Data breaches: An unnecessary expense
I received a letter from my alma mater a few weeks ago, not asking for more money this time but informing me of the theft of a laptop PC that contains information about donors, including me. The files did not include the kind of personally identifiable information or account data that would have triggered a mandatory notification, I was told, but the school was taking no chances and were letting me know anyway.
I appreciate the institution's caution, but I can't help wondering why the information was sitting on an unattended laptop if it was even a little sensitive. In the first place, that was just plain careless. In the second place, what was the school using that information for?
Organizations soliciting donations often prefer that you contribute with a credit card rather than writing a check, and this incident makes me hesitant about entrusting the school with credit card information. I'm not too sure about letting it see my checking account information, either. In fact, this incident could lead me to rethink donations of any kind.
At a time when schools are increasingly strapped for money, this could prove to be one expensive laptop.
William Jackson is a senior writer of GCN and the author of the CyberEye blog.