Data Breach at Cornell University Reveals Security Policy Gaffe

There is a data breach at Cornell University that has compromised thousands of files with sensitive, confidential information. The security breach involves the names and security numbers of approximately forty five thousand (45,000) people.

This incident illustrates one of the pitfalls of data security. Policy set in place becomes meaningless unless there is some adherence to the protocol:

“… “Cornell’s information security policies and guidelines do not allow unencrypted confidential personal data to be stored on any computer device that is not in a physically secured location. This employee’s actions, although unintentional, violated our policy and practices.”"

link: Valuable computer swiped from Cornell

This incident could cost the university thousands of dollars in providing credit monitoring for those who had their personal information on that computer. Perhaps lawsuits will follow. This incident and situations like this beg the question whether there are any consequences for those individuals who fail to follow stated policy and endanger the economic welfare of thousands.

Catherine Forsythe