These statements strike me as potentially mutually exclusive:
“On December 14, 2014, a college laptop was stolen from a professor’s car that was briefly parked at a gas station.”
“we take the security of your personal information very seriously”
— from a breach notification by Westmont College.
Did Westmont College have a policy in place that required encryption for mobile devices? Did it have a policy that prohibited faculty from having students’ personal information on unencrypted mobile devices? Did it have a policy that informed staff and faculty that they must not leave devices with personal information of students unattended, even for one minute?
There is no indication in their notification that the employee in question had actually violated any policy or had been disciplined for the breach.
In response to the incident, Westmont writes:
We want you to know that we have taken steps to prevent a similar event from occurring in the future. This includes changing passwords and reviewing and updating our current security policies and procedures. We will also provide our employees with training on practical steps they can take to protect laptops when off campus.
Hadn’t they done that before? Had this faculty member ever been told what to do – and what not to do?
And if you’re curious, the laptop held a number of applications for the Europe Program and Summer Scholars “and may have contained your name, Social Security number, and other limited personal information contained in your application.”
It’s 2015, folks. Why are we still seeing laptops with personal information stolen from cars? Providing credit monitoring services after the fact is all well and good, but seriously, why aren’t these breaches prevented by now?