[purephase]

Having worked in higher ed for 10 years, some of which was wrestling with data security, it is not at all surprising the vectors that appear here.

We would spend days crafting policy, designing/implementing security at perimeter and core for business systems to prevent these types of leaks.

We believed we were largely successful. Until we realized that some professor had developed a screen scraping application that would spit out CSVs of student enrolment data (including personal data) and ship it to whomever he liked (alumni, student unions etc.). Once certain departments got a hold of the data, others felt obligated to it and a quazi-underground data distribution system was in place.

We tried to explain, coerce and beg. We used HR, unions to effect policy that they helped create to shutdown these systems, stop the professor (and his copycats) all to little or no success.

It is not mistake that I left soon after. Such amazing, but ineffectual institutions. It doesn't matter how many of these leaks occur, no accountability means no changes. Might plug these holes, only to have 3 more popup by the end of the year.