BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Following breach, state delays collecting student Social Security numbers

From: Christine Fulgham <christine () opensecurityfoundation org>
Date: Fri, 8 Oct 2010 15:53:49 -0400
http://waldo.villagesoup.com/news/story/following-breach-state-delays-collecting-student-social-security-numbers/354288

Augusta — The effort to build a data system that includes Social Security
numbers of public school students was derailed after a technology director
in Gardiner's school district was able to view Social Security numbers of
school staff elsewhere in the state.

Maine's Department of Education responded by dumping all Social Security
numbers of public high school students collected to date, and announced
Tuesday evening, Sept. 28, that it would delay collecting any more until an
independent security review of the software is completed and a report is
issued.

That could take several weeks, the DOE said.

The state education agency is now providing school districts a software
script that allows them to upload student enrollment data without Social
Security numbers.

"A software switch was turned on when it should have been off, or off when
it should have been on," said David Connerty-Marin, spokesman for the Maine
DOE, on Sept. 28.

The collection of Social Security numbers and other private data has met
with resistance across the state from school boards, administrators, parents
and the Maine Civil Liberties Union, who question the wisdom of posting
information about students in a system where data could be stolen.

On Sept. 28, the DOE recognized that concern and said in a press release the
delay in Social Security number collection and review of the entire Infinite
Campus information system are steps taken "as privacy advocates have
expressed concerns about the security of the information and because the
department learned in the past few days of an error within a secondary data
system not connected to the collection of student information."

The error was fixed immediately, the DOE said.

[...]

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/

Take CREDANT Technologies short survey on cloud usage and security.
Take the survey: http://www.surveymonkey.com/s/TXDR7WT
Respond by October 12, 2010.
Enter to win a $500(US) Amazon Gift Card.
Previous By Date Next
Previous By Thread Next

Current thread: