Portable Sensitivity
Last week I received a packet in the mail from a former employer, Stanford University.
The letter was straightforward:
We are writing to inform you of a recent incident that could affect you. As some of you know form an email notification, we have discovered that information about you was in a data file on a stolen laptop. This data file contained sensitive personnel information about current and former Stanford employees.
Personal information contained in the data file may include some or all of the following: name, Social Security number, birth date, gender, home address and phone number in Stanford’s records, business title and salary while at Stanford, Stanford email address, Stanford ID card number and Stanford employee number.
The letter went on to say:
We understand the sensitive nature of the personal information entrusted to us by our employees, and it is our responsibility to keep it confidential. Stanford has well-established policies and guidelines in place that should have prevented this type of incident from occurring. This incident was a clear violation of our information security policy and procedures, and the result of human error.
I mention this because The Chronicle of Higher Education posted an article this morning about the increase in incidents like this at universities. The article cited incidents and several universities, including this at the University of Virginia,
Patrick A. Grant was stolen in April. A thief walked away with a laptop containing the University of Virginia biochemist’s name and Social Security number, as well as those of more than 7,000 other professors, staff members, and students. The machine belonged to a university employee who had taken it off campus — and then it was simply taken.
The next month, Mr. Grant discovered that criminals had amassed at least $22,000 in debt under his name.
Information on 62,000 current and former employees was on the laptop stolen in the Stanford incident.
