Educause Security Discussion
mailing list archives
Re: email as directory info
From: "Joel L. Rosenblatt" <joel () COLUMBIA EDU>
Date: Wed, 5 Jun 2013 11:42:06 -0400
We have both public and behind a login - you can get a limited number
of lookup responses without logging in, but if you want to browse the
directory, you need to login first.
We have had enterprising students use their login credentials to mine
(and sell) copies of our directory to spammers, so putting it behind a
portal does not fix the problem, it only slows it down.
My 2 cents
Joel Rosenblatt, Director Network & Computer Security
Columbia Information Security Office (CISO)
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
Public PGP key
On Wed, Jun 5, 2013 at 11:02 AM, Rosenthal, Jane E. <jer () ku edu> wrote:
I’ve seen other U’s that have the email directory behind the portal
log-in—still allows for collaboration, but is not “public” or open to the
world. I would love to see this model here—just cuts down on external
crawling of our site and protects the users.
We have 2 things at KU—one a student may choose to restrict their email
address from showing up in the public/online directory if they do that in
the privacy settings.
Second, at KU we have email as directory info, however, our policy states
that email in bulk is not released due to privacy issues.
Further, our state Open Records/Sunshine laws allows us to not provide bulk
listings e.g. name + email of all students if the requesting party is asking
for the listing for purposes of selling goods or property to the list. So
you might check your state Sunshine Laws if you are a public and see if
there may be an exception to disclosure of this type of info.
Just a couple thoughts. Has anyone with the information “behind the portal”
Everyday is a Data Privacy Day
Respect Privacy | Safeguard Data | Enable Trust
Director | Privacy Office
Custodian of Public Records
785.864.9528 | Fax 785.864.4463
jer () ku edu | www.privacy.ku.edu
Please consider this as a KU business communication and handle according to
policy. Please consider the environment before printing this note.