And yet, university officials are alerting over 2000 students and alumni about the incident. If the university had opted to use laptop encryption they wouldn’t have felt the need to do so. So did they? Or did they use something else, perhaps file encryption, and find out that the sensitive file was not actually encrypted? The article does not specify. The lost information included names, grades, e-mail addresses, and student ID numbers of those who took economics classes between 1997 and spring 2008.
ISU has not been lax when it comes to data security. There’s the encryption, password?protection, and the biometric scanner on the laptop. Plus, ISU stopped using SSNs as student ID numbers beginning in 2003. However, that still leaves vulnerable all the people who were students between 1997 and 2002—again, if encryption was not used.
When asked, a spokesperson answered, somewhat circumspectly, that the faculty member had violated university policy: storage of private and sensitive data is prohibited on laptop computers.
With all of this going on, I can’t shake the feeling that ISU has gone from doing a great job to doing a great disservice. If security measures—credible ones—were not on that laptop, I’d imagine that all of this hullaballoo would be necessary. But that’s not the case. If the correct type of encryption software was used, an explanation is not necessary. It is what it is: a laptop got stolen. This is not unusual. A recent article claimed over 1000 laptops are lost or stolen every day at US airports alone. Professors are not immune from theft. And, theft and loss are the exact reason why people are recommended to encrypt the data on their computers in the first place.
So, is ISU doing a disservice? I’m sure there will be many differing opinions out there, but that’s the way I feel. Why scare your alumni and students if the security measures make it a non?event? You still want to discipline the professor, since he broke the rules, but otherwise…?
It reminds me of that scene in “Hancock” where Will Smith is trying to get permission from a fallen officer as to whether he can touch her in order to save her. In certain situations, you just don’t have make a show of “alerting” people of what’s happened and what your intentions are. In fact, doing so is just counterproductive.