[Dataloss] Second laptop with student data was stolen
Chris Walsh
cwalsh at cwalsh.org
Fri Oct 20 11:09:21 EDT 2006
On Fri, Oct 20, 2006 at 07:07:16AM -0400, Dissent wrote:
> University of Minnesota officials confirmed Thursday a second theft of
> a laptop computer this summer that contained private student data.
>
> The incident involved a U art department laptop holding about 200
> student names, university IDs and grades but no Social Security
> numbers. It was stolen from a faculty member in June during a trip to
> Spain.
>
> There's no indication the data have been misused, though the loss was
> considered a security breach under Minnesota law.
The law in MN seems typical:
For the purposeses of this section, "personal information"
means an individual's first name or first initial and last name
in combination with any one or more of the following data
elements, when either the name or the data elements is not
encrypted:
(1) Social Security number;
(2) driver's license number or Minnesota identification
card number; or
(3) account number or credit or debit card number, in
combination with any required security code, access code, or
password that would permit access to an individual's financial
account.
I don't see how disclosure of this breach falls under this law. Of course,
it's fine if they want to go above and beyond. I'm just reacting to the
"loss was considered a breach" sentence.
More information about the Dataloss
mailing list