Pages

Wednesday, February 22, 2006

IT security system failure may have privacy implications

Canterbury University in New Zealand suffered a major security failure on its student website over the week end, with the possible result that student ID, medical conditions, emergency contact details and outstanding payments could have been accessed and changed by anyone with a university computer user code and password.

The University’s Director of IT said that there was no evidence of a hacker and that the problem may have been caused by heavy traffic during enrolments last week.

The incident raised the possibility of a breach of privacy legislation on the grounds of failure to ensure that reasonable security safeguards were in place to protect sensitive information.

The NZ Privacy Commissioner said that while it was convenient for people to access information about themselves, they needed to know that the system was secure.

Thanks to David Fraser's Canadian privacy blog for the lead.

No comments:

Post a Comment