Duane Morris Home
Search Site | Languages | Site Map | Alumni | Careers | Contact Us | Watch Duane Morris Video Listen to Duane Morris Podcasts, Webcasts and Audio Connect with Duane Morris LLP on LinkedIn Follow Duane Morris LLP on Facebook Follow Duane Morris LLP on Twitter Subscribe to RSS feed
  • About Duane Morris  ∨
    • Annual Report
    • Firm Rankings and Statistics
    • Past and Present
    • Firm Accolades and Honors
    • Attorney Accolades and Honors
    • Diversity and Inclusion
    • Women's Initiative
    • Pro Bono
  • Practices and Industries  ∨
    • Expanded Service Area Listing
  • People
  • Offices
  • Annual Report
  • News, Pubs and Multimedia  ∨
    • Alerts and Updates
    • Bylined Articles
    • In the News
    • Press Releases
    • For the Press
    • Video
    • Podcasts
    • Blogs
  • Events
  • Affiliates

By-Lined Articles
Events
For the Press

Home > Publications > By-Lined Articles

SHARE: Email this page Print This

By-Lined Article

It is Time To Address Data Breaches In Colleges And Universities

By Eric J. Sinrod
March 30, 2010
Findlaw.com

Eric SinrodIf you feel like you have been hearing quite a bit about data breaches in colleges and universities, there is a reason. Institutions from the educational sector reported more breaches than any other sector for the recent period of September 2008 to March 2009, according to the Privacy Rights Clearinghouse. Indeed, colleges and universities reported four times the number of breaches than the institutions within the health care sector; the sector that reported the second most data security breaches.

It certainly is laudable that educational institutions seem to take their data security breach notification responsibilities seriously, but it is imperative that they learn to avoid so many breaches in the first place. This is especially true given that colleges and universities collect personal and highly sensitive data not only from students, but also from faculty, personnel, applicants, alumni, business partners and others. This information often includes private financial, health, academic, demographic and other details.

Many of the data security incidents of educational institutions result from the loss or theft of equipment and errors leading to unauthorized access. Steps can and should be taken to safeguard equipment and access.

For those colleges that have not done so already, they really ought to have a Chief Privacy/Security Officer in place who provides overall guidance and direction. An analysis of how and where an educational institution collects, maintains, and distributes private information should be conducted. A privacy and security policy should be developed and followed by the institution.

In going about this process, colleges and universities should consult with legal counsel who are knowledgeable and skilled in this area. This is true for many reasons including the fact that many federal and state laws come into play in terms data requirements. These laws include state breach notice laws, the Gramm-Leach-Bliley Act, the Health Insurance Portability and Accountability Act, data security laws requiring encryption under certain circumstances, and other laws.

Hopefully as time goes on and as educational institutions get it right, we will hear less and less about data security breaches in this important sector.

Biography

Eric Sinrod is a partner in the San Francisco office of Duane Morris. His focus includes information technology and intellectual property disputes. To receive his weekly columns, send an e-mail to with the word "Subscribe" in the subject line.

Disclaimer: This column is prepared and published for informational purposes only and should not be construed as legal advice. The views expressed in this column are those of the author and do not necessarily reflect the views of the author's law firm or its individual partners.

Reprinted with permission of Findlaw.com

 

Duane Morris LLP & Affiliates. © 1998-2013 Duane Morris LLP. Duane Morris is registered service mark of Duane Morris LLP. Disclaimer | Privacy | Attorney Advertising
Other Languages: Chinese • Deutsch • Español • Français • Português