July 2016 – InfoHive – Data Security

Data Security. Higher Education Trend.

“Albany Law School is launching the nation’s first online master’s program aimed at the legal studies of cybersecurity and data privacy.”

Case Study: Target. Target’s Securities & Exchange Commission filings show:

Case Study: Anthem Insurance. Anthem’s SEC filings show it cannot estimate the cost of its data breach because:

In additional to actual costs, there are soft costs to a data breach such as:

Which regulatory leader wants comprehensive data security laws? The FTC Chairwoman Edith Ramirez

Why the push for data security laws?

Hacks aren’t going away
Laws need to address how entities gather, save and disseminate personal information

Top business sector for data breach complaints: Finance

Have data security laws led to more enforcement actions?

What benefit of data security laws is highlighted? breach notification to impacted customers

The state: New York

The NY State Agency: New York Comptroller

The School District: Avon School District

The Avon School District’s data security failings:

not adopting policies for managing passwords
not backing up data
not protecting its employees’ and students’ personal, private and sensitive information
making the school district more vulnerable to data breach
providing too many employees access to financial information of the school district
for failing to implment the…

Which state added curriculum changes in its student data protection laws? Delaware

What changes ere made to public school curriculum? data security training

Why train teachers and students on data security? because human error is the largest driver of data breaches

Bonjour to Canada’s Privacy Commission who oversees the data privacy of Canadians.

The Privacy Commissioner recommended these changes to national data security laws for 2016:

Data security breach reporting should include:

The company’s name;
Contact information for someone who can answer questions on the company’s behalf;
Description of the breach, including:
- The estimated number of users affected;
- The personal information leaked;
- The date of the breach, if known, or an…

Which state passed student data protection bills in 2016? Colorado

What does the new legislation cover?

the gathering of student data
- requires notice & consent
the storage of student data
- limits on the length of storage
require all contractors to maintain comprehensive information security programs
- limits contractors from sharing information unless there is express consent
no target advertising
no building student profiles

Colorado joins 35 states that have passed student data protection laws in the last 2 years.

Connecticut passed student data privacy legislation in 2016.

A group of mothers who started the push for student data privacy reform are touting its benefits:

Restricting student information use by contractors providing educational software and electronic storage of student records and by operators of websites, online services, or mobile applications (i.e., apps).
Clarifying ownership student data collected for school purposes is not owned by any of these third-party…