No Longer Needed? Delete it!

Another day, another breach…

There are several breaches involving Universities in the news this week.  The largest one claiming all the headlines at the moment is involving the University of Maryland.  However, I thought an important lesson can be learned from a smaller Texas college breach.

The details regarding how this breach occurred are relatively scarce.  However, the files containing student records were created in 2006 and 2008.  The creation date brings to the fore a simple action that could have significantly reduced the impact of this breach.  Delete files that no longer need to be retained!  I don’t have insight into whether or not these particular files were still required for any reason, but the point is well illustrated, isn’t it?

All too often files with sensitive information are created for a specific purpose and long after that purpose is fulfilled, the files are kept.  Of course, regulatory requirements sometimes require that we hold on to data for a specified period of time, but more often than not it is not necessary to keep that information in several formats indefinitely.

If it’s no longer needed, delete it! (or in the very least, archive it)

Texas College Server Breached (SC Magazine)

TSTC:  Unauthorized Server Access

 

7 thoughts on “No Longer Needed? Delete it!

  1. NYS does have a Records Retention and Disposition Schedule MU-1 (http://www.archives.nysed.gov/a/records/mr_pub_mu1.shtml)
    but I am not sure about other states. I know in NY, many records are required by law to be retained for 1, 6, 7 years or indefinitely depending on their content. Additionally, there is a movement toward electronic archives; scanning in hard copies, and shredding the paperwork. Saves on physical storage space and makes it easier to search and access items. So if these hackers find ways to get into archived material, we will all be in trouble!

    • Yes, that is very true. Thank you for sharing the link. Anyone who works for a government entity should view official records retention requirements as regulations and take them into account when determining what can be permanently purged (permanently deleted) vs. archived and taken offline.

  2. Hans Wilsdorf, Rolex non solo è salito più in alto in termini di progresso tecnologico, ma ha anche superato più ostacoli fisici. Dal Rolex Deepsea che si tuffa nelle profondità della Fossa delle Marianne, tag heuer replica al Rolex Explorer che scala la rara atmosfera dell’Everest, al Rolex GMT-Master che sbarca sulla luna: gli orologi Rolex sono ovunque.

Leave a Reply

Your email address will not be published. Required fields are marked *