Educause Security Discussion mailing list archives

Re: Marketscore and Higher Ed

From: Jere Retzer <retzerj () OHSU EDU>
Date: Fri, 7 Jan 2005 08:41:05 -0800

You might also ask what becomes of the data if marketscore goes bankrupt
or is acquired.

theresa.semmens () NDSU NODAK EDU 01/07/05 8:29 AM >>>

Mike, are you going to request a formal written statement from
Marketscore
that states it is doing everything in your best interests to protect
the
university data you are responsible for?

While it may look like they are meeting industry standards in privacy
protection, I am not comfortable with any public, sensitive,
intellectual,
confidential university data traveling through any third party server
for
which I have no specific formal written guarantee stating that it is
doing
everything within all federal laws and regulations to protect the
information it gleans.

HIPAA requires a Business Associate Agreement.  Are you going to
request one
from them? I know I'm reaching a bit far here, but I think it's
important to
make such a point.

Theresa Semmens
IT Security Officer
North Dakota State University
IACC 210C
Ph: 701-231-5870
E-mail: theresa.semmens () ndsu nodak edu

-----Original Message-----
From: The EDUCAUSE Security Discussion Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Mike Wiseman
Sent: Friday, January 07, 2005 10:15 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Marketscore and Higher Ed

I did a little investigation (well, web surfing) of Marketscore's
claimed
privacy policy
which proved to be interesting.

On their home page is a WebTrust icon. Following the hyperlink is a
report
from the
WebTrust organization that says Marketscore has met the requirements
of
their 'WebTrust
Online Privacy' assurance service as determined by Ernst & Young. The
WebTrust main
website http://www.webtrust.org/overview.htm lists four assurance
services
that they
provide: WebTrust Online Privacy, WebTrust Consumer Protection,
WebTrust,
and WebTrust for
Certification Authorities.

The latter one turns out to be the main trust requirement that
Microsoft
specifies for any
organization applying to have their root CA cert installed in their
products
http://www.microsoft.com/technet/security/news/rootcert.mspx#EFAA .

I am not familiar with the details of obtaining these approvals or how
they
compare to
each other since I'm not an accountant. But I am beginning to feel
assured
that the
Marketscore is meeting a recognized industry standard in privacy
protection.

Mike


Mike Wiseman
Manager - Computer Security Administration
Computing and Networking Services
University of Toronto

**********
Participation and subscription information for this EDUCAUSE
Discussion
Group discussion list can be found at http://www.educause.edu/groups/.

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/groups/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.

Current thread:

Re: Marketscore and Higher Ed Schultz, Stephen (Jan 03)
- <Possible follow-ups>
- Re: Marketscore and Higher Ed Mike Wiseman (Jan 03)
- Re: Marketscore and Higher Ed Stephen D. Franklin (Jan 03)
- Re: Marketscore and Higher Ed Daniel Medina (Jan 03)
- Re: Marketscore and Higher Ed Rodney Petersen (Jan 04)
- Re: Marketscore and Higher Ed David Escalante (Jan 04)
- Re: Marketscore and Higher Ed Mike Wiseman (Jan 07)
- Re: Marketscore and Higher Ed Theresa Semmens (Jan 07)
- Re: Marketscore and Higher Ed Jere Retzer (Jan 07)
- Re: Marketscore and Higher Ed Joel Rosenblatt (Jan 07)
- Re: Marketscore and Higher Ed Mike Wiseman (Jan 07)
- Re: Marketscore and Higher Ed Eric Pancer (Jan 07)
- Re: Marketscore and Higher Ed Jeni Li (Jan 07)
- Re: Marketscore and Higher Ed Theresa Semmens (Jan 07)
- Re: Marketscore and Higher Ed Dick Jacobson (Jan 07)
- Re: Marketscore and Higher Ed John Sherwood (Jan 08)