Privacy Breach Database Presentation A Powerpoint

Purpose of Our Session:
- present examples of breaches in the
educational area
- identify the impact of privacy breaches
- use the breach data base as a teaching tool
for in-service
Breach Database
Education Focused - Privacy Breach Database:
- Consists of some 32 examples of education related
privacy breaches categorized into 7 areas
- Internet links for each breach allow for a review of the
specific breach and required action on the part of the
- Additional resources and external links conclude the
- Individual breaches can be examined to highlight the
specific nature of a privacy breach
The Database
Malicious Computer Data Breaches:
Hackers Compromise 160,000 Student Healthcare Records at Berkeley,
Mills College
Hackers Steal Information for Over 70,000 Students/Alumni from Brock
Southern Connecticut State University Servers Compromised by Spam
Operation Potentially Exposing the Data of 11,000 Students
The Database
Malicious Computer Data Breaches:
Austin University Student Hacks in his School’s Computer System,
Accessing Over 50,000 Social Security Numbers & Other Data
Potentially 400,000 Student Records Breached When San Diego University
Server Is Infiltrated
The Database
Accidental Computer Data Breaches:
Faculty Member at an Ohio University Accidentally Places Social Security
& Grade Report Online – Data is Public for Over 3 Years before Being
A City College in Edmonton Accidentally Makes Student Data Available
Online – Data Included Credit Cards, SIN Numbers, Signatures, Etc.
Student Aid Records for 90 Individuals in Newfoundland were Publicly
Exposed Due to a Security Hole in an Online Database
Hundreds of McGill Student Academic Records Accidentally Made Public
on School Website
The Database
Accidental Computer Data Breaches:
Teacher in Manchester, England Accidentally E-Mails Attachment with
Student & Employee Data to Hundreds of Other Students & Employees
Four University of Texas Professors Accidentally Posted the Private Data
of Thousands of Student Online
Ryerson University Software Glitch Accidentally Posts Student Data
Online – Issue Not Correct for Weeks after the School was Informed of the
Western University Exposes the Data of Over 1,000 Graduate Students Data was Posted on an Unsecured Portion of Western’s Website
The Database
Malicious Physical Document & Data Breaches:
Laptop with the Data of Over 98,000 Students Stolen from the Graduate
Admissions Office of Berkeley University
Newfoundland School Board Found in Violation of Privacy Laws After
Stolen Laptop Exposed the Records of 28,000 Students
Entire Student Roll at College in Nassau New York Stolen from
Administrative Office – Over 21,000 Students Affected
Two University of Alberta Hospital Laptops Stolen – Over 300,000 Affected
The Database
Accidental Physical Document & Data Breaches:
Sensitive Student Information Found Along Road from Nashville, TN High
School (Video Report Included)
Keller, TX High School Mails Incorrectly Addressed Private Data to
Hundreds of Students
New York City School Accidentally Leaves 12 Boxes of Student Records
on Curb
Tennessee State University Employee Misplaces Flash Drive with Social
Security Data Of Over 9,000 Students
The Database
Accidental Physical Document & Data Breaches:
College Student Data Intended to be Shredded is Discovered Off-Campus
Hard Drive at Colorado University Goes Missing – Potentially Exposing
15,790 Students
The Database
Visual Privacy:
Story about Teacher in Quebec Negatively Affected by Cell Phone Video of
Her Posted on YouTube by Students
Stanford University Fights for Privacy Rights of Student
Pictures Posted Online
Article on Benefits and Perils of Video Cameras on School Buses
The Database
Visual Privacy:
English Newspaper is Censured for Posting Student Photos Online
Without Permission
Article on the Quebec Student Known as the “Light-Sabre Kid”
The Database
Anonymous Information:
City of Regina Accidentally Gives Out Extraneous Data to Outside
Researchers Exposing Thousands
YouTube and Viacom Agree to Mask Viewer Data
The Database
Data Storage Locations:
An Article on Google, Lakehead University and Their Connection to the
U.S. Patriot Act
CBC Article on Health Records Vs. The Patriot Act
The Database
Additional Resources:
“Data Loss Database”
Searchable Database of over
2,500 privacy breaches from
across the world, affecting
almost 5 million records.
The Database
Additional Resources:
Privacy Rights Clearinghouse
Chronological Database of Hundreds of Privacy Breaches
Information and Privacy
Commissioner of Ontario
The Database
Hamilton Spectator - Jan.28, 2010
January 28th is Data Privacy Day around the world, a day
dedicated to raising awareness about protecting personal
information, especially online.
The article contains a list of the major data privacy issues
today, according to the privacy commissioner's office. This
is a short sample:
- New technologies emerge daily, but often personal
information is required to use them. Consider how much
information you have handed over to play online games,
join social networks or even shop online. And what
happens if the information ends up in the wrong hands?
- Watch out for fraudulent e-mails, be on guard against
phishing -- lying about the real reasons someone is data
mining -- and much more.
Media Reports
Hamilton Spectator - Jan.28, 2010
“Privacy czar launches investigation over
personal-settings tool”
Privacy commissioner Jennifer Stoddart said yesterday the
complaint focuses on a personal-settings tool introduced
by Facebook last month.
The complainant alleges new default settings would have
exposed his information to a greater degree than settings
he had previously put in place.
Elizabeth Denham, the assistant privacy commissioner,
said in a news release the grievance echoes other
concerns expressed in recent months.
"Some Facebook users are disappointed by certain
changes being made to the site -- changes that were
supposed to strengthen their privacy and the protection of
their personal information."
Media Reports
“Identity Theft is much more than credit & debit
card skimming. It is the unauthorized collection
and fraudulent use of someone else’s personal
Hamilton Police Department Definition
Identity Theft
Types of Identity Theft:
- Thief obtains a credit card in victim’s name using personal information.
- Thief calls victim’s credit card company and pretending to be the victim.
- Thief changes the address on victim’s credit card account. In this
instance victim may not know of theft for quit some time.
- Thief obtains a cell phone account in victim’s name using stolen
- Thief opens a bank account in victim’s name using stolen identification.
- Thief steals credit or debit card information from victim’s card. The thief
then manufactures a forged card and attacks victim’s account.
Identity Theft
Some Facts about Identity Theft:
- Identity theft, skimming and other crimes related to criminals getting your
personal information is the fastest growing and costliest consumer crime in
North America
- Identity theft crimes have grown 100% every year since 1997, the year that
this type of crime began to be taken seriously
- In 2003 (the most recent year stats were available), identity theft cost the
Canadian Economy 2.5 billion dollars, and has only risen from there
- Canadians have a 1 in 10 to 1 in 20 chance of being victimized by Identity
Theft in their lifetime. By comparison, your chance of being physically
victimized (via assault, robbery, etc.) in your lifetime is much
less than 1 in 100.
Source: Hamilton Police Dept.
Identity Theft
Law Enforcement Suggestions on How To Avoid
Identity Theft:
- Place passwords on your credit and debit cards and change these often.
Avoid using easily available information, ie: birthdate and phone numbers as
your password.
- Secure personal information in your home.
- Don’t give personal information out over the phone, through the mail or over
the internet, unless you initiate the contact.
- Guard your mail and your trash from theft. Deposit outgoing mail at the post
office or secure box instead of an unsecured mailbox. Remove mail from your
mailbox promptly. Put your mail on hold if you are going
to be away.
Source: Hamilton Police Dept.
Identity Theft
Law Enforcement Suggestions on How To Avoid
Identity Theft:
- Shred all mail and paperwork that contains personal information.
-Do not carry your SIN card on your person; keep it in a safe place. This should
also be so for any identification not needed on a daily basis.
- When using you debit or credit card always keep it in your view, watch the
clerk as they process your card and always protect you PIN.
Source: Hamilton Police Dept.
Identity Theft
Teacher In-service Using the Breach Database
- Select a data base item from the one of the 7 areas
- Connect to the internet through the link
- Printed examples will be used in the workshop
- Review with staff the event, nature of the breach and type of information
compromised by this breach
- Pose the following questions for discussion:
a) Was the information of a nature that could compromise the
identity of the individual?
b) Could the information be used for malicious purposes?
c) Are there legal implications for our organization due to the loss
of this data?
d) Have we followed the necessary steps to inform the parties of
the loss of this information?
e) Have we done or can we do anything to re-secure this
Using The Database
Now It’s Your Turn:
Create a group for discussion purposes:
Your board team, or a group of 5 or 6
1) Select a breach from the database.
2) Review the breach on the internet or use one of the printed
3) Pose the questions.
4) Be prepared to report your discussion (20 minutes).
5) Each teams reports will be posted.
Using The Database
Best Practices to Prevent Breaches:
Resources available for use in teacher in-service:
- Privacy videos found on the London region MISA website
- Teacher videos
- Administration and Central Staff videos (Principals)
- I.T. Videos
- MISA Breach database found in pdf. format on the MISA
website resources
- PIM Guidelines
Using The Database
Physical Document & Data Protection for
Click image to stream video in Media Player. Or visit the link below:
PIM Videos
Digital Data Protection for Admin/Staff
Click image to stream video in Media Player. Or visit the link below:
PIM Videos
Discussion Questions for Teachers Physical
Document & Data Video:
1. Is there a clear purpose for each type of personal information
that I collect, use, retain, or disclose?
2. Do I know when it is appropriate to destroy personal,
confidential, or sensitive information? When destroying such
information, do I place it in the appropriate shredding bins?
3. Are Ontario Student Records (OSR) and Office Index Cards
securely stored in the main office of the school and are only
accessible by authorized personnel in the main office of the school.
4. Do I ensure that information about a student(s) is shared only
with other staff in the school who are assigned to work with the
student(s), and only as needed to improve the education of the
PIM Videos
Discussion Questions for Admin/Staff Digital
Data Protection Video:
1. Have I safeguarded all electronic personal information records
maintained in password-protected databases?
2. Do I refrain from storing personal, confidential, or sensitive
information on a Shared Network Drive?
3. Do I immediately pick up any personal, confidential, or sensitive
records sent to printer or photocopier or received by fax?
4. Before sending personal, confidential, or sensitive information
via email, have I considered taking precautions such as removing
personal information?
PIM Videos
Discussion Questions for Admin/Staff Digital
Data Protection Video:
5. Are computer access rights reviewed and updated regularly to
ensure that I do not have access to personal information that I do
not need to perform my duties and responsibilities?
6. Am I following the procedures in place for safeguarding personal
information on laptops, memory sticks, personal digital assistants
(PDAs, e.g., BlackBerry devices), etc.?
7. Do I sometimes share passwords with others? If so, do I
immediately change my password afterwards?
PIM Videos