Privacy and Consumer Information at Risk in Schools

Madison, WI (PRWEB) November 11, 2008

A new study by J. Campana & Associates reveals that U.S. school-related data breaches account for nearly one-third of all the data breaches reported. The Education Sector, which comprises as little as 0.6% of the total number of U.S. entities, reported a disproportionate number of breaches. Over 1,000 data breach incidents that were logged by the Privacy Rights Clearinghouse during the period January 2005 through October 2008 were considered in the study.

Dr. Joseph Campana discussed the findings at a workshop on privacy and information security last weekend at the annual meeting of the Association of School Board Officials International in Denver, Colorado.

The data breach incidents reported by the Education Sector account for more than 12.4 million student and other consumer profiles that were either lost or stolen, or inappropriately accessed, exposed or disposed. Consumers whose profiles have been compromised can be at increased risk of having their right to privacy abused or of becoming a victim of identity theft. The profiles compromised by the Education Sector amount to as much as 25% of all consumer profiles that have been compromised by all enterprises in "average" information security breaches according to the study (http://www.jcampana.com/htdocs/publications-and-press/white-papers).

Postsecondary schools--colleges and universities, account for 79% of the breach incidents reported by the Education Sector. These correspond to 78% of the consumer profiles compromised by the Education Sector. In contrast, K-12 schools account for 15% of the Education Sector breach incidents, however, they only correspond to 2% of the consumer profiles compromised by the sector. Census data indicate that K-12 schools outnumber postsecondary schools by more than 20:1, suggesting that K-12 schools should have logged more data breach incidents relative to postsecondary schools. K-12 schools also reported the largest percentage of breaches (30%) where the number of profiles compromised in the breach was characterized as "unknown" because they could not be quantified.

Dr. Campana says, "The analysis suggests that K-12 schools could improve how their information assets are inventoried, managed and maintained. The disparities in the statistics suggest K-12 schools may not be recognizing or reporting data breaches when they occur. State-operated postsecondary institutions may be more attentive in reporting breaches because they are more keenly aware of state breach notification laws through their direct state affiliation as well as other state and federal laws concerning identity theft, privacy, and information security, compared to locally-operated K-12 schools."

Of the breaches reported by the Education Sector, at least 24% were attributed to hacking into information systems. Many others attributed the breach to "unauthorized access," which may include an intrusion by a hacker as well as unauthorized access by an insider or student. Over a third (35%) of the breach incidents were attributed to lost, stolen or missing computers, electronic storage devices, magnetic tapes, microfiche and paper files. Incidences involving computer-related systems and devices accounted for 32% while breaches involving stolen or missing laptop computers accounted for 15% of the total.

For additional information about the Education Sector Data Breach Study, contact Dr. Joe Campana or visit http://www.AskDrPrivacy.com.

About J. Campana and Associates LLC and Joseph Campana:
J. Campana & Associates LLC (http://www.JCampana.com) is an identity theft, privacy and information security consulting firm that specializes in compliance and risk management solutions. Dr. Campana is a certified information privacy professional for both corporate and government operations, and he is a certified identity theft risk management specialist. He is the author of a new book, Privacy MakeOver: The Essential Guide to Best Practices (http://www.privacymakeover.com).

###