AdmitMBA360 Blog formerly Journey to my MBA

Journey to my MBA

Sunday, July 16, 2006

BusinessWeek Article: It's Time to Protect Students' Data

It's Time to Protect Students' Data
A third of all data leaks are at universities. Academia should be held to stricter record confidentiality standards

By Scott Olson

Updated: 5:00 p.m. PT July 11, 2006
It pains me to say it: I am advocating government intervention and new regulations. But, as they say, special circumstances apply.

As an alumnus of the University of Texas at Austin, specifically its McCombs School of Business, I was chagrined to learn that hackers recently gained access to some of the school's 197,000 recordssome of which included my Social Security number [SSN] and other personal information, as well as that of many other alums.

I've signed up with a credit-monitoring bureau and requested that the three main credit-reporting agencies put a fraud alert on my records. So the hackers have already made off with quite a lot: my time, my money, and my already fragile peace of mind.


It can sometimes take an incident like this to jolt you out of the theoretical. I've been in the network security industry for nearly two decades and am familiar with the latest technology, trends, and what-have-you. But this time, it's hitting home. And certainly not just for UT alumni: Data thieves are helping themselves to personal data at schools across the nation, as the recent penetration of three Ohio University servers holding the SSNs of 137,000 people, attests.

It got me thinking: Colleges and universities should be held to the same government compliance standards as companies that operate in health care or financial services.

After all, a third of all data leaks are at universities, according to CNET Networks (CNET). That's not surprising, as universities walk a fine line between ensuring that users, many of whom are using personal laptops and other devices, have continuous access to network resources, while keeping those same resources safe from infections and unauthorized access. All too often, security gets shoved to the back burner in favor of keeping networks open and users productive. Cybercrooks, recognizing a good thing when they see it, are making hay while the sun shines.


The proliferation and ease of use of wireless technology certainly haven't helped. I've talked to network administrators at some of my company's university customers; they report students doing everything from setting up unsecured wireless networks from dorm rooms to maliciously distributing worms that create a back door into the data files of infected systems. And once students are done wreaking their havoc, the chinks they've created in the network's security provide cybercriminals with yet another avenue into the network interior.

Clearly, it's time for some guidelines for the protection of sensitive personal information in this overly dynamic environment. And I think it's going to take a government mandate. Don't get me wrong. I am in favor of market-driven initiatives. But the realist in me can't believe that, with their resources already stretched thin, the constituents of this splintered and diverse market can impose and enforce their own data-integrity regulations.

Naturally, this brings to mind the government-enforced regulatory alphabet soupCFR Part 11, GLBA, HIPAA, etc.that, among other things, provides rules to protect record confidentiality.


Take for instance, HIPAA, the Health Insurance Portability & Accountability Act, which is designed to ensure that health-insurance coverage is available for people who lose or change jobs. This rule, which also establishes standards for the maintenance of patient records, has had some very positive outcomes.

My health-insurance card, for instance, now bears a member I.D. number that differs from my SSN [a valid comparison when you consider that many universities use a student's SSN as a "student I.D. number," which means that the SSN is repeated on just about every scrap of information about that student]. I'd say that's a change for the better.

But the HIPAA experience has certainly not been all positive. Written in 1996, and made effective in 2003, this well-intentioned act has spawned its own industry: Books, Web sites, e-mail newsletters, and the like proliferate, thanks to HIPAA's sheer complexity. Just googling "HIPAA Consulting" will generate in excess of 22,000 hits. The plethora of HIPAA consultants, methods, and approaches underscores just how challenging meeting these requirements can be.


Even the HIPAA agreement you sign at the doctor's office reflects this. Here's a favorite quote of mine, pulled from a real HIPAA form: "If you do not object to these disclosures or we can infer from the circumstances that you do not object or we determine, in the exercise of our professional judgment, that it is in your best interest for us to make disclosure of information that is directly relevant to the person's involvement with your care, we may disclose your protected health information as described."

I'm sure this is not what those at the Health & Human Services Dept. had in mind when they crafted HIPAA.

So let's learn from HIPAA and its letter-happy brethren. Surely we can craft regulations for higher education that discourage the use of SSNs without creating too onerous a burden.

Let's try something simple, that mandates that colleges and universities have, say, one year to protect personal information by insulating it from the general network. Stage 2 could allow five years to phase out use of SSNs as the key identifier for anyone for whom that organization retains personal information, not just students and faculty.

Stage 3 could call for authentication methods that require a unique identifier other than SSN to allow interaction such as student registration, faculty study guide posting, and supplier order access. The negative reinforcement could take the shape of a publicly available, government-maintained Web site that identifies those universities and colleges who fail to take the privacy of their stakeholders as seriously as they ought.

Of course, nothing in life is quite that simple. But if we start with the idea that this can be an exercise in common sense, then we should be able to arrive at a solution that solves more problems than it causes.

Copyright © 2006 The McGraw-Hill Companies Inc. All rights reserved.


Anonymous Anonymous said...

pretty pathetic if you ask me...

these schools tout their intelligence, as well as the intelligence of their student bodies, but, for some reason, cannot implement standard computer security policies or rid themselves of the need to have SSN's as a unique identifier.

What is confusing to me is that each and every school, that I know of, has a computer science department filled with students, who, are essentially, free labor.

It's not a matter of they can't do it, but more a matter of "they don't give a f**k."

sorry to by blunt, but when you tout security and student wellfare but only expend a small %% of your budget towards it, you have no cause for complaint when something happens.

8:09 AM  
Blogger Dave for MBA said...

I agree with you. It's very difficult to get quality IT people working in schools though. The pay isn't the greatest and the work tends to be mundane.

Moreover, full time talented webmasters are nearly absent from any school. I understand why. I don't see this issue being fixed anytime soon. There is so much politics involved here.

8:30 AM  

Post a Comment

<< Home

Journey to my MBA Locations of visitors to this page
Stay up to date with this Blog
Monitor changes to links on the sidebars of this Web Site
Dave's E-Mail

Subscribe with Bloglines Subscribe with My Yahoo! Subscribe with Google Subscribe in NewsGator Online Subscribe in Rojo Subscribe with Pluck RSS reader Subscribe with Bloglines Add to AOL
Get Updates of this Blog via Email:

Powered by
Some Noteworthy Blog Postings
Cornell-Johnson Visit Experience-Dave
MIT-Sloan Visit Experience-Dave
Wharton Visit Experience-Dave
Darden Visit Experience-'04-Dave
Darden Visit/Interview Experience-'06-Dave
Darden Pictures-'06
HBS Visit Experience-'04-Dave
HAAS Visit/Info Session-'04-Dave
Columbia Visit/Info Session-'04-Axechick
Tuck Visit/Info Session-'05-Laser
Tuck Visit/Interview '06-Dave
Tuck Pictures1-'06
Tuck Pictures2-'06
Michigan Info Sess. Experience-Dave
Columba Info Sess. Experience-Dave
Tuck Info Sess. Experience-Dave
World MBA Tour Experience-Dave
Travel Guides-Dave
Columbia Open House I-Droodoggie
Columbia Open House II-Droodoggie
Application Essay Advice-Dave
Application Essay Advice II-Dave
MBA App advice-Consulting/Management-Dave
Good Essay question Prep-Uniqpath
The MBA Journey Begins-Dave
The MBA App Process-MarketWiz
Picking Target Schools-Sghama
Pre-App Tips-Bloghorn8
How to interact w/ B-School Staff-Dave
Managing Your Recommenders-ClearAdmit
Schools I Picked & Why-Anand
Import App Elements-Redwolf056
A Successful Essay(Chicago GSB)-PowerYogi
Why Chicago GSB-Paul Jan
Stanford GSB Dean on Essays
------------------ Application Process ------------------
Advice on Admissions Consultants-Dave
Why get an MBA now?-Dave
Why do I need an MBA?-Dave
Story of Tenacity-Dave
MBA App Advice-Dave
Maximize your MBA Info Sess. Exp.-Dave
Low GPA Stories-Dave
Introspect on being resolute-Dave
Why Attitude Matters-Dave
Wharton's Interview Policy-RedWolf
Dealing with a Low GPA
Tuck's App Review Process
UCLA's App Review Process
Wharton's App Review Process
Every Essay Tells a Story
Your Story is so Interesting
What is a great essay?
Am I too young to apply?
When is the best time to apply?
Applying and not sure where to start?
Is school XXX any good?
The B-School Admit Hate List
Hey Applicant, Lay off the Buggin
Should I interview on or off campus?(See comment)
MBA Tour/Info Session Tip
The Interview
------------------ GMAT ----------------------------------
Low GMAT Success Stories
GMAT Score Needed in Europe
GMAT Score Needed
GMAT Score Needed by Age
GMAT Score Needed by Country
GMAT Score Needed by Race
GMAT Score Needed by Major
Budgeting time for the GMAT
Breaking the 700 Barrier
The B-School Route to Career Change
Pre-MBA Resources
MBA Math Build math and spreadsheet skills
MBA Resources show all
--------- Video Interview's of B-School Deans -------
Video Interviews of B-School Deans
------------ B-School Visit Experiences ----------------
Admin Director Interviews
Visit Reviews
------------ MBA Forums ----------------------------------
Business Week Forum
Wharton Student Forum
Chicago GSB Forum
Yale Forum

----------- B-School Articles and News-----------------
How B-Schools get their name
BusinessWeek(B-School Headlines)
The Economist(News from Schools)
The Financial Times(Business Education)
Wall Street Journal(MBA Center)
----------- Gen MBA Info ---------------------------------
MBABuzz MBA Blogs, Forum, App Stat Plotter
MBA Info
MBA Studylink
MBA Jungle
MBA Game Plan
MBA Official Guide
MBA Depot
Top 10 MBA
Ivy League
MBA Podcaster
MBA Jargon
MBA School Directory
MBA 4 Success
Military MBA

------------ MBA Program Summary for Applicants---
ClearAdmit School Guides
WSJ School Snapshots
WSJ Who's Recruiting Where?
MBAPrepAdvantage School Profiles
------------ MBA Foreign Related -----------------------
Canadian MBA
Infozee "Foreign MBA"
------------ MBA Conf/Foundations --------------------
The MBA Tour
The MBA Diversity Alliance
Forte Foundation
Catalyst Women
Knowledge@Wharton Podcast
Association of MBAs
------------ Resume Help ---------------------------------
Darden Resume's
MBA Game Plan Resume Help

------------ Essay Help ------------------------------------
American Dream - (Dave's Pick) (Samples) (Getting Started)
MBA Essay Strategy(download)
MBA Game Plan Essay Help
Some Classic Advice from Wharton Boards
Clear Edit Automated writing editor
MBA Studio

------------- Interview Insight --------------------------
B-School Interview Braindump-Accepted
B-School Interview Braindump-Clearadmit
------------- Ethnocentric Assoc. ----------------------
LEAD Program for minorities
------------- Post-MBA ------------------------------------
MBA Concepts
------------- MBA Articles---------------------------------
If you want your application to B-School to stand out;first do your homework properly, and then apply early
Admissions Tip:HBS Essay #2
Writing good essays from an ADCOM perspective
Top 5 MBA programs Article
The Full-Time Advantage
Overcoming Procrastination
Why B-School is good for our Economy

MBA Ranks show all
Ranks by Industry Sector Show
Forbes ranking measures the graduates' return on investment
Economist ranking reports how students and alumni rated their MBA experience
BusinessWeek surveys students and corporate recruiters and measures intellectual capital
Wall Street Journal is a corporate recruiter based poll (21 criteria)
U.S. News & World Report evals student selectivity and placement data and gathers the perceptions of deans and program directors to develop the ranking
Financial Times poll measures career progression of alumni, program diversity and a school's track record in producing new ideas in management
BusinessWeek '06 Rank
BusinessWeek '06 Slideshow
Financial Times '08 (PDF) (Interactive)
US News&World Report 2009
Economist 2008 Rankings
------Wall Street Journal Rankings--------------------
WSJ 2006(US)
WSJ 2006(International)
WSJ 2006(Academic Discipline)
WSJ 2006(Women)
WSJ 2006(Ethics)
WSJ 2006(Minorities)
WSJ 2006(Industry)
Forbes Rankings 05' Results - 07' Results Rankings
Beyond Grey Pinstripes 2009
DTU Research per School
B-School Research Rankings
Financial Times E-MBA Rankings '06 PDF
BusinessWeek E-MBA Rankings '05
Money's top 100 MBA Employers '06
US News Category Ranks '06
Financial Times Category Ranks
Asia B-School Rank 2000
Australian 2005 Financial Review
German B-School Rank
Computerworld top techno MBA Survey
Consus Group B-School Rankings top 100 Entrepreneurial Colleges
Find MBA Rankings
International Education Commission's Top 10
Marr/Kirkwood Comparison Rankings
Official MBA Guide:MBA Program Ranking and Screening

GMAT Resources show all
GMAC-Register for GMAT
---------- GMAT Articles ----------------------------------
GMAT 700+ Stories(download)
Why Prepare?
About the GMAT
How someone got a 760 score
How someone got a 790 score
Mark Rice GMAT Advice
Low GMAT Success Stories

---------- GMAT Forums ----------------------------------
Beat the GMAT
GMAT Club Forum and Files!
TestMagic Forum

---------- GMAT Companies ------------------------------
Bell Curves
GMAX Online(Online GMAT Course)
Manhattan GMAT
Perfect GMAT
Princeton Review
Test Prep New York
Test Prep Review(Online Course)
Veritas GMAT Prep
790GMAT GMAT Guru(SF based)

---------- GMAT Self Study Guides ----------------------
Corrections to Official Guide 11th
Advanced GMAT Math Study Guide
GMAT Study Strategy
Micro Edu GMAT Prep Material
Probability Review(download)
4GMAT - Math Books (India)

---------- GMAT Resource/Reference -----------------
GMAT Scratchpad
Dr Math
Dr Math-Pascal Triangle
GMAT Official Guide Question Info
Manhattan GMAT Study Guides (Dave's Pick) (Math Skills Review)
Merriam-Webster Online Dictionary
Texas A&M-College Algebra
The Math Page (For Basic Math Skills)
101 Basic Radical & Exponent Review

---------- GMAT Tests ------------------------------------
PowerPrep GMAT CAT (Dave's Pick)
Ascent Education
800 Score (Dave's Pick)
English Test
GMAT Practice Tests
Gorilla Test Prep
Manhattan GMAT Tests (Dave's Pick)
R&B Consulting Prep Software
ScoreTop Online Verbal-Quant Tests
TestPrep New York
Upstart Raising GMAT Simulator

Financing your MBA show all
Financial Aid Podcast
Fundsnet-Search Engine
Graduate Fellowship Database info
Sallie Mae-MBA Loans
US Government's E-Scholar
MBA Admission Consultants show all Forum
Brody Admissions
Cambridge Essay Service
Clear Admit
Essay Solutions
Global Now
Maxx Associates
MBA Apply
The MBA Exchange
MBAGameplan Article
MBA Studio
Stacy Blackman
Veritas Consulting
-------- Brazilian Admin Consultants ------------------
MBA Empresarial
-------- Commentary on Admin Consultants ----------
Why use them?
Comments about some of them
Not all Consultants are good
MBA Life show all
Chicago GSB Online Newspaper
Chicago GSB Magazine
Columbia B-School Wkly Online NewsPaper
Columbia Spectator Daily NewsPaper
Cornell Univ. Daily Sun (Main Campus)
Cornell Daily News Service Highlights
Dartmouth Online Newspaper
Tuck Today Online Happenings
Duke News & Community
HAAS Weekly
Harvard B-School Online Newspaper
Harvard Gazette Online Newspaper
Harvard Online Magazine
Kellogg Online Newspaper
News at MIT
Michigan(Ross) Newspaper
Texas McCombs Weekly
Michigan Daily Online Newspaper
Stern Online Newspaper
Stanford Online Newspaper
Stanford B-School Reporter
UCLA Qrtrly Assets Mag
Univ. Virginia Daily Online News
Wharton Online Newspaper
Yale Daily Online Newspaper
Yale Herald Online Newspaper
Blog & Other Resources show all
IQ Test
Computer Interval Clock
T-Mobile Coverage Check
Picasa Send large files Send large files
Understanding Blog Template Code
SSI Developer - CSS Monitor
Fodey.comNewspaperclip generator
MBA Related Books
Search Now:

Site Meter