Disk Encryption In University Settings: U Of MN Law Professor’s Laptop Stolen.

The use of laptop encryption in academic settings is important for myriad reasons.  You may be dealing with sensitive, personal data.  You may be working on a project that involves intellectual property or classified information.  If a college professor, your students may have an interest in accessing your computer somehow.

As noted, the reasons are myriad.  Sometimes, not using encryption software can have serious consequences.

U of Minnesota Laptop Stolen

According to databreaches.net, a law professor’s laptop was stolen.  The laptop theft affected approximately 300 people:

A prominent juvenile justice scholar was collecting data from closed case records for a study on law enforcement interrogation techniques when the laptop, a scanner and external hard drive were taken last February. [twincities.com]

You read that right.  Last February.  As in February 2013.  Letters alerting the affected of the data breach went out earlier this month.  Why did it take so long?  The list of people to contact had to be recreated from the original data source.

(As an aside, this is why data security laws usually require that periodic data backups be made.  For example, HIPAA requires that breach notifications be sent within 60 calendar days of becoming aware of the data breach.  This is only possible if you have a backup you can analyze.  It’s nearly impossible otherwise).

The information was quite sensitive:

The records stem from 2005 criminal cases involving murder, rape and aggravated robbery in the state’s two most populous counties. Much of the data was previously considered public, but some would have been kept private if Feld hadn’t obtained special access for his study. He said his research assistants were six weeks into scanning records from archived files when the theft occurred. They hadn’t begun analyzing the data, which complicated efforts to determine the scope of the breach. [twincities.com]

Why Not Use Encryption?

This is what I don’t understand.  Why was encryption not used?  The information was obviously sensitive.  Plus, as a legal scholar, the professor must have known about data breach laws and ethics involving the disclosure of such information.  And, yet, here we are.

My personal guess is that the professor and other researchers felt pretty secure in their environment.  I never did understand that attitude; my own college and grad school experience plainly showed me that academic buildings are not exactly Fort Knox.

It doesn’t matter in what kind of environment you’re working (unless that environment was specifically designed for security).  If you have any sensitive data on a laptop, chances are that you will need to encrypt it.

Related Articles and Sites:

Comments (0)

Let us know what you think