So, in the five-and-a-half weeks that I've been working here, I've had to take five separate online "courses" about data security. The "courses" is quoted because they call them courses, but they're really 20-slide presentations.
Anyhow, each "course" starts with a "spot the privacy risks" scenario. Most have them have been in the "sure, some people might do that and not even be thinking it's a privacy problem" category. The one that I'm reading now.... it's way off the deep end. At least one of the three people involved should be waving big red flags.
Li is an undergraduate at the University. Her father is on the faculty. Her father runs into her professor on campus and says, "How's Li doing in class?" Her professor says, "I'll have my TA check and get back to you."
Later, Li's professor calls her new teaching assistant, Derek: "Would you check Li Zhang's grade so far in the intro class?"
"Sure, but I don't have an Internet ID and password yet," says Derek.
"No problem, here's mine," says Li's professor, and gives Derek her own Internet ID and password. "I'm late for a meeting. Will you e-mail me when you find her grade?" Derek uses the professor's access information to look up Li's grade and e-mails it to Li's professor.
Li's professor returns from her meeting, checks her e-mail, and forwards Li's grade to Li's father.
Think about this situation. You will be asked to identify the privacy and security issues in this situation later in this course .