SSN ghosts still haunt academia

While it is easy and tempting to point the finger at the University of Florida in light of the details about the latest data breach - the 3rd in 3 months according to ComputerWorld (Feb 17, 2009 notification letter) - it is likely that many academic institutions could find themselves in similar situation due to data remnants dating back to widespread use of social security numbers (SSN).

In keeping with the academic tradition of being repositories of knowledge, universities and their staff (faculty included) often collected data that included sensitive information. IT departments across academia have the arduous task of finding and securing (or disposing) of this data before someone else finds it. With appropriate data retention policies in place, IT may still have to plead, negotiate, or persuade university staff (all ranks and all departments) to acknowledge the existence of this data.

Src: Three months, three breaches at the Univ. of Florida-Gainesville

1 comment:

Gal Shpantzer said...

A lot of universities are actively searching for SSNs and other sensitive data with specialized programs. Just two on the list are freeware from Cornell (Spider, found here cit.cornell.edu/security/tools/ ) and commercial software from Proventsure.com , which is run by Gary Golomb.