UCD USB Security Breach

ironclaw

From UCD:

I am writing to inform you that a USB key containing some information about engineering students was mislaid by a staff member while on a work-related offsite meeting.

The USB key contained a report on Semester 1 2011/2012 results with the following information relating to you:

Student number, student name, major, stage, modules, credit and grade data for the semester.

Student information held by the University is strictly managed and I apologise to you that, on this occasion, in breach of University policy, the information was not encrypted.Though an investigation is ongoing, assisted by the member of staff who reported the loss, at this stage we must act on the assumption that the USB key is lost and will not be recovered.

You have to ask why any of this information was required to be in one place, offsite and unencrypted.

kippy

ironclaw wrote: »

From UCD:



You have to ask why any of this information was required to be in one place, offsite and unencrypted.

Poor information security policy/adherance.


TBF, theres not much "important" data there, no PPS, Address, phone number etc, however it still is a data loss.

ironclaw

kippy wrote: »

Poor information security policy/adherance.


TBF, theres not much "important" data there, no PPS, Address, phone number etc, however it still is a data loss.

I just found it shocking that it correlated Student Names and Student Numbers. That alone is fairly annoying. Academic records are very private for some individuals.