Educause Security Discussion mailing list archives
Re: Faculty handling of student data
From: Allison Dolan <adolan () MIT EDU>
Date: Mon, 7 Jul 2008 09:19:57 -0400
To add to the comment about paper data breaches: a handful of states (including Massachusetts) explicitly include paper in their data breach laws. So if a student application with SSN went astray, or if the test papers had SNN and were stolen, those could technically constitute a breach along with the various notification requirements. Although FERPA covers more data elements, the various state data breach laws may have more teeth, and result in more expense if there is a loss - you may want to understand your state laws as part of deciding how to address faculty handling of data. Also, if faculty are involved in any human subject research, there is the risk of personal information loss, which may get into HIPAA territory as well . Allison F. Dolan Program Director, PII Massachusetts Institute of Technology 77 Massachusetts Ave NE49-3021 Cambridge MA 02139-4307 Phone: (617) 252-1461 On Jul 1, 2008, at 5:56 PM, Jim Dillon wrote:
To add a small bit of fuel to the fire - no one has mentioned yet the analog protection that should accompany the "paper" product (which may in fact still be electronically delivered depending on the ingenuity of the faculty member) that may go home with the instructor.
Current thread:
- Re: Faculty handling of student data Jim Dillon (Jul 01)
- <Possible follow-ups>
- Re: Faculty handling of student data Basgen, Brian (Jul 01)
- Re: Faculty handling of student data Mclaughlin, Kevin (mclaugkl) (Jul 01)
- Re: Faculty handling of student data Jim Dillon (Jul 02)
- Re: Faculty handling of student data Allison Dolan (Jul 07)
- Re: Faculty handling of student data Basgen, Brian (Jul 07)