I just finished watching the evening news like I do every night before I go to bed. I was appalled at the most recent identity theft issue that has plagued the great city in which I reside. It appears that the local campus of Colorado University has had one of the professor’s laptops stolen (I believe from his home). I know that the information on this laptop is vital to the students, the school and the professor. The news did a great job of explaining the events and talking to the school to find out if there were any cases yet of identity theft and fortunately, up to this point, none of the student’s information has been used illegally. The data that was taken included student data from as long ago as 2003 (if I heard correctly) and some did include social security numbers. In my opinion, there needs to be a level of investigation into why this loss/theft of data has happened. This should be made public…just as public as these students’ identities could potentionally be. If the school were to have to declare this information publicly then maybe others would take notice and fix the issues so this does not happen again.
The following questions I believe need to be answered publicly:
- I believe we have the right to know why the heck a professor needs to have a student’s social security number?
- What was the professor doing with the social security numbers that impacts those students?
- Who made the decision that the Professor could see this information?
- Where were the people that are responsible for keeping this data safe?
Many parents in a few months will have their children head into that school; many adults may head back into those rooms. How do they know that a number that will stick with them for life is going to be kept safe when the school has access to that information? How am I, a parent of a soon to be college student, going to explain to my son that the place he expects to learn his skills that are to stay with him for the rest of his life are letting Professors not only view his SSN, but take it home on a laptop?
I am disgusted; do they not have a DBA there? Did no one think that this information should be protected? I think it is time that we form an alliance of DBA’s that will swear an oath, this of course is a draft version but shouldn’t we be doing something like this?
I <insert your name here>, a DBA that could potentionally have access to data that could harm others and have access to data that could ruin lives, swear that I will protect that data as if it were my own. My responsibilities leave me in a state where I may have to tell my employer that they are not protecting their customers, and my responsibilities do not end after the database has been backed up. I will never use the data that I am responsible for, for my own gain, I will pressure anyone that has bad practices to correct their ways. I will not let my guard down for criminals to take advantage of my systems.
Sure the oath needs some work. I am debating bringing up a web site and seeing if I can rally DBA’s to take this oath and to move forward with being the professionals that we are. If you agree with me that it is time to make a change please comment on my blog or send me your e-mail address. This needs to stop, and it needs to stop now, and it needs to start with us…the Database Professionals.