File this under the category of “Oooops, just like every other company or organization tasked with ensuring the privacy and security of our financial or health records, we screwed up!”
Of course, this wasn’t a failure of the technology (as it rarely is). This was a failure of understanding where the file transfers were going to and not removing files that were supposed to be put some place just temporarily. Basically, laziness by the practitioner, and sloppy oversight by the IT department.
The lesson here is simple — no matter what kinds of controls, checks and balances you build into your network, there’s always going to be the human factor that you will have a lot of difficulty designing for. User case scenarios, of course, help in determining what these factors are, but I know that outside of the software and Web design world, few folks know of them or understand their value.
A school psychologist’s records detailing students’ confidential information and personal struggles were accidentally posted to the school system’s Web site and were publicly available for at least four months.
A reporter for The Salem News discovered the records last week and alerted school officials, the newspaper said in a story Friday.
To protect students’ privacy, the newspaper said it withheld publishing the story until the documents were removed from the Internet, which occurred Wednesday.