Home page logo
/

educause logo Educause Security Discussion mailing list archives

Re: email as directory info
From: "Joel L. Rosenblatt" <joel () COLUMBIA EDU>
Date: Wed, 5 Jun 2013 11:42:06 -0400

We have both public and behind a login - you can get a limited number
of lookup responses without logging in, but if you want to browse the
directory, you need to login first.

We have had enterprising students use their login credentials to mine
(and sell) copies of our directory to spammers, so putting it behind a
portal does not fix the problem, it only slows it down.

My 2 cents
Joel

Joel Rosenblatt, Director Network & Computer Security
Columbia Information Security Office (CISO)
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
http://www.columbia.edu/~joel
Public PGP key
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x90BD740BCC7326C3


On Wed, Jun 5, 2013 at 11:02 AM, Rosenthal, Jane E. <jer () ku edu> wrote:
Hello all,

I’ve seen other U’s that have the email directory behind the portal
log-in—still allows for collaboration, but is not “public” or open to the
world.  I would love to see this model here—just cuts down on external
crawling of our site and protects the users.



We have 2 things at KU—one a student may choose to restrict their email
address from showing up in the public/online directory if they do that in
the privacy settings.



Second, at KU we have email as directory info, however, our policy states
that email in bulk is not released due to privacy issues.

Further, our state Open Records/Sunshine laws allows us to not provide bulk
listings e.g. name + email of all students if the requesting party is asking
for the listing for purposes of selling goods or property to the list.  So
you might check your state Sunshine Laws if you are a public and see if
there may be an exception to disclosure of this type of info.



Just a couple thoughts.  Has anyone with the information “behind the portal”
experienced issues?



Rock Chalk~



Everyday is a Data Privacy Day

Respect Privacy | Safeguard Data | Enable Trust

@beseKUre





Jane Rosenthal

Director | Privacy Office

Custodian of Public Records

785.864.9528 | Fax 785.864.4463

jer () ku edu | www.privacy.ku.edu





Please consider this as a KU business communication and handle according to
policy.  Please consider the environment before printing this note.

Thank you






  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault