrust Online Privacy, WebTrust Consumer Protection, WebTrust,
> and WebTrust for
> Certification Authorities.
>
> The latter one turns out to be the main trust requirement that Microsoft
> specifies for any
> organization applying to have their root CA cert installed in their
> products
> http://www.microsoft.com/technet/security/news/rootcert.mspx#EFAA .
>
> I am not familiar with the details of obtaining these approvals or how
> they compare to
> each other since I'm not an accountant. But I am beginning to feel assured
> that the
> Marketscore is meeting a recognized industry standard in privacy
> protection.
>
> Mike
>
>
> Mike Wiseman
> Manager - Computer Security Administration
> Computing and Networking Services
> University of Toronto
>
> **********
> Participation and subscription information for this EDUCAUSE Discussion
> Group discussion list can be found at http://www.educause.edu/groups/.
>
> **********
> Participation and subscription information for this EDUCAUSE Discussion
> Group discussion list can be found at http://www.educause.edu/groups/.



Joel Rosenblatt, Senior Security Officer & Windows Specialist, AcIS
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
http://www.columbia.edu/~joel

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.