Saturday, April 7, 2007
Possible Security Breach ot UCSF
Last week, UCSF (University of California, San Francisco) issued a statement that there had been a possible compromise in the security of a computer server, and about 46,000 records may have been accessed by an unauthorized party. This event, while not unusual in and of itself (about 150 million records have been exposed in breaches in the last two years, according to this list from the Privacy Rights Clearinghouse) raises an interesting question about the effectiveness of current models of data breach and information security legislation. California has one of the toughest, if not the toughest, security breach notification laws in the country, SB 1386, yet that state's own public university system is still plagued by data security problems. While this doesn't mean that California's law (and others which use it as a model) should be scrapped, it does mean that people trying to design legislation to protect individual information should be constantly looking for new ideas, as the strategies currently being used clearly have room for improvement.