130 likes | 147 Views
Explore the privacy and security risks in higher education, understanding the importance of privacy, relevant laws, data security measures, and the human element. Learn about privacy issues, data breaches, and ways to protect sensitive information in academic institutions.
E N D
Privacy and Security Risks in Higher Education Professor Daniel J. Solove John Marshall Harlan Research Professor of Law George Washington University Law School & Founder, TeachPrivacy, http://teachprivacy.com Tracy Mitrano IT Policy Director Cornell University
FEDERAL PRIVACY LAWS RELEVANT TO SCHOOLS Gramm-Leach-Bliley Act Clery Act FERPA No Child Left Behind Act Electronic Communications Privacy Act Computer Fraud and Abuse Act Communications Decency Act HIPAA Privacy Rule Title IX
Privacy Problems in Higher Education Fragmented Protections Undetected Problems Lack of Coordination Lack of Oversight Lack of Training Lack of Student Education and Awareness
WHAT IS PRIVACY? INFORMATION PROCESSING Aggregation Identification Insecurity Secondary Use Exclusion INFORMATION COLLECTION Surveillance Interrogation DATA HOLDERS INFORMATION DISSEMINATION Breach of Confidentiality Disclosure Exposure Increased Accessibility Blackmail Appropriation Distortion DATA SUBJECT INVASIONS Intrusion Decisional Interference
WHY DOES PRIVACY MATTER? Legal Compliance Reputation Financial Cost of Incidents Student Well-Being Employee Well-Being Donor and Alumni Well-Being Time and Resources Soured Relationships
PRIVACY ISSUES IN HIGHER EDUCATION Privacy Program policies, privacy point person, oversight, training, privacy risk assessments Searches and Surveillance computer network monitoring, surveillance cameras Student Data FERPA, confidentiality of student records, sharing of data about students in distress Employee Data notice, access, rights regarding data, confidentiality Others’ Data data regarding alumni, donors, customers, vendors, and others Data Security safeguards on data, incident response plan Information Management confidentiality agreements, outsourcing Websites privacy policies, online data collection Speech social media use, cyberbullying, harassment, gossip websites
Privacy and Data Security Privacy Improper disclosure of data Curiosity Lack of awareness of privacy risks or importance of privacy Lack of administrative controls about data Misunderstanding about rules regarding when and with whom data may be shared Data Security Inadequate technical controls Failure to keep anti-virus protection updated Failure to provide encryption
The Human Element Carelessness Lack of awareness Blunders Lack of oversight Inadequate policies Misunderstanding of policies Lack of awareness of policies Failure to understand the technology or the risks
Privacy and Data Security: Passwords Privacy and the Human Element Reuse of passwords from other accounts Writing passwords on Post It notes near one’s computer Keeping passwords in one’s wallet Storing passwords in one’s browser Copying data to unauthorized portable devices or unprotected servers Failing to password-protect one’s smart phone Data Security and Technology Technical controls requiring all users to select passwords of the appropriate length and complexity
Training and Education Privacy and Data Security Awareness most privacy and data security incidents are caused by careless or ill-informed conduct that is readily preventable need basic awareness about importance of privacy, how to recognize risks and how to prevent them Online Social Media students need guidance about how to use online social media responsibly faculty, administrators, and staff need guidance about how to use social media responsibly and how to handle issues arising on campus involving the clash between harmful speech and free expression FERPA all employees who handle student data need basic awareness of FERPA Privacy in the Digital Age all members of an institution’s community should have a basic understanding about privacy – which is of central importance to one’s reputation, financial well-being, and ability to function in contemporary society
Privacy and Security Risks in Higher Education Professor Daniel J. Solove John Marshall Harlan Research Professor of Law George Washington University Law School & Founder, TeachPrivacy, http://teachprivacy.com Tracy Mitrano IT Policy Director Cornell University