OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Re: [Dataloss] Second laptop with student data was stolen

From: Chris Walsh (cwalshcwalsh.org)
Date: Fri Oct 20 2006 - 10:09:21 CDT


On Fri, Oct 20, 2006 at 07:07:16AM -0400, Dissent wrote:
> University of Minnesota officials confirmed Thursday a second theft of
> a laptop computer this summer that contained private student data.
>
> The incident involved a U art department laptop holding about 200
> student names, university IDs and grades but no Social Security
> numbers. It was stolen from a faculty member in June during a trip to
> Spain.
>
> There's no indication the data have been misused, though the loss was
> considered a security breach under Minnesota law.

The law in MN seems typical:

        For the purposeses of this section, "personal information"
        means an individual's first name or first initial and last name
        in combination with any one or more of the following data
        elements, when either the name or the data elements is not
        encrypted:
           (1) Social Security number;
           (2) driver's license number or Minnesota identification
        card number; or
           (3) account number or credit or debit card number, in
        combination with any required security code, access code, or
        password that would permit access to an individual's financial
        account.

I don't see how disclosure of this breach falls under this law. Of course,
it's fine if they want to go above and beyond. I'm just reacting to the
"loss was considered a breach" sentence.
_______________________________________________
Dataloss Mailing List (datalossattrition.org)
http://attrition.org/dataloss
Tracking more than 137 million compromised records in 430 incidents over 6 years.