Securing data will be costly, UH says

Gene Park reports:

The University of Hawaii says it needs $1.9 million to tighten its Web security and lessen the chance of future data breaches of individual privacy.

In addition, the 10-campus system would need about $764,000 a year to maintain and operate the upgraded system, said David Lassner, the university’s vice president for information technology.

“Information technology at UH is highly decentralized,” Lassner said yesterday at a state Senate informational hearing at the Capitol, “because as an academic institution, we have lots of people generating information, disseminating it, and over 600 Web servers throughout the UH system.”

The hearing was held in response to three data breaches in the UH system last year. A report by national watchdog group Liberty Coalition said UH was responsible for 54 percent of all data breaches in Hawaii since 2005, compromising 259,000 records.

Read more on the Star Advertiser.

Given that a single breach can reportedly cost $2 million in legal costs alone, it’s a better use of the money to invest in security.  That said, there are other costly measures that the Hawaii legislature is considering based on Liberty Coalition’s analysis and recommendations.  Having read their report and concluded that it seriously overestimates the number of ID theft victims in Hawaii and that most ID theft cases in Hawaii cannot be clearly attributed to breaches involving either the University of Hawaii or other state agencies, I hope the legislature will go very slowly and not impose costly and undue burdens on businesses and entities that are unlikely to reduce ID theft.  But more on that in another blog entry when I find some time.

About the author: Dissent