Editorial: Leak exposes irresponsibility
A campus-wide disposal policy should be implemented
In light of the department of mathematics' private information leak, the Editorial board has a solution: create a standard file disposal practice.
EDITORIAL BOARD
Friday, September 21st, 2007
When people choose to become affiliated with the University of Kansas, whether as students, faculty or other employees, they knowingly surrender personal information to the institution under the assumption that this critical data will be safeguarded and kept private. Unfortunately, elements within the University have violated this trust by disposing of sensitive materials in a less-than-secure manner. The lessons from this event must be absorbed to prevent future errors; only luck has prevented identity theft thus far.
Tuesday, the Kansan, along with the Lawrence Journal-World and the Kansas City Star, received two envelopes from an anonymous source containing copies of numerous personal records that allegedly originated from Snow Hall. Among the contents of the envelopes were Social Security numbers, addresses, insurance details and grades. The contents were eventually returned to the University after the Kansan had reported the story.
A task force, consisting of officials from numerous administrative offices, is currently investigating the breach. While it is mildly comforting that the University has taken notice of this glaring violation, the obvious conclusion is that such a group should have existed long before now. It should not take a near-catastrophe for the University to take the safety of personal information seriously.
According to Lynn Bretz, director of university communications, there is no University-wide, consistent method of data disposal. It is unacceptable to allow departments to throw out records however they see fit. It is not enough to lay blame on one person or even one department. It is easy to assume that eliminating one weak link will fix the underlying problem; that is not the case. The buck must stop somewhere, and the University as a whole must take responsibility for the failings of its departments.
Personal data breaches, whether by accident or design, have occurred before at KU—several times. The last incident of this sort occurred in July 2007, when graded papers and student information were found in empty offices in Wescoe Hall. In April 2004, hackers successfully accessed the Watkins Memorial Health Center and were able to view prescription records. On other occasions, financial and housing information were made available to the public.
Leaks, electronic and printed, have occurred no less than four times before this most recent incident. Of the five instances on record, only one was carried out with malicious intent. It is one thing for someone to deliberately set out to acquire these records. It is another—and completely worse—issue entirely for the University to so cavalierly dispose of them. Thieves are expected to treat property with a lack of respect; for the University to do so is irresponsible.
The documents allegedly left in recycling bins and a dumpster outside of Snow Hall were not merely papers. They encompassed the most guarded aspects of people’s lives. Identity theft remains a critical concern. A person’s entire financial livelihood could have been compromised, their reputation destroyed. This misstep must never repeat itself.
Following this latest development, a standardized and reliable method of information disposal should be a top priority. Members of the University community should be able to trust KU with their data. The troubling feeling is that such confidence will not be forthcoming, and there is no sound reason to think that this event will be the last—or worst—of its kind.
Discussion
All comments are moderated by Kansan.com staff. For our full user policy, click here.
Share your 2¢
Requires free registration.