Blast from the Past — the UCLA Data Breach

December 15th, 2006

TRUSTe just completed a survey of consumers on security breach notice and we’ll soon be releasing some data on how residents of states with breach notice requirements fared versus residents of states without breach notice requirements. Lucky for California’s stats we conducted the survey prior to the UCLA data breach. I received my first breach notice yesterday, not from my bank or credit card company, I had applied to a UCLA program in 1997.
I’ve been reading through Kim Cameron’s whitepapers on digital identity, namely the 7 Laws of Identity which I think sums up nicely what was broken at UCLA, “We should build systems that employ identifying information on the basis that a breach is always possible. Such a breach represents a risk. To mitigate risk, it is best to acquire information only on a “need to know” basis, and to retain it only on a “need to retain” basis. By following these practices, we can ensure the least possible damage in the event of a breach.”

Entry Filed under: All, In the News, Privacy 365