FindLaw columnist Eric Sinrod writes regularly in this section on legal developments surrounding technology and the internet.
If you feel like you have been hearing quite a bit about data breaches in colleges and universities, there is a reason. Institutions from the educational sector reported more breaches than any other sector for the recent period of September 2008 to March 2009, according to the Privacy Rights Clearinghouse. Indeed, colleges and universities reported four times the number of breaches than the institutions within the health care sector; the sector that reported the second most data security breaches.
It certainly is laudable that educational institutions seem to take their data security breach notification responsibilities seriously, but it is imperative that they learn to avoid so many breaches in the first place. This is especially true given that colleges and universities collect personal and highly sensitive data not only from students, but also from faculty, personnel, applicants, alumni, business partners and others. This information often includes private financial, health, academic, demographic and other details.
Many of the data security incidents of educational institutions result from the loss or theft of equipment and errors leading to unauthorized access. Steps can and should be taken to safeguard equipment and access.