This InformationWeek news article caught my attention:
"Students at Binghamton University in New York are circulating a petition to remove the university's chief information security officer following the discovery of boxes full of documents listing personal information of students and parents in an unlocked storage room. The existence of the unsecured documents was discovered March 6 by a reporter working for student radio station WHRW and disclosed on March 9."
First, kudos to the student reporter. Sloppy and poor data security should be reported. Second, the school's CISO should lose his/her job. This type of data breach happens far too often in higher education institutions:
"A recent report, "Breaches in the Academia Sector," by John Correlli of JMC Privacy Consulting Group, noted that from 2005 through 2007, there were 277 publicly reported breaches at colleges and universities in the United States. Eighty-nine of those incidents followed from unauthorized access, 45 came from accidental online exposure, and 37 were the result of a laptop theft. And of the 263 reported privacy data breaches in the United States in 2008, about one-third (76) occurred at colleges and universities."
The news broadcast from the local FOX television affiliate:
The good news: the Binghamton students "get it." They understand the importance of good data security and the consequences of poor data security. They understand the importance of accountability... of holding the proper person responsible. That person is the CISO.
Too bad that the University's officials don't get it.