I got an A in Science, and a bad FICO score.

Posted: July 28, 2009 in Uncategorized

I just finished watching the evening news like I do every night before I go to bed. I was appalled at the most recent identity theft issue that has plagued the great city in which I reside. It appears that the local campus of Colorado University has had one of the professor’s laptops stolen (I believe from his home). I know that the information on this laptop is vital to the students, the school and the professor. The news did a great job of explaining the events and talking to the school to find out if there were any cases yet of identity theft and fortunately, up to this point, none of the student’s information has been used illegally. The data that was taken included student data from as long ago as 2003 (if I heard correctly) and some did include social security numbers. In my opinion, there needs to be a level of investigation into why this loss/theft of data has happened. This should be made public…just as public as these students’ identities could potentionally be. If the school were to have to declare this information publicly then maybe others would take notice and fix the issues so this does not happen again.

The following questions I believe need to be answered publicly:

  • I believe we have the right to know why the heck a professor needs to have a student’s social security number?
  • What was the professor doing with the social security numbers that impacts those students?
  • Who made the decision that the Professor could see this information?
  • Where were the people that are responsible for keeping this data safe?

Many parents in a few months will have their children head into that school; many adults may head back into those rooms. How do they know that a number that will stick with them for life is going to be kept safe when the school has access to that information? How am I, a parent of a soon to be college student, going to explain to my son that the place he expects to learn his skills that are to stay with him for the rest of his life are letting Professors not only view his SSN, but take it home on a laptop?

I am disgusted; do they not have a DBA there? Did no one think that this information should be protected? I think it is time that we form an alliance of DBA’s that will swear an oath, this of course is a draft version but shouldn’t we be doing something like this?

I <insert your name here>, a DBA that could potentionally have access to data that could harm others and have access to data that could ruin lives, swear that I will protect that data as if it were my own. My responsibilities leave me in a state where I may have to tell my employer that they are not protecting their customers, and my responsibilities do not end after the database has been backed up. I will never use the data that I am responsible for, for my own gain, I will pressure anyone that has bad practices to correct their ways. I will not let my guard down for criminals to take advantage of my systems.

Sure the oath needs some work. I am debating bringing up a web site and seeing if I can rally DBA’s to take this oath and to move forward with being the professionals that we are. If you agree with me that it is time to make a change please comment on my blog or send me your e-mail address. This needs to stop, and it needs to stop now, and it needs to start with us…the Database Professionals.

  1. Andrew Fryer says:

    It’s even worse in the UK and is practically routine now, despite stronger european data proetction laws. The dba doesn’t know about this kind of problem because information workers have the privileges to do data extracts by themselves into the inevitable excel. These guys are usually quite senior and they simply out rank the lowly IT guys. So the alternatives ot the dba are wash your hands of it and appy to work somewhere where you are listened to and /or do a bit of whistle blowing when you uncover ths stuff.

  2. Chris,

    I find that interesting since major Universities like the University of Florida transitioned to Student Id’s separating the use of SSN’s from student records years ago like 2004, when I was a student there. If SSN’s were required in student data, that shows a failure on the part of the University in my opinion.

  3. Jack Corbett says:

    The oath you mention reminded me of an editorial ON SQLSeverCentral by Brad McGehee, http://www.sqlservercentral.com/articles/Editorial/65759/, discussing a Code of Ethics for DBA’s.

    Steve Jones has also editorialized about this and perhaps bonding for DBA’s.

    All this to say that I agree with you and that I think there are many database professionals out there that have the same belief/conviction. I would say that starting a web site would be a good start, especially since data professionals could link to it. You can’t regulate responsibility, but you can set a standard so people unserstand their responsibility.

    • chrisshaw says:

      Thanks for the note, I may even consider doing such a thing. I believe there are a number of people that would want to see this, or at least I would hope so.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s