TechTalk: Your computer: An electronic safe deposit box (05-04-95)

UpDate - Vol. 14, No. 30, Page 10
May 4, 1995
TechTalk
Your computer: An electronic safe deposit box

The scenario:
     Jane answers her office phone one afternoon to find her neighbor,
Claire, on the line. After chatting for a minute about a barbecue both
of their families plan to attend, Claire asks a favor:
     "Oh, Jane. Remember I told you that John has applied to the
honors programs at Delaware and at Penn State. The admissions office
at Penn State says he stands a good chance of getting in there. But, I
was wondering, is there any way you can check to see if he's going to
get in at Delaware?"
     Jane says she'll see what she can do. After she hangs up, she
tries to think who could help. She remembers that Craig, one of the
people in her fitness class, sometimes mentions funny things he sees
in applicant files.
     She calls him and asks if he can check on John's application.
     "No problem!," says Craig. Jane hears him typing on the keyboard,
then hears him mutter, "Verbal 665, Math 688, let's find the GPA. At,
3.83." Then, Craig speaks up loudly: "With a GPA over 3.8 and a
combined SAT of over 1350, he's probably a shoo-in. But you didn't
hear it from me!"
     Jane thanks him, then calls Claire back with the news.
     At the barbecue that weekend, Jane greets Claire, and her husband
Chuck, effusively, "You must be so proud of John's SAT scores!"
     Chuck looks puzzled and asks how Jane heard about his son's test
scores. Jane regales him with the story, thinking that he will be
pleased that she was able to find a way to ferret out this "oh-so-
secret" information.
     "You realize that what you and this guy Craig did is actionable,"
Chuck says. After a moment's silence he blusters, "I could sue the
University over this!"
     Jane blanches and stammers. Fortunately, Chuck is willing to
forget the matter and no harm is done.

What you should know:

* Protecting the confidentiality of data is an implicit part of every
  University employee's job. In this story, Jane and Craig violated
  the Federal Family Educational Rights and Privacy Act. Chuck was
  right to be angry. If you have access to confidential data, you must
  respect the confidentiality of that information. Jane should have
  refused her friend's request. And, Craig certainly should have.

* The University has an "open" network in many ways. However, it is
  imperative that every employee recognize and respect the
  confidential nature of much University information.

* Think of your computer, not so much as an electronic filing cabinet,
  but as an electronic safe deposit box. Take great pains to ensure
  the safety and confidentiality of the information entrusted to your
  care.