A data breach occurs when sensitive or personal information is stolen by unauthorized persons. Many businesses and banks have become victims of data breaches and now it seems educational institutions are also vulnerable to such data security issues. According to a recent report, the Jersey City school district is investigating how a Sherman Avenue charter school obtained personal information about district students.
The report says that sensitive personal information of elementary school students was included in mailings from the New Jersey school to prospective students. Parents received a registration form from the Math Engineering Technology and Science, or METS, Charter School of Jersey City last month that included students’ names, addresses, phone numbers, and birthdays and in most cases, Social Security numbers too. It is estimated that 600 families received the form in the mail.
Though a district official later said that the METS Charter School did not obtain the information from the city school data, but was using a list it obtained three years ago, the fact that the students’ personal information has been exposed is a matter of concern. Additional checks of the district’s data systems also indicated that there was no breach. The city school officials have directed Charter School to stop using the list immediately and to turn it over to the school district.
Poorly safeguarded and improperly shared student data pose real threats to children and families – from identify theft to nuisance advertising or misguided profiling to increased surveillance of everyday activities.
Coming to businesses, it appears that standard data security measures are no longer sufficient. The U.S. Chamber of Commerce Common Sense Guide to Cyber Security puts forward the following data security practices:
- Installing a firewall to guard against harmful incoming and outgoing messages
- Removing unused software and old employee accounts
- Removing data on hardware before disposal
- Implementing network security with access controls
- Establishing and following a security financial risk management plan
According to industry experts, a comprehensive plan should also include the following:
- Healthcare organizations need to keep patient records segmented and out of the general network with controls that are evaluated on a regular basis
- Companies should train employees about data security practices and use strong passwords
- A strong identity management program would help determine who accessed what and when
- A system that covers external threats is necessary
- Companies need to have the capability to identify when a breach is taking place and deal with the situation effectively
If a company relies on third party service providers for back office support, they should take special care to choose a partner that has stringent measures in place to protect client information.