[IP] more on NYU student data leak
Delivered-To: dfarber+@xxxxxxxxxxxxxxxxxx
Date: Sun, 11 Jan 2004 15:07:39 -0500
From: Chris Hoofnagle <hoofnagle@xxxxxxxx>
Subject: Re: [IP] NYU student data leak
X-Sender: souvarine@xxxxxxxxxxxxxxxxxx
To: dave@xxxxxxxxxx
At 07:09 PM 1/10/2004, you wrote:
>>Delivered-To: dfarber+@xxxxxxxxxxxxxxxxxx
>>Date: Sat, 10 Jan 2004 12:05:47 -0500
>>From:
>>To: Dave Farber <dave@xxxxxxxxxx>
>>
>>Dave: Not mentioned in this article is that at the start of 2003,
>>NYU laid off its senior system and network security manager, who
>>had been with the university for nearly 18 years, in a budget-cutting
>>round. At the time of the layoff, the manager was working on privacy
>>issues, including HIPAA compliance.
>>
>>http://www.nytimes.com/2004/01/10/nyregion/10identity.html
>>
>>January 10, 2004
>>Students' Data on Web, and N.Y.U. on Defensive
>>By KAREN W. ARENSON
>>
>>Three years ago, when Brian Frank entered New York University, he
>>signed up for intramural basketball, providing his name and his
>>university identification number, which was also his Social Security
>>number.
>>
>>Yesterday morning, Mr. Frank, who is now a senior, learned from N.Y.U.
>>that these details had been posted on the Internet. He was among about
>>1,800 N.Y.U. students who received the same e-mail notification from
>>the university. In some cases, students' phone numbers were posted,
>>too.
Hi Dave,
Also not mentioned is New York's Educational Code, which places
limits on public and private schools' use of the SSN. It's meant to
avoid this type of release.
Generally, it's considered best practice not to use the SSN
routinely as an identifier. Many schools do have to collect it for
financial aid/employment reasons, however, that doesn't mean that it
needs to be used for other purposes. I wrote a paper on this and
other higher education student privacy issues that's online at
http://www.epic.org/epic/staff/hoofnagle/studentprivacy.html
The New York Code is below.
Regards,
C
http://caselaw.lp.findlaw.com/nycodes/c30/a3.html
Article 1
2-b. Use of student social security numbers restricted.
S 2-b. Use of student social security numbers restricted. No public or
private elementary or secondary school or college as defined in section
two of this article shall display any student`s social security number
to identify such student for posting or public listing of grades, on
class rosters or other lists provided to teachers, on student
identification cards, in student directories or similar listings, or,
unless specifically authorized or required by law, for any public
identification purpose.
--------------------------------------------------------------------
Chris Hoofnagle, Assoc. Director +1.202.483.1140 (tel)
Electronic Privacy Information Center +1.202.483.1248 (fax)
1718 Connecticut Ave., NW Suite 200 hoofnagle@xxxxxxxx
Washington, DC 20009 USA
http://www.epic.org/ http://www.privacy.org/
PGP Key: http://epic.org/epic/staff/hoofnagle/pgp.txt
--------------------------------------------------------------------
-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/