Kolowich, S. (2011) Security hacks Inside Higher Education, January 27
This should be required reading for every research academic who collects data, for every CIO, and for every university board, which ultimately has responsibility for governance.
This article, about a medical researcher who was fired for a breach of data security at the University of North Carolina at Chapel Hill, is a classic case of why every institution needs to have an IT security protocol in place that is communicated and understood by all academics.
In this particular case, there are no winners, not the patients whose personal information was compromised, the professor who did not pay sufficient attention to the technical aspects of data security, the CIO, who should have ensured that there was a system in place for effectively tracking and monitoring the security of data, and for the board, who are ultimately responsible for ensuring that there is a coherent and effective governance structure. This is, as one of many interesting comments on the article put it, a complete system failure. But there for the grace of God go most universities.