PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

Student Privacy in Peril: Massive Data Gathering With Inadequate Privacy and Security

TeachPrivacy Ad Privacy Training Security Training 01

In October, personal financial data — including social security numbers, loan repayment histories and bank-routing numbers – of thousands of college students was exposed on the Department of Education’s (ED) direct loan website. For seven minutes, anyone surfing the direct loan website could find personal information about students who had borrowed from the Department of […]

Education Privacy in Peril

Education Privacy

I have been spending a lot of time examining education privacy lately, and there are some very troubling things going on in this field.   At a general level, schools lack much sophistication in how they handle privacy issues.  Other industry sectors that handle sensitive personal data have Chief Privacy Officers and a comprehensive privacy program.  […]

Are People Really Harmed By a Data Breach?

Data Breach

“It’s just a flesh wound.” — Monty Python and the Holy Grail Over at Privacy & Security Source, Andrew Serwin, a leading privacy lawyer and author of an excellent treatise on privacy law, has a very thoughtful and informative post [link no longer available] about cases where courts found no harm to individuals by data […]

Data Security: When Will the Thick Skulls Learn?

Stolen USB Drive

The Wall Street Journal reports the theft of 3.3 million student loan records, including Social Security numbers: Company and federal officials said they believed last week’s theft of identity data on 3.3 million people with student loans was the largest-ever breach of such information and could affect as many as 5% of all federal student-loan […]

How Should Data Security Breach Notification Work?

Data Breach Notification

In 2005, a series of data security breaches affected tens of millions of records of personal information. I blogged about them here, here, here, here, and here. One of the major issues with data security breaches involves what kind of notification companies should provide. The spate of data security breach announcements began in February 2005, when ChoicePoint announced its breach […]

Data Security Laws, the States, and Federalism

Federalism and Privacy

Remember well over a year ago, when last February ChoicePoint announced it had a major data security breach? Since then hundreds of breaches have been announced — over 200 instances involving data on 88 million people. Several bills were proposed in Congress; many Senators and Representatives quickly emphasized the importance of privacy and data security. […]

More Data Lost: 1.3 Million Student Loan Recipients

Data Breach

From CNET: About 1.3 million customers of a Texas provider of student loans are at risk of ID fraud, after a contractor lost computer equipment with sensitive information on them. The equipment, which was not identified, contains the names and Social Security numbers of the borrowers, the Texas Guaranteed Student Loan company said in a statement […]