Google Workspace column

[Information leakage mischief] I have sent the student list data to an outsider!

[Information leakage mischief] I have sent the student list data to an outsider!

This is the third time we have talked about information leaks.

This time is the story of Mr. C, who lives in Hokkaido.Then please go ahead.

I have sent the student list data to an outsider!

I worked as a college clerk a few years ago.

At that time, I was managing the collection and use of the library, and I was investigating what books the university students borrowed, how much they ordered the treatises, and how much they used the library.Therefore, the data of all the thousands of students was stored in the PC and managed.

The student list was strictly controlled and could not be easily downloaded from the database, but staff members like me who are directly involved with students in their personal work or who are involved in academic affairs have the authority to view it on a regular basis. And I was able to download it if I needed it for work.

Of course, I always managed it so that I couldn't see it without entering the password on the computer itself, and when I sent the data, I divided the email into two, one for the data and the other. My boss told me to manage it strictly and strictly, such as sending a password to a person.

I was especially careful about student names and contact information because there was an information leak at a university corporation in the past and the handling of personal information is now stricter.

At one point, I was about to organize and send data to send books and treatises requested by students to an external delivery company.Normally, the names, contact information, book names, etc. from the students who requested them were managed in an Excel sheet.When sending to an outside contractor or business partner, I send the Excel sheet to hide the student's name and contact information so that it will not be leaked to the outside, but at that time I inadvertently forget the work. , The names and contact information of hundreds of students were sent to an outside contractor.

I quickly noticed the mistake and immediately reported it to my boss before sending the second password email. He said, "It's hard. Let's get in touch with you right away." He made an incorrect call with his boss and asked the business partner to discard the contents of the email without looking at it.At that time, I asked, "I sent the wrong data, so please discard it without looking at the contents."

At this time, I thought, "Oh, I might get fired ...".

Leaking student's personal information would definitely be subject to disposal, and even though it was a job of a university corporation that I had received, I was wondering if I had done it.I'm sure my boss will get angry, and what should I do in the future?In a short time, I was wondering about the worst scenario.

However, since he was a delivery company with whom he usually interacts and has acquaintance, when he explained the situation, he said, "I understand. I will discard it as it is. I will not abuse it, so it's okay."This person was really nice, so I didn't get fired.

The boss also said, "I immediately noticed and reported the mistake, so it was better than hiding it. Be careful next time. If you do the same thing next time, your chair will be gone." It was just over.I was really relieved at this time.

If this person is a bad person and the student's information is leaked out due to the information sent by my mistake, I'm definitely fired, and if it's exposed to the media, I'll hit it in a blink of an eye. It must have been.

There was no particular punishment or salary reduction, but my mistake was made known to the department and other staff as a case of so-called "hiyari hat".

It was sent in writing, but of course it seemed that the person nearby knew that I was, and some people said, "This is you, wasn't it?"Some of them talk about their own mistakes, such as "I have lost the documents containing the student's grades in the past" and "I lost the USB I received from the student and sweated cold". Was here.

I thought that everyone, not just myself, would do it.The university holds a large amount of personal information about students and professors, which made me feel the importance of information management.

I think the cause of my mistake was "familiarity".

I have been dealing with student lists on a regular basis, and I think that the awareness that "we must handle them strictly" has diminished.Also, if it is an email for internal use, I think that "leaving it by email to an external vendor" still lacked the importance of information management.

After making that mistake, I decided to "check again before sending an email" and "when attaching an attachment, check the contents before sending".I also put sticky notes on my desk to show that I'm making a visible effort.I haven't made any such mistakes since then.

When handling personal information, please be careful and careful not to make mistakes like I do.

A word from the admin – Google Workspace can solve this

When sending important data by email, Google Workspace notifies the other party of the URL of the data on Google Drive without attaching it to the email. Since Google Drive allows detailed sharing settings, first limit the sharing settings to the minimum.By doing this, even if you send an email to an outsider, people who are not set up to share will not be able to access the data and the information will not be leaked to the outside.

Also, if you sent data that you do not want to see like this time to the other party, you could minimize information leakage by modifying or deleting the file immediately even after sending the email. Probably.

Every human being makes mistakes.

As Mr. C said, especially if you get used to it by repeating daily work, you will be able to work while thinking about other things, and confirmation will be neglected.

If you make a habit of not attaching emails in Google Workspace, you can reduce the risk of information leakage.