Information Protection @ MIT

The Risks

Data can be "classified" into highly sensitive, sensitive and private categories depending on what could occur if disclosed.

Type of Data Examples Risks if Disclosed

Highly Sensitive

Accessible by explicitly approved authorization; PIRN; Regulated by law and MIT Policy

  • SSNs
  • Credit Card & Bank Acct Numbers
  • Driver's License or State ID#
  • Health Information
  • Student Records
  • Passwords to Data Systems
  • Identity theft, fraud
  • Financial costs ($$$) related to fines, notifications, loss of donations
  • Reputation to Institute


Accessible by employees with a business need to know; Regulated by MIT Policy

  • Research
  • Personnel data
  • Salaries
  • Contracts
  • Unauthorized access to resources
  • Financial costs ($$)
  • Reputation to Institute


Accessible by general public with a need to know

  • Online directory information such as name, phone numbers, home addresses
  • MIT-specific information
  • Reputation to Institute
  • Harm to individual privacy
  • Misuse of information

The Financial Costs of a Data Breach

A Ponemon Institute study sponsored by PGP Corporation and released in January 2010 shows that the cost of a data breach continues to increase. This fifth annual survey for 2009 shows a significant spike in legal defense spending while breaches involving third-party organizations remain the most costly.

According to the study, data breach incidents cost US companies $204 per compromised customer record in 2009, compared to $202 in 2008. The average total per incident costs in 2009 were $6.75 million, up from $6.65 million in 2008.

Factors considered in the study include outlays for detection, escalation, notification and response; investigative and administrative expenses; cutomer defections, opportunity loss and reputation management; and costs associated with customer support such as information hotlines and credit monitoring subscriptions.

Additional costs that MIT might incur due to a data breach:


back to top