Huffingtonpost.com has an expose on the problem of child identity theft. The issue of using child IDs for illegal purposes is not new to people following data security issues: in May of this year, for example, I blogged on two women who exclusively used students’ SSNs to commit ID fraud.
Only 50% of K-12 Schools Use Encryption
Regardless of how many people have reported on the issue, more coverage on the issue is always welcome, especially if it can reach a wide audience. The article is a pretty good read.
I’ve personally picked up a number of tidbits (you can’t know it all, after all):
- Data breaches result in a 6-fold increase in the likelihood of becoming a ID theft victim
- The collection of students’ SSNs was pushed by the No Child Left Behind Act
- The Department of Education has warned schools not to use students’ SSNs in their databases
- At least 40 data breaches of student information have occurred since 2005
- Only 50% of schools use encryption (via a Panda Security survey)
Why such low rates? The most oft-quoted reason is budget constraints.
Here’s an idea: don’t use SSNs as an identifier. The company that I work for is in the business of providing cloud-based disk encryption software, and we’re in agreement over here that the only way you can perfectly secure data is if you don’t collect it in the first place (it doesn’t take a genius to figure that one out).
Now, if you have to collect data, then encryption is one of the best solutions for protecting your data. (Even if you don’t collect SSNs, there’s plenty of student information that needs encrypting.)
It’s not impossible:
North Dakota students are assigned a 10-digit ID number when they enroll that sufficiently tracks their performance, leaving no need for Social Security numbers, according to Jerry Coleman, director of school finance at the North Dakota Department of Public Instruction.
“To protect those Social Security numbers would be a hassle we don’t need,” Coleman said in an interview. [huffingtonpost.com]
Think about it: if you don’t need to protect it, you don’t need a budget for it. Plus, you won’t get sued when a breach does occur.
Related Articles and Sites: