SUUVA / CWA » Articles

Home \| About \| Articles \| Resources \| Photos \| Contact	Getting Started with SUUVA
WELCOME FACULTY! BECOME A UNION MEMBER! SUUVA/CWA IS NOW INVITING FACULTY TO SHOW SUPPORT FOR CLASSIFIED STAFF BY SIGNING A MEMBERSHIP CARD OR JOINING ONLINE. THERE IS STRENGTH IN NUMBERS. HELP GIVE STAFF A VOICE!

LAPTOP WOES PREVENTABLE-THE DAILY PROGRESS, MAY 6, 2008

Posted: Wednesday May 7, 2008

Laptop Woes Preventable

By Anita Shelburne

Published: May 6, 2008

It’s one of the most basic of rules: Don’t leave valuables in your automobile in plain sight.
It takes just a moment for a thief to commit a smash-and-grab, breaking the car window and absconding with your stuff.
Taking your valuables out of the car, or at least locking them in your trunk (unseen by onlookers), is a lesson right out of Basic Safety 101.

But when those valuables are extra-important — when, in fact, they belong not to you but to someone else — the significance of safety multiplies. Now we’re talking a higher level of security.
A University of Virginia employee broke that basic rule when he left his wallet and a computer in the seat of his car on the evening of April 3. And sure enough, a thief broke the window and grabbed them. Unfortunately, the computer wasn’t his to risk.
Nor were the 7,000 names and Social Security numbers stored in its memory.
That sensitive information is now out there somewhere on a purloined computer.

Police say there is no indication that the information has been used in identity theft. In fact, the thief may not even realize what he has — or had, if he’s sold the computer. Police have tried to keep it that way by not releasing much information about the theft so the thief won’t recognize himself.

The university, meanwhile, waited about 10 days before notifying those whose data were affected, while it compiled a mailing list of the affected students, faculty and staff and while it conferred with police on the best way to deal with the aftermath. “There is no industry standard” for how quickly persons should be notified that their personal information has been stolen, said UVa spokeswoman Carol Wood.

But had the thief figured out the real value of what he possessed, he would have had 10 days to mine the information, set up false accounts and develop plans to elude police — with victims none the wiser.

Some UVa faculty and staff are understandably unhappy with the way UVa handled not only the notification process but, more fundamentally, the basic issue of security.
“I hear lots of talk about how they’re going to protect my data, but very little about how they are protecting my data,” said Michael Kidd, a member and organizer of the staff union at UVa.
UVa policy requires sensitive material to stay on Grounds, unless special permission is granted for removal, and requires encryption of date in such cases.

But policing employees to ensure they follow policy is not all that simple. How to ensure that thousands of employees follow proper protocol?
The university says the employee in this case has been disciplined.

Indeed, the danger of leaving a vulnerable computer in the car as easy pickings for a thief is a danger that should be obvious, with or without university policy.

There already have been plenty of high-profile cases of laptops containing sensitive information having been lost or stolen. UVa personnel should not have been ignorant of these incidents. They should have profited by the sad example of others’ mistakes.
Unfortunately, in this case even the most basic of precautions was ignored, and the laptop carrier was victimized by a thief. And 7,000 innocent people were transformed into potential victims as well.