We can learn a lot about risk from academia. University environments embody the whole data privacy world in microcosm. Colleges and universities handle a broad range of personal information — from students, staff, alumni, donors, and other community members — with their functions in financial services, food services and housing, student stores, and medical services.
On average, educational institutions report 1.3 million records compromised per year, based on statistics from Privacy Rights Clearinghouse. (Check out this infographic from Open Site, for an overview of data breaches in higher education.)
Nobody understands the privacy and security risks in the academic world better than Grace Crickette, chief risk officer for the University of California, a sprawling system that includes ten campuses and five medical centers. She shared her insights, which can be translated into 3 lessons on risk:
...
http://www.govhealthit.com/news/3-lessons-risk-what-higher-education-can-teach-hit