“Hi, honey,” I asked my daughter on Thursday when I arrived at home, “how was school?”
“Well, Dad,” she started, “all my confidential information has been stolen.“
“What?!?” I sat down, a bit stunned that now, every member of my family–except my son–has had their confidential information compromised. As much as I believe in openness, I can’t believe how often unencrypted data finds its way into the hands of thieves, especially with identity theft so high.
“Yeah, one of the teachers at my school had information for 1,253 students on an external USB hard drive. He left the hard drive in his car and it was broken into.” One of the key points in the news article is a quote attributed to an administrator that implies, because the school is under-staffed, that it’s OK to let staff take unencrypted data home to work.
Furthermore, a valid criticism may be that the school district only advised parents to review their bank accounts, credit cards, etc. to check for suspicious activity. In the past, other school districts haven’t considered that an acceptable response to data theft. According to some, the school district (or any offending agency) should pay for Equifax and similar organizations to monitor credit accounts, providing periodic updates to students (many of them just starting college) and their parents about suspicious activity.
You know, as I reflect on this information, it occurs to me that the District in question has joined the Texas Teacher Retirement System (TRS), the Texas Comptroller in failing to properly encrypt confidential data for public school staff and students. Consider that my 82-year old mother (a retired educator of over 36 years), my wife (a public school educator), and now, my daughter, and I have ALL had our data stolen due to lack of encrypted data.
The problem, obviously, is that the folks in question who deal with confidential data in public schools are encrypting…maybe it’s just not a priority, and it should be. And, we only hear about the unencrypted data breaches because, as I recall, those with encrypted data that is stolen do not have to report it.
LifeHacker.com recently shared their response to the question, Do you really need to encrypt every file on your computer? A better question might be, Do you really need to encrypt every file on your portable media? Obviously in the case of the various organization staff members, the answer is a resounding YES.
Here’s my comment that I left on the LifeHacker site…why don’t you give AESCrypt a chance and encrypt every file you save to a portable drive? It’s easy to unencrypt, encrypt, etc.
Howdy! I would like to suggest another alternative–instead of using TrueCrypt (great solution)–consider encrypting individual files (or zips of files, if you prefer) using the free, open source, cross-platform solution, AESCrypt.com. It’s an excellent tool right-click for Windows, and command line for Linux and Mac. Here’s more info on it: [www.mguhlin.org]I really wish school districts would pay more attention to this kind of advice that you offer. Just yesterday, I found out that over 1000 students’ confidential data had been left unencrypted on an external USB hard drive. If that data had been encrypted, the school district wouldn’t have to endure having to pay for credit protection for students, their families, and the public embarrassment!
How are you protecting confidential documents in the context of K-12 public schools?