Educause Security Discussion mailing list archives

P2P sensitive data searches

From: "Consolvo, Corbett D" <cc72 () TXSTATE EDU>
Date: Thu, 24 Apr 2008 09:16:42 -0500

Scenario:

  We have begun doing investigation in to whether any sensitive data from our institution (Texas State University) is 
showing up on P2P networks.  We are doing this right now through keyword searches.



Issue:

  We are coming across sensitive/confidential personal information (SSN, Drivers License, etc.).  While a lot of this 
seems to be fake (perhaps a honeypot situation), a small amount of legitimate information looks to be accidentally 
shared.



I feel that we have an ethical obligation to at least make an attempt to either pass the information to an appropriate 
agency or contact the individual.  Does anyone have any suggestions or thoughts about the path to take as well as any 
possible issues with pursuing this?



Thanks for any input,

Corbett Consolvo

Texas State University

Cc72 () txstate edu

Current thread:

P2P sensitive data searches Consolvo, Corbett D (Apr 24)
- <Possible follow-ups>
- Re: P2P sensitive data searches Jenkins, Matthew (Apr 24)
- Re: P2P sensitive data searches Basgen, Brian (Apr 24)
- Re: P2P sensitive data searches Consolvo, Corbett D (Apr 24)
- Re: P2P sensitive data searches Kathy Bergsma (Apr 24)