Universities and Personal Information

It looks like Miami University (Ohio) had a lot of SSN and student data on the web for several years. The great thing is that at least they didn’t issue a press release blaming everyone else for exposing information too.

As ITECS Systems Manager I completely reorganized our web presence — almost completely driven by the fact that our “web servers” would point to the top of the AFS filespace to deliver files — meaning that anything that had open permissions ended up in Google — which meant a lot of SSN spreadsheets where professors had been posting grades. It was a design failure perpetuated by the IT staff that brought up webservers in a different era of information exchange — but they never changed as the world changed.

I took a fair amount of flak for this — the faculty were upset with me for making them make changes, for a while, my team members were bemused at my entreaties that this was a severe problem AND HAD TO BE FIXED, and everyone was worried about the support load. My IT peers that had similar environments didn’t change for several years after because they were afraid of this support problem.

I had my share of screwups. I made decisions in IT that weren’t always the best decisions, and my users and peers could have legitimate complaints about things my team did — or more often — didn’t do.

But by golly, I got that web change right.