Privacy and Data Security

The EDUCAUSE/Internet2 Computer and Network Security Task Force (STF) provides a focal point for the academic community to join together to strengthen the ability of the higher education sector to respond to growing threats to information security and to protect the privacy of our community members. This strategic plan is intended to set forth a vision for the higher education community and provide a concise roadmap to guide the efforts of the STF. This roadmap emphasizes continuous and evolutionary community investment in converting our understanding of risks and issues into solutions based on effective practices, as well as the urgent need to build the national capability across the higher education sector to respond quickly and effectively as a community to new threats and vulnerabilities.

The Federal Trade Commission deals with issues that touch the economic lives of most Americans. The current portfolio includes protecting consumers in the areas of data security and privacy, identity theft, Social Security number misuse, identity management, spam, maintaining the National Do Not Call Registry, and other IT issues of interest to colleges and universities. The FTC's Bureau of Consumer Protection, although a regulator of businesses, is also an educator: it seeks to educate consumers and provide businesses and other organizations with the information they need to comply with the rules of the road and to provide consumers with the necessary tools to engage in commerce intelligently. This session will highlight information policy issues the FTC is addressing and educational resources institutions of higher education can leverage to improve student, faculty, and staff awareness of data security and privacy risks.

After the tragic events of April 16, 2007, at Virginia Tech, IT professionals and university legal counsel had to quickly address the need to collect and preserve data in the event of future litigation. Performing tasks while dealing with grief and protecting academic freedom and privacy issues has required a delicate approach.

This research bulletin details the procedures and processes undertaken by the University of Minnesota to ensure that all employees, from student workers and custodial staff through senior research faculty and administrators, received training about keeping private data secure tailored to their roles and responsibilities. It illustrates how the implementation of the training resulted in improvements in incident reporting and response procedures, awareness of institutional private data and expectations for securing them, and many aspects of data security.

Citation for this work: Janssen, Ross T., and Greg C. Sales. “Regulatory Compliance Training: Public Jobs, Private Data” (Research Bulletin, Issue 8). Boulder, CO: EDUCAUSE Center for Applied Research, 2008, available from http://www.educause.edu/ecar.

These slides were presented at the University System of Maryland's Workshop on Data Privacy for Maryland Higher Education.

This opening address was presented at the University System of Maryland's Workshop on Data Privacy for Maryland Higher Education.

"When is higher education going to get serious about safeguarding the private information of students,
faculty, and staff?"

Penn designed the security and privacy impact assessment (SPIA) process and tool to raise awareness about where confidential data reside and to assess risks in seven major threat areas, which can be mitigated by a list of safeguards. Learn about successful outcomes from our early SPIA adopters.

Colleges and universities possess an exceptional volume and variety of personal information. Our stewardship of such information has been inconsistent and inadequate, and we often implement new technologies and systems without considering systemic privacy and security implications. Although many publicly reported security breaches occur on campuses, we have been slow to provide training in privacy and security issues, rarely audit for compliance, and lag far behind industry and government in appointing privacy and security officers. This session will address the information policy challenges facing colleges and universities, today and in the future, and will offer practical steps for overcoming them.