more on UCLA data breach affects 800,000

[David Farber <dave () farber net>]

But not to be excused djf

Begin forwarded message:

From: Lauren Weinstein <lauren () vortex com>
Date: December 14, 2006 10:09:42 AM JST
To: dave () farber net
Cc: lauren () vortex com
Subject: Re: [IP] UCLA data breach affects 800,000


Dave,

It's worth noting that as egregious as these cases are -- and my
public stance in favor of mandated data destruction policies is well
known -- it's worth remembering that these mass data breaches are
not a primary vector for identity fraud.

In fact, by far most identity fraud reportedly is the result of
actions by "friends," or relatives who know the targets personally,
or by local culprits who can get physical access to the targets'
bills or other mail -- much more effective for these kinds of frauds.

Just something to think about.

--Lauren--
Lauren Weinstein
lauren () vortex com or lauren () pfir org
Tel: +1 (818) 225-2800
http://www.pfir.org/lauren
Co-Founder, PFIR
   - People For Internet Responsibility - http://www.pfir.org
Co-Founder, IOIC
   - International Open Internet Coalition - http://www.ioic.net
Founder, CIFIP
   - California Initiative For Internet Privacy - http://www.cifip.org
Moderator, PRIVACY Forum - http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
DayThink: http://daythink.vortex.com

 - - -

> Begin forwarded message:
>
> From: peterb () cequs com
> Date: December 14, 2006 8:47:38 AM JST
> To: dave () farber net
> Subject: RE: [IP] UCLA data breach affects 800,000
>
> Dave,
>
> They can keep SSNs and encrypt them, and use a unique id instead. Most
> colleges have gotten rid of SSNs as much as possible for this reason.
> Many
> people are working on "user centric" solutions which would supply
> this information
> from the user, on an event based, need to know basis, rather than
> some legacy database.
>
> The problem is not unique to UCLA.
>
> Peter Bachman
> Cequs Inc.
>
>
>
>
> -------- Original Message --------
> Subject: [IP] UCLA data breach affects 800,000
> From: David Farber <dave () farber net>
> Date: Wed, December 13, 2006 6:38 pm
> To: ip () v2 listbox com
>
> Begin forwarded message:
>
> From: Richard Wiggins <richard.wiggins () gmail com>
> Date: December 14, 2006 12:18:29 AM JST
> To: Dave Farber <dave () farber net>
> Subject: UCLA data breach affects 800,000
>
> Dave,
>
> For IP if you wish:
>
> The UCLA data breach affects 800,000 people.  This raises an important
> question about retention of private data.  UCLA has about 35,000
> students so let's say a campus community of 50,000.  To get to
> 800,000, UCLA must be retaining private information on former
> students, applicants, and employees going back decades!
>
> Universities have no choice but to gather SSNs, for payroll purposes,
> federal financial aid requirements, etc. &nb
>
> -------------------------------------
> You are subscribed as lauren () pfir org
> To manage your subscription, go to
>   http://v2.listbox.com/member/?listname=ip
>
> Archives at: http://www.interesting-people.org/archives/interesting- 
> people/


-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/