Educational Institutions Must Try To Protect Students' Personal Information - Technologist
Technologist - The FindLaw Legal Technology Blog

Educational Institutions Must Try To Protect Students' Personal Information

FindLaw columnist Eric Sinrod writes regularly in this section on legal developments surrounding technology and the internet.

Not surprisingly, educational institutions possess all sorts of private data with respect to their students. However, a bit more surprising is how easy it is for the privacy of that data to be compromised.

For example, the Washington Post recently reported that personal information relating to in excess of 103,000 former adult education students in Virginia was misplaced. That information included Social Security numbers, as well as employment and demographic details.

How did that happen? It was fairly simple, actually. A Virginia Education Department employee reportedly passed on a two-gigabyte flash drive during a meeting for use as part of federally mandated research. Unfortunately, the flash drive was not encrypted and it went missing the day after the physical transfer. The lost flash drive reportedly contained private information for all students who completed an adult education course between April, 2007 and June, 2009 or who had passed a high school equivalency test from January, 2001 to June, 2009.

There is no question that educational institutions, whether private or governmental, have certain obligations to protect personal information entrusted to them by students. These institutions should consult with counsel and information technology specialists to develop practices to protect this information. And when private information is compromised, students should be advised how to implement measures to avoid identity theft.

In this unfortunate instance, private data was transferred in a manner that was not secure. This could have been easily avoided. And without proper procedures having been followed on the front-end, a great many former students have to deal with the potential of negative consequences flowing from this incident. Hopefully, the flash drive will not fall into the hands of anyone who would want to take advantage of the private information contained on the drive.

 

Eric Sinrod is a partner in the San Francisco office of Duane Morris LLP (http://www.duanemorris.com) where he focuses on litigation matters of various types, including information technology and intellectual property disputes.  His Web site is http://www.sinrodlaw.com and he can be reached at ejsinrod@duanemorris.com.  To receive a weekly email link to Mr. Sinrod's columns, please send an email to him with Subscribe in the Subject line.

This column is prepared and published for informational purposes only and should not be construed as legal advice.  The views expressed in this column are those of the author and do not necessarily reflect the views of the author's law firm or its individual partners.

 

Related Resources: