Re: Second laptop with student data was stolen

[Chris Walsh <cwalsh () cwalsh org>]

On Fri, Oct 20, 2006 at 07:07:16AM -0400, Dissent wrote:
> University of Minnesota officials confirmed Thursday a second theft of
> a laptop computer this summer that contained private student data.
>
> The incident involved a U art department laptop holding about 200
> student names, university IDs and grades but no Social Security
> numbers. It was stolen from a faculty member in June during a trip to
> Spain.
>
> There's no indication the data have been misused, though the loss was
> considered a security breach under Minnesota law.

The law in MN seems typical:

        For the purposeses of this section, "personal information" 
        means an individual's first name or first initial and last name 
        in combination with any one or more of the following data 
        elements, when either the name or the data elements is not 
        encrypted: 
           (1) Social Security number; 
           (2) driver's license number or Minnesota identification 
        card number; or 
           (3) account number or credit or debit card number, in 
        combination with any required security code, access code, or 
        password that would permit access to an individual's financial 
        account. 

I don't see how disclosure of this breach falls under this law.  Of course,
it's fine if they want to go above and beyond.  I'm just reacting to the
"loss was considered a breach" sentence.
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss
Tracking more than 137 million compromised records in 430 incidents over 6 years.