BreachExchange mailing list archives
Re: ME: 'Potential Breach' of Confidential Student Data (Bates College)
From: Chris Walsh <cwalsh () cwalsh org>
Date: Wed, 24 Oct 2007 13:20:21 -0500
The law seems clear to me: It applies to "information brokers" and those whohold data for them. Notice to the broker's regulator, or the AG where the broker is not regulated by the state, is mandatory. How Bates College is an ionformation broker is where things get murky for me. http://janus.state.me.us/legis/LawMakerWeb/externalsiteframe.asp?ID=280017964&LD=1671&Type=1&SessionID=6 On Wed, Oct 24, 2007 at 03:15:11PM +0000, lyger wrote:
http://media.www.batesstudent.com/media/storage/paper1116/news/2007/10/23/News/potential.Breach.Of.Confidential.Student.Data-3050562.shtml Two publicly accessible documents that contained the record of nearly 500 recipients of the federal Perkins Loan along with each recipient's address, date of birth, Social Security number, legal name and loan amount were uncovered on the Bates network by The Bates Student on Oct. 13. All that was necessary to access the files was a Bates username and password. The information which is intended to be private could easily be used for identification theft. Because this information could be used for this purpose, Maine statute 1346 known as "the Notice of Risk to Personal Data Act," enacted this past spring, requires Bates to notify the affected students that the data has been potentially compromised. Information and Library Services Vice President Gene Weimers was uncertain at press time whether or not the Maine statute requires them to notify the Maine Attorney General. Managing News Editor Conor Hurley of The Student informed the Student Financial Services Office (SFS) that the documents were publicly available on Oct. 15. The SFS Office claims to not have received Hurley's correspondence and the documents remained on the server. When Hurley contacted the SFS Office Monday, it attributed the mistake to the Information and Library Services Office but declined further comment. [...] _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
_______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- ME: 'Potential Breach' of Confidential Student Data (Bates College) lyger (Oct 24)
- Re: ME: 'Potential Breach' of Confidential Student Data (Bates College) Chris Walsh (Oct 24)