Addressing Data Breaches in Academia
Posted by Marc Lee - Director of EMEA Sales on Tue, Aug 16, 2011
The Hampshire school data security breach clearly demonstrates the significant damage that flaws in simple internal identity and access control practices can cause. With UK data breach costs rising to £71 per record and ICO’s fines starting from £500,000, security incidents can have dramatic financial impact on organisations’ bottom line.
While there’s been a great deal of focus on the shortcomings with the NHS, this incident does remind us of how other public services need to review the access risks related to data records that are equally sensitive. While head teachers, teachers and other staff are under huge pressure to achieve educational targets, there is no excuse for taking short cuts on data protection as this recent ICO incident illustrates.
To ensure highest standards of data protection are met, schools need to adopt effective internal security policies which enable strict control of access to security sensitive information. Furthermore, organisations need to have a clear assessment of where the greatest risks lie and understand the security issues involved. This will allow them to implement more effective information management practices and control who is accessing critical information, how and why.
There is no excuse for organisations not to implement internal access control policies as solutions for securely managing application access are available and proven to work. With students and staff constantly changing roles and associated access requirements, schools need to adopt automated solutions that streamline the creation, modification and disabling of passwords and access rights for everyone involved.