UCLA data breach affects 800,000

[David Farber <dave () farber net>]

Begin forwarded message:

From: Richard Wiggins <richard.wiggins () gmail com>
Date: December 14, 2006 12:18:29 AM JST
To: Dave Farber <dave () farber net>
Subject: UCLA data breach affects 800,000

Dave,

For IP if you wish:

The UCLA data breach affects 800,000 people.  This raises an important
question about retention of private data.  UCLA has about 35,000
students so let's say a campus community of 50,000.  To get to
800,000, UCLA must be retaining private information on former
students, applicants, and employees going back decades!

Universities have no choice but to gather SSNs, for payroll purposes,
federal financial aid requirements, etc.  The question is: why do they
need to retain the information indefinitely?

The answer is because it's much more work to expunge confidential
information when no longer needed than it is to just keep it in the
database.   People need to start demanding that institutions do this
hard work.  What right does UCLA have to retain the SSN of a student
from 1965?

When student records were kept in paper files under loclk and key,
risk of massive exposure was small.  When an institution takes years
of backfiles and puts them online, everyone faces risk.  Why are
student records from decades ago even in an online database connected
to the Internet 24 X 7?

/rich


-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/