education new york online education new york online education new york online
Today's Info Policy News
Weekly Archive
Information Policy
Protecting your children's privacy: The Facts
contact us
site map
With the exact phrase
With all of the words
With at least one of the words
Without these words
Within these fields         
Date range limit

      Pick Date
Item(s) found: 37
Education Breaches 2013
Date CapturedFriday December 06 2013, 10:00 AM
Chronology of Education Data Breaches
Date CapturedTuesday March 12 2013, 4:03 PM
Date CapturedTuesday November 27 2012, 11:41 AM
Youth privacy & breaches.
NYS State Technology Law § 208 (Current as of 9/16/2011)
Date CapturedMonday March 12 2012, 6:12 PM
"State entity" shall mean any state board, bureau, division, committee, commission, council, department, public authority, public benefit corporation, office or other governmental entity performing a governmental or proprietary function for the state of New York, except: (1) the judiciary; and (2) all cities, counties, municipalities, villages, towns, and other local agencies.
Privacy Rights Clearinghouse chronology of education breaches
Date CapturedMonday September 05 2011, 11:07 AM
Beth Givens -- Privacy Rights Clearinghouse Education breach chronology from 2005 - 2011.
Office of Inadequate Security
Date CapturedMonday September 05 2011, 10:40 AM
Education breaches
Education New York comments re Student Privacy submitted to FERPA NPRM - May 23, 2011
Date CapturedMonday May 23 2011, 9:22 PM
Document ID: ED-2011-OM-0002-0001: Family Educational Rights and Privacy. The proposed changes to FERPA do not adequately address the capacity of marketers and other commercial enterprises to capture, use, and re-sell student information. Even with privacy controls in place, it is also far too easy for individuals to get a hold of student information and use it for illegal purposes, including identity theft, child abduction in custody battles, and domestic violence. Few parents are aware, for example, that anyone can request -- and receive -- a student directory from a school. Data and information breaches occur every day in Pre-K-20 schools across the country, so that protecting student privacy has become a matter of plugging holes in a dyke rather than advancing a comprehensive policy that makes student privacy protection the priority.
Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)
Date CapturedMonday May 03 2010, 11:04 AM
Recommendations of the National Institute of Standards and Technology - [The escalation of security breaches involving personally identifiable information (PII) has contributed to the loss of millions of records over the past few years. Breaches involving PII are hazardous to both individuals and organizations. Individual harms may include identity theft, embarrassment, or blackmail. Organizational harms may include a loss of public trust, legal liability, or remediation costs. To appropriately protect the confidentiality of PII, organizations should use a risk-based approach; as McGeorge Bundy once stated, "If we guard our toothbrushes and diamonds with equal zeal, we will lose fewer toothbrushes and more diamonds." This document provides guidelines for a risk-based approach to protecting the confidentiality of PII. The recommendations in this document are intended primarily for U.S. Federal government agencies and those who conduct business on behalf of the agencies, but other organizations may find portions of the publication useful. Each organization may be subject to a different combination of laws, regulations, and other mandates related to protecting PII, so an organization‘s legal counsel and privacy officer should be consulted to determine the current obligations for PII protection. For example, the Office of Management and Budget (OMB) has issued several memoranda with requirements for how Federal agencies must handle and protect PII. To effectively protect PII, organizations should implement the following recommendations.]
Personal Health Information Privacy
Date CapturedSunday January 10 2010, 4:42 PM
News about medical and electronic health privacy risk.
Federal data breach notification standard must pre-empt state laws
Date CapturedMonday November 16 2009, 8:33 PM
Nextgov Jill R. Aitoro writes -- [The Data Breach Notification Act, introduced in January by Sen. Dianne Feinstein, D-Calif., would authorize the attorney general to bring civil actions against firms that failed to notify people whose personal information had been compromised in a breach and would extend notification requirements to government agencies. The Personal Data Privacy and Security Act, introduced in July by Sen. Patrick Leahy, D-Vt., also would set notification requirements and tighter criminal penalties for identity theft and willful concealment of a breach, and would require businesses to implement preventive security standards to guard against threats to their databases.] [Two states are credited for having breach notification laws with the most teeth, said Peter McLaughlin, senior counsel with Foley & Lardner LLP and a member of the law firm's privacy, security and information management practice. Foley & Lardner released a report on Monday that provides in-depth coverage of all major aspects of U.S. and international security breach laws.]
‘‘Personal Data Privacy and Security Act of 2009’’ S. 1490
Date CapturedWednesday November 04 2009, 2:19 PM
11TH CONGRESS - 1ST SESSION -- S. 1490: To prevent and mitigate identity theft, to ensure privacy, to provide notice of security breaches, and to enhance criminal penalties, law enforcement assistance, and other protections against security breaches, fraudulent access, and misuse of personally identifiable information.
Date CapturedFriday October 30 2009, 9:44 AM
[The Study reports on the results of a survey of all fifty states and finds that state educational databases across the country ignore key privacy protections for the nation's K-12 children. The Study finds that large amounts of personally identifiable data and sensitive personal information about children are stored by the state departments of education in electronic warehouses or for the states by third party vendors. These data warehouses typically lack adequate privacy protections, such as clear access and use restrictions and data retention policies, are often not compliant with the Family Educational Rights and Privacy Act, and leave K-12 children unprotected from data misuse, improper data release, and data breaches. The Study provides recommendations for best practices and legislative reform to address these privacy problems.] Joel R. Reidenberg, Professor of Law and Founding Academic Director of CLIP Jamela Debelak, Esq., Executive Director of CLIP
A Facebook ‘Bug’ Revealed Personal E-mail Addresses
Date CapturedThursday May 07 2009, 7:12 PM
NY Times -- Gadget -- Riva Richmond [“In the course of one day I had Facebook go through over 10,000 e-mail addresses; ranging from reporters of prominent newspapers and CNN, to board of directors of Microsoft, Google, and Gates Foundation, and even the entire staff directories of government organizations and the World Bank,” Mr. Sheppard said in an e-mail message to a New York Times editor. “Of those it did find on Facebook, over 30% had their personal email addresses listed, which Facebook gladly gave me, without any of [the Facebook users] knowing.”]
Facebook Bug Reveals Private Photos, Wall Posts
Date CapturedSaturday March 21 2009, 12:52 PM
Washington Post Jason Kincaid (with HT to Anjool) writes [This isn't the first privacy bug to affect Facebook - users have previously been able to access private photos and view private profile information in search results. The error also serves as yet another blemish on the privacy controls of web-based services. Only two weeks ago, Google Docs revealed that it had inadvertently shared thousands of documents with users who should not have had access to them.]
Before the Federal Trade Commission Washington, DC 20580 In the Matter of Google, Inc. and Cloud Computing Services
Date CapturedTuesday March 17 2009, 6:48 PM
EPIC President Marc Rotenberg on Google and Cloud Computing [The recent growth of Cloud Computing Services signals an unprecedented shift of personal information from computers controlled by individuals to networks administered by corporations. Data breaches concerning Cloud Computing Services can result in great harm, which arises from the centralized nature of the services and large volume of information stored "in the cloud." Past data breaches have resulted in serious consumer injury, including identity theft. As a result of the popularity of Cloud Computing Services, data breaches on these services pose a heightened risk of identity theft. The FTC should hold accountable the purveyors of Cloud]
One in four data breaches involves schools
Date CapturedThursday March 12 2009, 3:02 PM
Wednesday, May 14, 2008 --Meris Stansbury, Assistant Editor, eSchool News writes - [One in four data breaches involves schools 'You're losing the cyber security battle,' experts warn during a higher-education computer-security conference near Washington, D.C.]
Privacy Rights Clearinghouse
Date CapturedThursday March 12 2009, 2:45 PM
Chronology of Data Breaches and lots more. Nice upgrade to website.
Advertisers Get a Trove of Clues in Smartphones
Date CapturedWednesday March 11 2009, 3:05 PM
NY Times STEPHANIE CLIFFORD writes [The capability for collecting information has alarmed privacy advocates. “It’s potentially a portable, personal spy,” said Jeff Chester, the executive director of the Center for Digital Democracy, who will appear before Federal Trade Commission staff members this month to brief them on privacy and mobile marketing. He is particularly concerned about data breaches, advertisers’ access to sensitive health or financial information, and a lack of transparency about how advertisers are collecting data. “Users are going to be inclined to say, sure, what’s harmful about a click, not realizing that they’ve consented to give up their information.”]
Date CapturedFriday March 06 2009, 4:15 PM
REUVEN BLAU writes [A civilian official of the NYPD's pension fund has been charged with taking computer data that could be used to steal the identities of 80,000 current and retired cops, sources said. Anthony Bonelli allegedly got into a secret backup-data warehouse on Staten Island last month and walked out with eight tapes packed with Social Security numbers, direct-deposit information for bank accounts, and other sensitive material.] ]
Data Breaches: Ignorance Is Dangerous
Date CapturedMonday December 15 2008, 6:41 PM
Pam Greenberg State Legislatures writes [As states continue to work on improving data breach laws, Congress also has been considering legislation. Some bills have made it out of committee, but none have had a floor vote. Federal legislation is a mixed blessing," says Simitian. "If we end up with a weaker set of provisions that also preempts the more rigorous state laws, that's not going to benefit consumers." Cate thinks Congress will act, and he's surprised it hasn't already. "It's probably because they found it a lot more complicated than they thought." The way data are collected, used and transferred across states, it's likely many companies will opt to comply with the most stringent provisions in state laws, Cate says. "One way or another, we'll have national preemption -- either from the state that adopts the toughest law or from Congress. But it's a classic case of states leading the way." ]
Date CapturedWednesday December 03 2008, 4:37 PM
Privacy news, data breaches, and privacy-related events and resources from around the world.
What Privacy Policy?
Date CapturedMonday June 23 2008, 3:06 PM
Forbes reports, "In recent years, passing on sensitive data points like e-mail addresses and credit card codes to marketing partners has also been a frequent source of corporate data breaches--about 40% of all breach incidents were a result of a third party's handling of data, according to another Ponemon study, released in November 2007."
Date CapturedSaturday June 07 2008, 3:52 PM
Privacy news, data breaches, and privacy-related events and resources from around the world.
Outbound Email and Data Loss Prevention in Today’s Enterprise, 2008
Date CapturedFriday June 06 2008, 7:23 PM
This report summarizes findings from Proofpoint’s fifth annual study of outbound email security and content security issues in the enterprise. This effort was started in 2004 when enterprise attitudes about inbound messaging issues (e.g., spam and viruses) were much better understood than concerns about outbound email content (e.g., data protection, privacy, regulatory compliance and intellectual property leak protection). This study was designed to examine (1) the level of concern about the content of email (and other forms of electronic messaging) leaving large organizations, (2) the techniques and technologies those organizations have put in place to mitigate risks associated with outbound messaging, (3) the state of messaging-related policy implementation and enforcement in large organizations and (4) the frequency of various types of policy violations and data security breaches.
Data Breaches Are Frequent, but Evidence of Resulting Identity Theft Is Limited; However, the Full Extent Is Unknown
Date CapturedThursday June 05 2008, 7:03 PM
GAO-07-737 -- There are two primary forms of identity theft. First, identity thieves can use financial account identifiers, such as credit card or bank account numbers, to take over an individual’s existing accounts to make unauthorized charges or withdraw money. Second, thieves can use identifying data, which can include such things as SSNs and driver’s license numbers, to open new financial accounts and incur charges and credit in an individual’s name, without that person’s knowledge. This second form of identity theft is potentially the most damaging because, among other things, it can take some time before a victim becomes aware of the problem, and it can cause substantial harm to the victim’s credit rating. While some identity theft victims can resolve their problems quickly, others face substantial costs and inconvenience repairing damage to their credit records.
Do Data Breach Disclosure Laws Reduce Identity Theft?
Date CapturedThursday June 05 2008, 6:07 PM
Identity theft resulted in corporate and consumer losses of $56 billion dollars in 2005, with about 30% of known identity thefts caused by corporate data breaches. Many US states have responded by adopting data breach disclosure laws that require firms to notify consumers if their personal information has been lost or stolen. While the laws are expected to reduce losses, their full effects have yet to be empirically measured. We use panel from the US Federal Trade Commission with state and time fixed-effects regression to estimate the impact of data breach disclosure laws on identity theft over the years 2002 to 2006. We find no statistically significant effect that laws reduce identity theft, even after considering income, urbanization, strictness of law and interstate commerce. If the probability of becoming a victim conditional on a data breach is very small, then the law’s maximum effectiveness is inherently limited. Quality of data and the possibility of reporting bias also make proper identification difficult. However, we appreciate that these laws may have other benefits such as reducing a victim’s average losses and improving a firm’s security and operational practices.
One in four data breaches involves schools
Date CapturedTuesday June 03 2008, 8:34 PM
By Meris Stansbury, Assistant Editor, eSchool News, "Cyber criminals are becoming bolder and more sophisticated in their operations, federal computer security experts say. And that's bad news for schools, because educational institutions reportedly account for approximately one of every four data security breaches."
The ID Divide -- Addressing the Challenges of Identification and Authentication in American Society
Date CapturedMonday June 02 2008, 3:03 PM
By Peter Swire, Cassandra Q. Butts. "Our report first explores the background of the issue, including the sharp rise in recent years in how often Americans are asked for proof of identity. We then examine the facts of the ID Divide in detail, identifying at least four important types of problems: A large population affected by identity theft and data breaches; The growing effects of watch lists; Specific groups that disproportionately lack IDs today; The effects of new and stricter ID and matching requirements.
E P I C A l e r t
Date CapturedThursday June 14 2007, 8:42 PM
Volume 14.12 ; June 14, 2007; Published by the Electronic Privacy Information Center (EPIC), Washington, D.C. Table of Contents: [1] Commission Adopts Rule on Phone Record Privacy [2] House Passes Law on Caller ID Spoofing [3] EPIC Testifies on Worker ID Systems [4] Privacy Groups File Amended Google/DoubleClick Merger Complaint [5] Trade Commission Adopts Rule on Security Breaches [6] News in Brief [7] EPIC Bookstore: "European Data Protection Law" [8] Upcoming Conferences and Events
2007 Identity Theft Resource Center (ITRC) Breach Report
Date CapturedTuesday June 12 2007, 8:58 AM
View breaches of records at education institutions in 2007.
Chronology of Data Breaches
Date CapturedSaturday May 12 2007, 10:34 PM
UCLA Probes Computer Security Breach
Date CapturedTuesday December 12 2006, 11:01 AM
AP reports, "The University of California, Los Angeles alerted about 800,000 current and former students, faculty and staff on Tuesday that their names and certain personal information were exposed after a hacker broke into a campus computer system. It was one of the largest such breaches involving a U.S. higher education institution."
Privacy? What privacy?
Date CapturedFriday September 22 2006, 11:35 PM
Minnesota Daily Kate Nelson opined on higher education online security breaches, "These threats to privacy and their effects are very real and are much more deserving of attention than the supposed dangers of Facebook. The notion that our "private" information is available to virtually anyone seeking it is not a possibility - it's reality.
Why break in? The reasons vary
Date CapturedWednesday August 02 2006, 8:41 AM
USA Today reports, "A USA TODAY review of 109 computer-related security breaches reported by 76 college campuses since January 2005 found that about 70% involved hacking — breaking into or gaining unauthorized access to a computer system."
Protect your passwords; University-level ID theft raises concerns at Arizona State U.
Date CapturedFriday July 07 2006, 12:25 AM reports, "A recent increase in computer security breaches at universities nationwide has led to concerns that computer hackers may be attempting to obtain personal information, such as social security numbers of students, faculty and alumni to be used for identity theft."

Back to Top of Page