Presentation is loading. Please wait.

Presentation is loading. Please wait.

Breach Database Purpose of Our Session: - present examples of breaches in the educational area - identify the impact of privacy breaches - use the breach.

Published byElijah Hawkins Modified over 9 years ago

Similar presentations

Presentation on theme: "Breach Database Purpose of Our Session: - present examples of breaches in the educational area - identify the impact of privacy breaches - use the breach."— Presentation transcript:

1

2 Breach Database Purpose of Our Session: - present examples of breaches in the educational area - identify the impact of privacy breaches - use the breach data base as a teaching tool for in-service

3

4 The Database - Consists of some 32 examples of education related privacy breaches categorized into 7 areas - Internet links for each breach allow for a review of the specific breach and required action on the part of the institution - Additional resources and external links conclude the database - Individual breaches can be examined to highlight the specific nature of a privacy breach Education Focused - Privacy Breach Database:

5 The Database Hackers Compromise 160,000 Student Healthcare Records at Berkeley, Mills College http://www.securitymanagement.com/news/hackers-compromise-160000- student-healthcare-records-berkeley-mills-college-005621 Hackers Steal Information for Over 70,000 Students/Alumni from Brock University http://www.cbc.ca/technology/story/2006/10/12/tech-brock.html Southern Connecticut State University Servers Compromised by Spam Operation Potentially Exposing the Data of 11,000 Students http://www.pcworld.com/businesscenter/article/145087/after_web_deface ment_university_warns_of_data_breach.html Malicious Computer Data Breaches:

6 The Database Austin University Student Hacks in his School’s Computer System, Accessing Over 50,000 Social Security Numbers & Other Data http://www.msnbc.msn.com/id/9239576/ Potentially 400,000 Student Records Breached When San Diego University Server Is Infiltrated http://attrition.org/dataloss/2004/03/sdsu01.html Malicious Computer Data Breaches:

7 The Database Faculty Member at an Ohio University Accidentally Places Social Security & Grade Report Online – Data is Public for Over 3 Years before Being Noticed http://www.miami.muohio.edu/documents_and_policies/privacyhelp.cfm A City College in Edmonton Accidentally Makes Student Data Available Online – Data Included Credit Cards, SIN Numbers, Signatures, Etc. http://attrition.org/dataloss/2007/10/macewan01.html Student Aid Records for 90 Individuals in Newfoundland were Publicly Exposed Due to a Security Hole in an Online Database http://www.cbc.ca/consumer/story/2008/09/08/student-breach-data.html Hundreds of McGill Student Academic Records Accidentally Made Public on School Website http://www.cbc.ca/canada/montreal/story/2007/04/27/mcgill-privacy.html Accidental Computer Data Breaches:

8 The Database Teacher in Manchester, England Accidentally E-Mails Attachment with Student & Employee Data to Hundreds of Other Students & Employees http://www.vbsnet.com/news/2009/04/30/ico-acts-on-student-privacy- breach.html Four University of Texas Professors Accidentally Posted the Private Data of Thousands of Student Online http://www.woai.com/content/news/newslinks/story/U-T-Students- Personal-Information-Accidentally/VQQrtNfAc0WcWgWzVtMU1g.cspx Ryerson University Software Glitch Accidentally Posts Student Data Online – Issue Not Correct for Weeks after the School was Informed of the Breach http://www.itworldcanada.com/news/ryerson-privacy-breach-highlights- immature-it-analyst-says/109118 Western University Exposes the Data of Over 1,000 Graduate Students - Data was Posted on an Unsecured Portion of Western’s Website http://communications.uwo.ca/com/western_news/stories/western_apolog izes_for_privacy_breach_20051027434109/ Accidental Computer Data Breaches:

9 The Database Laptop with the Data of Over 98,000 Students Stolen from the Graduate Admissions Office of Berkeley University http://www.channelregister.co.uk/2005/09/16/berkeley_laptop_theft_arrest/ Newfoundland School Board Found in Violation of Privacy Laws After Stolen Laptop Exposed the Records of 28,000 Students http://www.cbc.ca/canada/newfoundland-labrador/story/2008/07/25/school- theft-privacy.html Entire Student Roll at College in Nassau New York Stolen from Administrative Office – Over 21,000 Students Affected http://attrition.org/dataloss/2006/12/nassau01.html Two University of Alberta Hospital Laptops Stolen – Over 300,000 Affected http://www.cbc.ca/canada/edmonton/story/2009/06/24/edmonton-laptop- theft.html Malicious Physical Document & Data Breaches:

10 The Database Sensitive Student Information Found Along Road from Nashville, TN High School (Video Report Included) http://www.wsmv.com/news/18966430/detail.html Keller, TX High School Mails Incorrectly Addressed Private Data to Hundreds of Students http://datalossdb.org/archives/1099/2121/index.txt New York City School Accidentally Leaves 12 Boxes of Student Records on Curb http://query.nytimes.com/gst/fullpage.html?res=9F0DE4DD143EF937A1575 2C1A9629C8B63 Tennessee State University Employee Misplaces Flash Drive with Social Security Data Of Over 9,000 Students http://www.wsmv.com/education/17464384/detail.html Accidental Physical Document & Data Breaches:

11 The Database College Student Data Intended to be Shredded is Discovered Off-Campus http://attrition.org/dataloss/2005/08/and01.html Hard Drive at Colorado University Goes Missing – Potentially Exposing 15,790 Students http://www.jrrobertssecurity.com/security-news/security-crime- news0028.htm Accidental Physical Document & Data Breaches:

12 The Database Story about Teacher in Quebec Negatively Affected by Cell Phone Video of Her Posted on YouTube by Students http://www.cbc.ca/canada/ottawa/story/2006/11/24/you-tube.html Stanford University Fights for Privacy Rights of Student Pictures Posted Online http://www.sfgate.com/cgi- in/article.cgi?f=/c/a/1999/09/23/MN55114.DTL&type=printable Article on Benefits and Perils of Video Cameras on School Buses http://www.westmountexaminer.com/article-cp80346034-School-buses- may-be-wired-for-surveillance-privacy-experts-warn-of-perils.html Visual Privacy:

13 The Database English Newspaper is Censured for Posting Student Photos Online Without Permission http://www.timesonline.co.uk/tol/news/uk/article2260869.ece Article on the Quebec Student Known as the “Light-Sabre Kid” http://www.ctv.ca/servlet/ArticleNews/story/CTVNews/20090318/online_pri vacy_090318/20090318?hub=SciTech Visual Privacy:

14 The Database City of Regina Accidentally Gives Out Extraneous Data to Outside Researchers Exposing Thousands http://www.cbc.ca/canada/saskatchewan/story/2009/02/11/regina- information.html YouTube and Viacom Agree to Mask Viewer Data http://www.usatoday.com/tech/products/2008-07-15-2584242500_x.htm Anonymous Information:

15 The Database An Article on Google, Lakehead University and Their Connection to the U.S. Patriot Act http://www.theglobeandmail.com/news/technology/article675014.ece CBC Article on Health Records Vs. The Patriot Act http://www.cbc.ca/health/story/2008/05/05/fhealth-digitalrecords.html Data Storage Locations:

16 The Database “Data Loss Database” Searchable Database of over 2,500 privacy breaches from across the world, affecting almost 5 million records. http://datalossdb.org Additional Resources:

17 The Database Privacy Rights Clearinghouse Chronological Database of Hundreds of Privacy Breaches http://www.privacyrights.org/ar/ChronDataBreaches.htm Additional Resources: IPC Information and Privacy Commissioner of Ontario http://www.ipc.on.ca

18

19 Media Reports excerpt: January 28th is Data Privacy Day around the world, a day dedicated to raising awareness about protecting personal information, especially online. The article contains a list of the major data privacy issues today, according to the privacy commissioner's office. This is a short sample: - New technologies emerge daily, but often personal information is required to use them. Consider how much information you have handed over to play online games, join social networks or even shop online. And what happens if the information ends up in the wrong hands? - Watch out for fraudulent e-mails, be on guard against phishing -- lying about the real reasons someone is data mining -- and much more. Hamilton Spectator - Jan.28, 2010 http://www.thespec.com/ article/713274

20 Media Reports “Privacy czar launches investigation over personal-settings tool” Privacy commissioner Jennifer Stoddart said yesterday the complaint focuses on a personal-settings tool introduced by Facebook last month. The complainant alleges new default settings would have exposed his information to a greater degree than settings he had previously put in place. Elizabeth Denham, the assistant privacy commissioner, said in a news release the grievance echoes other concerns expressed in recent months. "Some Facebook users are disappointed by certain changes being made to the site -- changes that were supposed to strengthen their privacy and the protection of their personal information." Hamilton Spectator - Jan.28, 2010 http://www.thespec.com/ article/713275

21

22 Identity Theft “Identity Theft is much more than credit & debit card skimming. It is the unauthorized collection and fraudulent use of someone else’s personal information.” Hamilton Police Department Definition

23 - Thief obtains a credit card in victim’s name using personal information. - Thief calls victim’s credit card company and pretending to be the victim. - Thief changes the address on victim’s credit card account. In this instance victim may not know of theft for quit some time. - Thief obtains a cell phone account in victim’s name using stolen identification. - Thief opens a bank account in victim’s name using stolen identification. - Thief steals credit or debit card information from victim’s card. The thief then manufactures a forged card and attacks victim’s account. Types of Identity Theft: Identity Theft

24 - Identity theft, skimming and other crimes related to criminals getting your personal information is the fastest growing and costliest consumer crime in North America - Identity theft crimes have grown 100% every year since 1997, the year that this type of crime began to be taken seriously - In 2003 (the most recent year stats were available), identity theft cost the Canadian Economy 2.5 billion dollars, and has only risen from there - Canadians have a 1 in 10 to 1 in 20 chance of being victimized by Identity Theft in their lifetime. By comparison, your chance of being physically victimized (via assault, robbery, etc.) in your lifetime is much less than 1 in 100. Some Facts about Identity Theft: Identity Theft Source: Hamilton Police Dept.

25 - Place passwords on your credit and debit cards and change these often. Avoid using easily available information, ie: birthdate and phone numbers as your password. - Secure personal information in your home. - Don’t give personal information out over the phone, through the mail or over the internet, unless you initiate the contact. - Guard your mail and your trash from theft. Deposit outgoing mail at the post office or secure box instead of an unsecured mailbox. Remove mail from your mailbox promptly. Put your mail on hold if you are going to be away. Law Enforcement Suggestions on How To Avoid Identity Theft: Identity Theft Source: Hamilton Police Dept.

26 - Shred all mail and paperwork that contains personal information. -Do not carry your SIN card on your person; keep it in a safe place. This should also be so for any identification not needed on a daily basis. - When using you debit or credit card always keep it in your view, watch the clerk as they process your card and always protect you PIN. Law Enforcement Suggestions on How To Avoid Identity Theft: Identity Theft Source: Hamilton Police Dept.

27 Breakdown

28

29

30 - Select a data base item from the one of the 7 areas - Connect to the internet through the link - Printed examples will be used in the workshop - Review with staff the event, nature of the breach and type of information compromised by this breach - Pose the following questions for discussion: a) Was the information of a nature that could compromise the identity of the individual? b) Could the information be used for malicious purposes? c) Are there legal implications for our organization due to the loss of this data? d) Have we followed the necessary steps to inform the parties of the loss of this information? e) Have we done or can we do anything to re-secure this information Teacher In-service Using the Breach Database Using The Database

31 Now It’s Your Turn: Using The Database Create a group for discussion purposes: Your board team, or a group of 5 or 6 1)Select a breach from the database. 2)Review the breach on the internet or use one of the printed examples. 3)Pose the questions. 4)Be prepared to report your discussion (20 minutes). 5)Each teams reports will be posted.

32 Best Practices to Prevent Breaches: Using The Database Resources available for use in teacher in-service: - Privacy videos found on the London region MISA website www.misalondon.ca - Teacher videos - Administration and Central Staff videos (Principals) - I.T. Videos - MISA Breach database found in pdf. format on the MISA website resources - PIM Guidelines

33

34 Physical Document & Data Protection for Teachers PIM Videos Click image to stream video in Media Player. Or visit the link below: http://misalondon.ca/teacher_videos06.html

35 Digital Data Protection for Admin/Staff Click image to stream video in Media Player. Or visit the link below: http://misalondon.ca/teacher_videos02.html PIM Videos

36 Discussion Questions for Teachers Physical Document & Data Video: 1. Is there a clear purpose for each type of personal information that I collect, use, retain, or disclose? 2. Do I know when it is appropriate to destroy personal, confidential, or sensitive information? When destroying such information, do I place it in the appropriate shredding bins? 3. Are Ontario Student Records (OSR) and Office Index Cards securely stored in the main office of the school and are only accessible by authorized personnel in the main office of the school. 4. Do I ensure that information about a student(s) is shared only with other staff in the school who are assigned to work with the student(s), and only as needed to improve the education of the student(s). PIM Videos

37 Discussion Questions for Admin/Staff Digital Data Protection Video: 1. Have I safeguarded all electronic personal information records maintained in password-protected databases? 2. Do I refrain from storing personal, confidential, or sensitive information on a Shared Network Drive? 3. Do I immediately pick up any personal, confidential, or sensitive records sent to printer or photocopier or received by fax? 4. Before sending personal, confidential, or sensitive information via email, have I considered taking precautions such as removing personal information? continued... PIM Videos

38 Discussion Questions for Admin/Staff Digital Data Protection Video: 5. Are computer access rights reviewed and updated regularly to ensure that I do not have access to personal information that I do not need to perform my duties and responsibilities? 6. Am I following the procedures in place for safeguarding personal information on laptops, memory sticks, personal digital assistants (PDAs, e.g., BlackBerry devices), etc.? 7. Do I sometimes share passwords with others? If so, do I immediately change my password afterwards? PIM Videos

39

Download ppt "Breach Database Purpose of Our Session: - present examples of breaches in the educational area - identify the impact of privacy breaches - use the breach."

Similar presentations

Protect Our Students Protect Ourselves

Protect Our Students Protect Ourselves
Identity theft Protecting your credit identity. Identity Theft Three hundred forty three million was lost from consumers in 2002 The number of complaints.

Identity theft Protecting your credit identity. Identity Theft Three hundred forty three million was lost from consumers in 2002 The number of complaints.
Part I: Making Good Online Choices

Part I: Making Good Online Choices
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
HIPAA THE PRIVACY RULE Reviewed December 2012 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-

HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-
Presented By www.fmfcu.org/drexel Drexel and FMFCU.

Presented By Drexel and FMFCU.
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
1. What is Identity Theft? 2. How Do Thieves Steal An Identity? 3. What Do Thieves Do with Stolen Identities? 4. What Can I Do To Avoid Becoming a Victim?

1. What is Identity Theft? 2. How Do Thieves Steal An Identity? 3. What Do Thieves Do with Stolen Identities? 4. What Can I Do To Avoid Becoming a Victim?
Protecting Your Identity: What to Know, What to Do.

Protecting Your Identity: What to Know, What to Do.
Deter, Detect, Defend: The FTC’s Program on Identity Theft.

Deter, Detect, Defend: The FTC’s Program on Identity Theft.
Identity Theft. MIS Training Institute, Inc.Section X - Slide 2CS1 053 ©Network Security Services, LLC Outline n Definitions n Methods used n Ways to.

Identity Theft. MIS Training Institute, Inc.Section X - Slide 2CS1 053 ©Network Security Services, LLC Outline n Definitions n Methods used n Ways to.
BEWARE! IDENTITY THEFT CARL JOHNSON FINANCIAL LITERACY JENKS HIGH CSHOOL.

BEWARE! IDENTITY THEFT CARL JOHNSON FINANCIAL LITERACY JENKS HIGH CSHOOL.
Fraud, Scams and ID Theft …oh my! Deb Ramsay ESD 101 Chief Information Officer Technology Division.

Fraud, Scams and ID Theft …oh my! Deb Ramsay ESD 101 Chief Information Officer Technology Division.
Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.

Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.
What is identity theft, and how can you protect yourself from it?

What is identity theft, and how can you protect yourself from it?
1.3.1.G1 © Family Economics & Financial Education – Revised October 2004 – Consumer Protection Unit – Identity Theft Funded by a grant from Take Charge.

1.3.1.G1 © Family Economics & Financial Education – Revised October 2004 – Consumer Protection Unit – Identity Theft Funded by a grant from Take Charge.
Protecting the Confidentiality of Social Security Numbers Business Procedures Memorandum 66 Revised November 1, 2006 The University of Texas System.

Protecting the Confidentiality of Social Security Numbers Business Procedures Memorandum 66 Revised November 1, 2006 The University of Texas System.
SAFEGUARDING DHS CLIENT DATA PART 2 SAFEGUARDING PHI AND HIPAA Safeguards must: Protect PHI from accidental or intentional unauthorized use/disclosure.

SAFEGUARDING DHS CLIENT DATA PART 2 SAFEGUARDING PHI AND HIPAA Safeguards must: Protect PHI from accidental or intentional unauthorized use/disclosure.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”

PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”

Similar presentations

Ads by Google