Friday, February 23, 2018

PA: Dropping the Data Ball

This email was waiting for me when I arrived this morning, forwarded to all of the staff by our superintendent.

From: ED, Secretary of Ed Res Acct [] 
Sent: Thursday, February 22, 2018 7:03 PM
Cc: ED, Deputy Secretary Admin
Subject: Important notification regarding TIMS
Importance: High
The incident occurred between 12:00 and 12:30 PM on Thursday, February 22. The exposure was the result of human error by an employee in the Office of Administration (OA); no hacking occurred. Upon discovery of the security incident, TIMS was taken offline immediately, and remains unavailable. PDE and OA are currently investigating the scope of the potential compromise.
In the coming days, PDE and OA will notify in writing the individuals who were potentially impacted, and will provide information about free credit monitoring services. PDE and OA will review their internal procedures to prevent similar mishaps in the future and sincerely apologize to anyone impacted. 
Additional information will be forthcoming. Immediate concerns can be directed to Deputy Secretary Debbie Reeves
Pedro A. Rivera II | Secretary of Education
Department of Education | Executive Office 
333 Market Street | Harrisburg PA 17126
Twitter: @PADeptofEd
TIMS stores basically every piece of important personal information there is to know about PA teachers, so the breach of security is a big deal. We'll have to wait and see what actually happened and how much trouble has been caused, but let this serve as the sixty-gazzilionth reminder that collecting a whole bunch of critical data and storing it in one digital bucket is an invitation for all sorts of disaster.

Put another way, when someone who wants to collect All the Data tells you that their plan is nothing more than "We'll just guard it real good so nothing bad will ever happen," that is not a realistic, viable or believable plan. Require them to do better, or don't let them have the data.

No comments:

Post a Comment