On Data Losses at Georgetown University
Posted by Pablo Molina at 4:34 AM - Categories: Public Service
On January 3, 2008 an external computer hard drive was reported stolen from a locked office within the Office of Student Affairs on the Georgetown University Main Campus. The hard drive may have contained social security numbers and other information about approximately 38,000 Georgetown University community members, most of them alumni and students. Almost a month later, the University informed potentially affected individuals, the community at large, and the world about the incident. At the same time, the President of the University, Jack DeGioia asked all University employees to conduct a new information security and privacy campaign. The purpose of the campaign is to identify and control the management of confidential information within the institution. Technology solutions for content monitoring and filtering and for data loss prevention have come a long way but are still in their infancy. Their effectiveness is limited in the open computing environments of higher education. In my opinion, awareness and training ought to be our primary focus. We should help alumni, faculty, staff, students, and other community members guard their privacy and that of others by providing periodic communications and training sessions. In general, we should rely on common sense when handling confidential information. If we must store confidential information, let us do so in locked spaces for physical records, and on network or encrypted drives for electronic records. I have the pleasure of serving on the Advisory Board of the Electronic Privacy Information Center, EPIC. The EPIC Executive Director and Georgetown University adjunct faculty member, Marc Rotenberg recently challenged the institution in a public forum to rise to the occasion. He proposed, and I agree, that universities should join other organizations in advocating for simpler and more affordable ways for students and the general public to safeguard our privacy, and to protect preemptively and to monitor our credit histories. By all accounts, data losses and identity theft are on the rise and every person needs reasonable protections against them. For more information, please visit the Information Systems and Technology Privacy web site at http://www.law.georgetown.edu/ist/privacy. Feel free to contact any of my team members or me with questions and comments.