Welcome to the site! I'm a leader, author, and speaker in the field of school technology policies. Click the links to find more information and resources.
Hey, I thought those are confidential documents!
When you visit your lawyer’s office, you expect a high level of client confidentiality. However, in an odd turn of events, client information was discovered in a dumpster, even though the firm had policies and procedures in place to protect against this type of data leak.
http://www.suntimes.com/news/mitchell/2545870,CST-NWS-mitch29.article#
For any organization managing the private information of others, there seem to be three professions that struggle under high expectations:
- Medical offices - healthcare data
- Education - student and parent data, especially at the university level
- Legal firms - client information
In this case, the law firm was a bankruptcy-focused legal firm that did not manage its records of previous clients properly. In another case, a hospital lost the records of 800,000 patients. According to the Open Security Foundation, a research firm reviewing data breaches in various industries, over 500 universities have had data breaches since 2003.
So, what can you do?
- First, you need to understand the risks involved. A good place to start reading about the risk and the costs might be this article from Dark Reading. It’s not fun reading, but an important place to start.
- Second, you need to know where data can be stolen. Here’s a great article to read that identifies university data-theft opportunities. Hint: they aren’t all electronic! Another hint: They can be applied to different businesses and educational institutions!
- Third, plan now for data breaches. I know it’s not the most positive concept, but the Federal Trade Commission has an excellent set of resources that you should read and think through now with your staff members. While this comes from a business perspective, schools (and health care organizations, and legal firms, too) can adapt these resources to their needs. Prepare a strategy that works for your school, district, or group. (A little bonus on writing disclosure letters here!)
- Fourth, develop a culture of data protection. You can read more about creating this culture in my book, Smarter Clicking: School Technology Policies that Work!
Good luck protecting your data!
