The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.

Search this blog

Recent Posts

On Twitter

About this page and the author

The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.

For full contact information and a brief bio, please see David's profile.

Please note that I am only able to provide legal advice to clients. I am not able to provide free legal advice. Any unsolicited information sent to David Fraser cannot be considered to be solicitor-client privileged.

David Fraser's Facebook profile

Privacy Calendar

Archives

Links

Subscribe with Bloglines

RSS Atom Feed

RSS FEED for this site

Subscribe to this Blog as a Yahoo! Group/Mailing List
Powered by groups.yahoo.com

Subscribe with Bloglines
Add to Technorati Favorites!

Blogs I Follow

Small Print

The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.

This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.

Thursday, November 03, 2005

Incident: Privacy breach at University of Tennessee 

Yet another privacy incident, this time from University of Tennessee:

University notifies staff, students of security breach:

"Approximately 1,900 students have been contacted by the University of Tennessee regarding a Web site that accidentally posted their social security numbers online from April 2004 to early October of this year, and all others affected will be notified by early next week.

“There is absolutely no evidence that anything malicious happened to the social security numbers,” said Brice Bible, assistant vice president and acting chief information officer for OIT. “However, we felt it was the right thing to do to inform students that something could happen, and they should feel completely confident that the university is protecting them.”

A mistaken configuration of archives of the main system allowed the records to be seen publicly rather than kept private, but Bible said that the university as well as OIT has done everything possible to ensure the privacy and safety of the students.

“Students need to be assured that the university — from the chancellor to every member of the staff — takes the protection of students very, very seriously,” he said.

The majority of the identification numbers belonged to students, however, a small amount included university employees, and according to a statement, UT is currently taking steps to perfect Web security and access to student information.

Karen Collins, director of media relations, also emphasized the security measures taken by the university to protect students and their personal information.

“UT has gone above and beyond to make sure all records are kept private, and managed in that matter. Very aggressive steps have been taken to monitor any hacking, as well as to ensure that the Web site was taken down immediately,” Collins said. “We have worked very hard to quickly notify anyone who’s data was misused.”

Collins added that the social security numbers were not posted on a main or department Web page, but on an archive page of one of 800 list-servers.

Bible also would like students to know that many actions have been taken to ensure that a similar incident does not reoccur, and no other identifying information of each student was released.

Any other information concerning issues such as credit fraud, identify theft and credit is available at http://security.utk.edu."

Labels:

Links to this post:

Create a Link

This page is powered by Blogger. Isn't yours? Creative Commons License
The Canadian Privacy Law Blog is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License. lawyer blogs