Data lapses are far from just a college problem, Siegel writes

Data breaches are serious, but higher education does a better job in this area than many people think, writes Pete Siegel in a commentary in the January/February Educause Review. The reason? Compared to commerce and other sectors, colleges and universities are more likely to disclose breaches--not to experience them.

Siegel, chief information officer for UC Davis and vice provost for Information and Educational Technology, notes that 25 percent of all data breaches reported in 2007 came from colleges or universities. But of the total amount of records compromised during the first two-thirds of 2007, less than 2 percent came from institutions of higher education.

"Don't get me wrong: nearly 900,000 exposed records are too many, and data security must receive more attention at colleges and universities," he writes. "(But) data compromises are not concentrated in colleges and universities; they are a national problem that affects all sectors of the economy."

Siegel calls his essay "Data Breaches in Higher Education: From Concern to Action." In it, he discusses other aspects of the problem and calls for more progress, while praising "the philosophy of openness and sharing of effective practices that has allowed smaller institutions and those with fewer resources to work with and learn from larger institutions, making everybody safer."

At UC Davis, the campus security program uses a model that encompasses policy, standards and practices to prevent breaches, assure security, detect incidents, and investigate and recover from any that happen, said IT Security Coordinator Bob Ono. "These four elements are essential to an effective security program," he said, "whether for higher education institutions or commercial organizations ."

Educause, a nonprofit, works to advance higher education by promoting the intelligent use of information technology. Its bimonthly magazine Educause Review, which distributes 21,000 printed copies, tracks developments in information technology and how they affect higher education and society. Its target market includes faculty, librarians, and top academic and corporate administrators.

Siegel co-chairs the Educause/Internet2 Computer and Network Security Task Force. Contact him at vpiet-info@ucdavis.edu.