AdmitMBA360 Blog formerly Journey to my MBA

Journey to my MBA

Sunday, July 16, 2006

BusinessWeek Article: It's Time to Protect Students' Data

It's Time to Protect Students' Data
A third of all data leaks are at universities. Academia should be held to stricter record confidentiality standards

By Scott Olson

Updated: 5:00 p.m. PT July 11, 2006
It pains me to say it: I am advocating government intervention and new regulations. But, as they say, special circumstances apply.

As an alumnus of the University of Texas at Austin, specifically its McCombs School of Business, I was chagrined to learn that hackers recently gained access to some of the school's 197,000 recordssome of which included my Social Security number [SSN] and other personal information, as well as that of many other alums.

I've signed up with a credit-monitoring bureau and requested that the three main credit-reporting agencies put a fraud alert on my records. So the hackers have already made off with quite a lot: my time, my money, and my already fragile peace of mind.

WAKEUP CALL.

It can sometimes take an incident like this to jolt you out of the theoretical. I've been in the network security industry for nearly two decades and am familiar with the latest technology, trends, and what-have-you. But this time, it's hitting home. And certainly not just for UT alumni: Data thieves are helping themselves to personal data at schools across the nation, as the recent penetration of three Ohio University servers holding the SSNs of 137,000 people, attests.

It got me thinking: Colleges and universities should be held to the same government compliance standards as companies that operate in health care or financial services.

After all, a third of all data leaks are at universities, according to CNET Networks (CNET). That's not surprising, as universities walk a fine line between ensuring that users, many of whom are using personal laptops and other devices, have continuous access to network resources, while keeping those same resources safe from infections and unauthorized access. All too often, security gets shoved to the back burner in favor of keeping networks open and users productive. Cybercrooks, recognizing a good thing when they see it, are making hay while the sun shines.

HACKER HEAVEN.

The proliferation and ease of use of wireless technology certainly haven't helped. I've talked to network administrators at some of my company's university customers; they report students doing everything from setting up unsecured wireless networks from dorm rooms to maliciously distributing worms that create a back door into the data files of infected systems. And once students are done wreaking their havoc, the chinks they've created in the network's security provide cybercriminals with yet another avenue into the network interior.

Clearly, it's time for some guidelines for the protection of sensitive personal information in this overly dynamic environment. And I think it's going to take a government mandate. Don't get me wrong. I am in favor of market-driven initiatives. But the realist in me can't believe that, with their resources already stretched thin, the constituents of this splintered and diverse market can impose and enforce their own data-integrity regulations.

Naturally, this brings to mind the government-enforced regulatory alphabet soupCFR Part 11, GLBA, HIPAA, etc.that, among other things, provides rules to protect record confidentiality.

SAFEGUARDING SOCIAL SECURITY NUMBERS.

Take for instance, HIPAA, the Health Insurance Portability & Accountability Act, which is designed to ensure that health-insurance coverage is available for people who lose or change jobs. This rule, which also establishes standards for the maintenance of patient records, has had some very positive outcomes.

My health-insurance card, for instance, now bears a member I.D. number that differs from my SSN [a valid comparison when you consider that many universities use a student's SSN as a "student I.D. number," which means that the SSN is repeated on just about every scrap of information about that student]. I'd say that's a change for the better.

But the HIPAA experience has certainly not been all positive. Written in 1996, and made effective in 2003, this well-intentioned act has spawned its own industry: Books, Web sites, e-mail newsletters, and the like proliferate, thanks to HIPAA's sheer complexity. Just googling "HIPAA Consulting" will generate in excess of 22,000 hits. The plethora of HIPAA consultants, methods, and approaches underscores just how challenging meeting these requirements can be.

LEARNING FROM HEALTH CARE.

Even the HIPAA agreement you sign at the doctor's office reflects this. Here's a favorite quote of mine, pulled from a real HIPAA form: "If you do not object to these disclosures or we can infer from the circumstances that you do not object or we determine, in the exercise of our professional judgment, that it is in your best interest for us to make disclosure of information that is directly relevant to the person's involvement with your care, we may disclose your protected health information as described."

I'm sure this is not what those at the Health & Human Services Dept. had in mind when they crafted HIPAA.

So let's learn from HIPAA and its letter-happy brethren. Surely we can craft regulations for higher education that discourage the use of SSNs without creating too onerous a burden.

Let's try something simple, that mandates that colleges and universities have, say, one year to protect personal information by insulating it from the general network. Stage 2 could allow five years to phase out use of SSNs as the key identifier for anyone for whom that organization retains personal information, not just students and faculty.

Stage 3 could call for authentication methods that require a unique identifier other than SSN to allow interaction such as student registration, faculty study guide posting, and supplier order access. The negative reinforcement could take the shape of a publicly available, government-maintained Web site that identifies those universities and colleges who fail to take the privacy of their stakeholders as seriously as they ought.

Of course, nothing in life is quite that simple. But if we start with the idea that this can be an exercise in common sense, then we should be able to arrive at a solution that solves more problems than it causes.

Copyright © 2006 The McGraw-Hill Companies Inc. All rights reserved.

2 Comments:

Anonymous Anonymous said...

pretty pathetic if you ask me...

these schools tout their intelligence, as well as the intelligence of their student bodies, but, for some reason, cannot implement standard computer security policies or rid themselves of the need to have SSN's as a unique identifier.

What is confusing to me is that each and every school, that I know of, has a computer science department filled with students, who, are essentially, free labor.

It's not a matter of they can't do it, but more a matter of "they don't give a f**k."

sorry to by blunt, but when you tout security and student wellfare but only expend a small %% of your budget towards it, you have no cause for complaint when something happens.

8:09 AM  
Blogger Dave for MBA said...

I agree with you. It's very difficult to get quality IT people working in schools though. The pay isn't the greatest and the work tends to be mundane.

Moreover, full time talented webmasters are nearly absent from any school. I understand why. I don't see this issue being fixed anytime soon. There is so much politics involved here.

8:30 AM  

Post a Comment

<< Home

Journey to my MBA Locations of visitors to this page
Stay up to date with this Blog
Monitor changes to links on the sidebars of this Web Site
Dave's E-Mail

Subscribe with Bloglines Subscribe with My Yahoo! Subscribe with Google Subscribe in NewsGator Online Subscribe in Rojo Subscribe with Pluck RSS reader Subscribe with Bloglines Add to AOL
Get Updates of this Blog via Email:

Powered by Squeet.com
Some Noteworthy Blog Postings
Cornell-Johnson Visit Experience-Dave
MIT-Sloan Visit Experience-Dave
Wharton Visit Experience-Dave
Darden Visit Experience-'04-Dave
Darden Visit/Interview Experience-'06-Dave
Darden Pictures-'06
HBS Visit Experience-'04-Dave
HAAS Visit/Info Session-'04-Dave
Columbia Visit/Info Session-'04-Axechick
Tuck Visit/Info Session-'05-Laser
Tuck Visit/Interview '06-Dave
Tuck Pictures1-'06
Tuck Pictures2-'06
--------------------------------------------------------------
Michigan Info Sess. Experience-Dave
Columba Info Sess. Experience-Dave
Tuck Info Sess. Experience-Dave
World MBA Tour Experience-Dave
Travel Guides-Dave
Columbia Open House I-Droodoggie
Columbia Open House II-Droodoggie
--------------------------------------------------------------
Application Essay Advice-Dave
Application Essay Advice II-Dave
MBA App advice-Consulting/Management-Dave
Good Essay question Prep-Uniqpath
The MBA Journey Begins-Dave
The MBA App Process-MarketWiz
Picking Target Schools-Sghama
Pre-App Tips-Bloghorn8
How to interact w/ B-School Staff-Dave
Managing Your Recommenders-ClearAdmit
Schools I Picked & Why-Anand
Import App Elements-Redwolf056
A Successful Essay(Chicago GSB)-PowerYogi
Why Chicago GSB-Paul Jan
Stanford GSB Dean on Essays
------------------ Application Process ------------------
Advice on Admissions Consultants-Dave
Why get an MBA now?-Dave
Why do I need an MBA?-Dave
Story of Tenacity-Dave
MBA App Advice-Dave
Maximize your MBA Info Sess. Exp.-Dave
Low GPA Stories-Dave
Introspect on being resolute-Dave
Why Attitude Matters-Dave
Wharton's Interview Policy-RedWolf
Dealing with a Low GPA
Tuck's App Review Process
UCLA's App Review Process
Wharton's App Review Process
Every Essay Tells a Story
Your Story is so Interesting
What is a great essay?
Am I too young to apply?
When is the best time to apply?
Applying and not sure where to start?
Is school XXX any good?
The B-School Admit Hate List
Hey Applicant, Lay off the Buggin
Should I interview on or off campus?(See comment)
MBA Tour/Info Session Tip
The Interview
------------------ GMAT ----------------------------------
Low GMAT Success Stories
GMAT Score Needed in Europe
GMAT Score Needed
GMAT Score Needed by Age
GMAT Score Needed by Country
GMAT Score Needed by Race
GMAT Score Needed by Major
Budgeting time for the GMAT
Breaking the 700 Barrier
--------------------------------------------------------------
The B-School Route to Career Change
Pre-MBA Resources
MBA Math Build math and spreadsheet skills
Article
MBA Resources show all
--------- Video Interview's of B-School Deans -------
Video Interviews of B-School Deans
------------ B-School Visit Experiences ----------------
Admin Director Interviews
Visit Reviews
------------ MBA Forums ----------------------------------
Business Week Forum
Wharton Student Forum
PagalGuy.com(India)
Chicago GSB Forum
Yale Forum


----------- B-School Articles and News-----------------
How B-Schools get their name
BusinessWeek(B-School Headlines)
The Economist(News from Schools)
The Financial Times(Business Education)
Wall Street Journal(MBA Center)
----------- Gen MBA Info ---------------------------------
MBAMap.com
MBABuzz MBA Blogs, Forum, App Stat Plotter
MBA Info
GMAC
MBAZone.com
MBA Studylink
MBA Jungle
MBA Game Plan
MBA Official Guide
MBA Depot
Top 10 MBA
Ivy League Admissions.com
MBA Podcaster
MBA Jargon
MBA School Directory
Admission411
MBA 4 Success
Military MBA


------------ MBA Program Summary for Applicants---
Accepted.com
BusinessWeek.com
ClearAdmit School Guides
MBAMap.com
TopMBA.com
TheMBATour.com
WSJ School Snapshots
WSJ Who's Recruiting Where?
MBAPrepAdvantage School Profiles
------------ MBA Foreign Related -----------------------
Canadian MBA
Infozee "Foreign MBA"
------------ MBA Conf/Foundations --------------------
Top MBA
The MBA Tour
The MBA Diversity Alliance
Forte Foundation
Catalyst Women
Knowledge@Wharton Podcast
Association of MBAs
------------ Resume Help ---------------------------------
Wetfleet.com
Resumeedge.com
Resumedeli
Darden Resume's
MBA Game Plan Resume Help


------------ Essay Help ------------------------------------
American Dream Project.org - (Dave's Pick)
Essayedge.com (Samples) (Getting Started)
MBA Essay Strategy(download)
MBA Game Plan Essay Help
Some Classic Advice from Wharton Boards
Clear Edit Automated writing editor
MBA Studio


------------- Interview Insight --------------------------
B-School Interview Braindump-Accepted
B-School Interview Braindump-Clearadmit
------------- Ethnocentric Assoc. ----------------------
P.R.I.N.A.
yKAN
LEAD Program for minorities
------------- Post-MBA ------------------------------------
MBA Concepts
------------- MBA Articles---------------------------------
If you want your application to B-School to stand out;first do your homework properly, and then apply early
Admissions Tip:HBS Essay #2
Writing good essays from an ADCOM perspective
Top 5 MBA programs Article
The Full-Time Advantage
Overcoming Procrastination
Why B-School is good for our Economy

MBA Ranks show all
Ranks by Industry Sector Show
--------------------------------------------------------------
Forbes ranking measures the graduates' return on investment
Economist ranking reports how students and alumni rated their MBA experience
BusinessWeek surveys students and corporate recruiters and measures intellectual capital
Wall Street Journal is a corporate recruiter based poll (21 criteria)
U.S. News & World Report evals student selectivity and placement data and gathers the perceptions of deans and program directors to develop the ranking
Financial Times poll measures career progression of alumni, program diversity and a school's track record in producing new ideas in management
--------------------------------------------------------------
BusinessWeek '06 Rank
BusinessWeek '06 Slideshow
Financial Times '08 (PDF) (Interactive)
US News&World Report 2009
Economist 2008 Rankings
------Wall Street Journal Rankings--------------------
WSJ 2006(US)
WSJ 2006(International)
WSJ 2006(Academic Discipline)
WSJ 2006(Women)
WSJ 2006(Ethics)
WSJ 2006(Minorities)
WSJ 2006(Industry)
--------------------------------------------------------------
Forbes Rankings 05' Results - 07' Results
MBAINFO.com Rankings
Beyond Grey Pinstripes 2009
DTU Research per School
B-School Research Rankings
--------------------------------------------------------------
Financial Times E-MBA Rankings '06 PDF
BusinessWeek E-MBA Rankings '05
Money's top 100 MBA Employers '06
US News Category Ranks '06
Financial Times Category Ranks
--------------------------------------------------------------
Asia B-School Rank 2000
Australian 2005 Financial Review
German B-School Rank
Computerworld top techno MBA Survey
Consus Group B-School Rankings
Entrepreneur.com top 100 Entrepreneurial Colleges
Find MBA Rankings
International Education Commission's Top 10
Marr/Kirkwood Comparison Rankings
Official MBA Guide:MBA Program Ranking and Screening

GMAT Resources show all
GMAC-Register for GMAT
---------- GMAT Articles ----------------------------------
GMAT 700+ Stories(download)
Why Prepare?
About the GMAT
How someone got a 760 score
How someone got a 790 score
Mark Rice GMAT Advice
Low GMAT Success Stories

---------- GMAT Forums ----------------------------------
Beat the GMAT
GMAT Club Forum
Scoretop.com-Forum and Files!
TestMagic Forum


---------- GMAT Companies ------------------------------
Bell Curves
GMATTutor.com
GMAX Online(Online GMAT Course)
Kaplan
ManhattanReview
Manhattan GMAT
Perfect GMAT
Princeton Review
Syvum.com
Test Prep New York
Test Prep Review(Online Course)
Veritas GMAT Prep
790GMAT GMAT Guru(SF based)


---------- GMAT Self Study Guides ----------------------
Corrections to Official Guide 11th
Advanced GMAT Math Study Guide
Deltacourse
GMAT Study Strategy
Micro Edu GMAT Prep Material
Probability Review(download)
4GMAT - Math Books (India)


---------- GMAT Resource/Reference -----------------
GMAT Scratchpad
Dr Math
Dr Math-Pascal Triangle
GMAT Official Guide Question Info
HyperGrammar
Krysstal.com
Manhattan GMAT Study Guides (Dave's Pick)
Math.com (Math Skills Review)
MathGoodies.com
Merriam-Webster Online Dictionary
Texas A&M-College Algebra
The Math Page (For Basic Math Skills)
101 Basic Radical & Exponent Review


---------- GMAT Tests ------------------------------------
PowerPrep GMAT CAT (Dave's Pick)
Ascent Education
Arco
Axxent
800 Score (Dave's Pick)
English Test
GMATBuster
GMAT Cram.com
GMATExams.com
GMAT Practice Tests
Gorilla Test Prep
Manhattan GMAT Tests (Dave's Pick)
R&B Consulting Prep Software
Realtestquestions.com
ScoreTop Online Verbal-Quant Tests
TestMasters
TestPrep New York
Upstart Raising GMAT Simulator


Financing your MBA show all
Campusprogram.com
FastWeb
Finaid.com
Financial Aid Podcast
Foreign MBA.com
FreschInfo.com
Fundsnet-Search Engine
Gradloans.com
Graduate Fellowship Database
MBA.com-Loan info
MBAInfo-Article
MBAJungle-Article
Sallie Mae-MBA Loans
Studentawards.com
Tuitionpay.com
US Government's E-Scholar
MBA Admission Consultants show all
Accepted.com Forum
AdmissionConsultant.com
Brody Admissions
B-SchoolAdmission.com
Cambridge Essay Service
Clear Admit
EssayEdge.com
Essay Solutions
Expartus
Global Now
ManhattanReview
Maxx Associates
MBAdmission.com
MBA Applicant.com
MBA Apply
The MBA Exchange
MBAGameplan Article
MBAPrepAdvantage
MBA Studio
Stacy Blackman
Veritas Consulting
-------- Brazilian Admin Consultants ------------------
MBA Empresarial
-------- Commentary on Admin Consultants ----------
Why use them?
Comments about some of them
Not all Consultants are good
MBA Life show all
Chicago GSB Online Newspaper
Chicago GSB Magazine
Columbia B-School Wkly Online NewsPaper
Columbia Spectator Daily NewsPaper
Cornell Univ. Daily Sun (Main Campus)
Cornell Daily News Service Highlights
Dartmouth Online Newspaper
Tuck Today Online Happenings
Duke News & Community
HAAS Weekly
Harvard B-School Online Newspaper
Harvard Gazette Online Newspaper
Harvard Online Magazine
Kellogg Online Newspaper
News at MIT
Michigan(Ross) Newspaper
Texas McCombs Weekly
Michigan Daily Online Newspaper
Stern Online Newspaper
Stanford Online Newspaper
Stanford B-School Reporter
UCLA Qrtrly Assets Mag
Univ. Virginia Daily Online News
Wharton Online Newspaper
Yale Daily Online Newspaper
Yale Herald Online Newspaper
Blog & Other Resources show all
IQ Test
Efax.com
Bloglines
Computer Interval Clock
T-Mobile Coverage Check
Picasa
Hello.com
YouSendIt.com Send large files
Sendthisfile.com Send large files
Understanding Blog Template Code
SSI Developer - CSS
Changenotes.com-Web Monitor
Fodey.comNewspaperclip generator
MBA Related Books
Search Now:

Site Meter