1 / 13

Privacy and Security Risks in Higher Education

Explore the privacy and security risks in higher education, understanding the importance of privacy, relevant laws, data security measures, and the human element. Learn about privacy issues, data breaches, and ways to protect sensitive information in academic institutions.

lsorenson
Download Presentation

Privacy and Security Risks in Higher Education

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Privacy and Security Risks in Higher Education Professor Daniel J. Solove John Marshall Harlan Research Professor of Law George Washington University Law School & Founder, TeachPrivacy, http://teachprivacy.com Tracy Mitrano IT Policy Director Cornell University

  2. Privacy Beyond FERPA

  3. FEDERAL PRIVACY LAWS RELEVANT TO SCHOOLS Gramm-Leach-Bliley Act Clery Act FERPA No Child Left Behind Act Electronic Communications Privacy Act Computer Fraud and Abuse Act Communications Decency Act HIPAA Privacy Rule Title IX

  4. Privacy Problems in Higher Education Fragmented Protections Undetected Problems Lack of Coordination Lack of Oversight Lack of Training Lack of Student Education and Awareness

  5. WHAT IS PRIVACY? INFORMATION PROCESSING Aggregation Identification Insecurity Secondary Use Exclusion INFORMATION COLLECTION Surveillance Interrogation DATA HOLDERS INFORMATION DISSEMINATION Breach of Confidentiality Disclosure Exposure Increased Accessibility Blackmail Appropriation Distortion DATA SUBJECT INVASIONS Intrusion Decisional Interference

  6. WHY DOES PRIVACY MATTER? Legal Compliance  Reputation  Financial Cost of Incidents  Student Well-Being  Employee Well-Being  Donor and Alumni Well-Being  Time and Resources  Soured Relationships

  7. PRIVACY ISSUES IN HIGHER EDUCATION Privacy Program policies, privacy point person, oversight, training, privacy risk assessments  Searches and Surveillance computer network monitoring, surveillance cameras  Student Data FERPA, confidentiality of student records, sharing of data about students in distress  Employee Data notice, access, rights regarding data, confidentiality  Others’ Data data regarding alumni, donors, customers, vendors, and others  Data Security safeguards on data, incident response plan  Information Management confidentiality agreements, outsourcing  Websites privacy policies, online data collection  Speech social media use, cyberbullying, harassment, gossip websites

  8. Privacy and Data Security

  9. Privacy and Data Security Privacy Improper disclosure of data Curiosity Lack of awareness of privacy risks or importance of privacy Lack of administrative controls about data Misunderstanding about rules regarding when and with whom data may be shared Data Security Inadequate technical controls Failure to keep anti-virus protection updated Failure to provide encryption

  10. The Human Element Carelessness Lack of awareness Blunders Lack of oversight Inadequate policies Misunderstanding of policies Lack of awareness of policies Failure to understand the technology or the risks

  11. Privacy and Data Security: Passwords Privacy and the Human Element Reuse of passwords from other accounts Writing passwords on Post It notes near one’s computer Keeping passwords in one’s wallet Storing passwords in one’s browser Copying data to unauthorized portable devices or unprotected servers Failing to password-protect one’s smart phone Data Security and Technology Technical controls requiring all users to select passwords of the appropriate length and complexity

  12. Training and Education Privacy and Data Security Awareness most privacy and data security incidents are caused by careless or ill-informed conduct that is readily preventable  need basic awareness about importance of privacy, how to recognize risks and how to prevent them Online Social Media  students need guidance about how to use online social media responsibly  faculty, administrators, and staff need guidance about how to use social media responsibly and how to handle issues arising on campus involving the clash between harmful speech and free expression FERPA  all employees who handle student data need basic awareness of FERPA Privacy in the Digital Age  all members of an institution’s community should have a basic understanding about privacy – which is of central importance to one’s reputation, financial well-being, and ability to function in contemporary society

  13. Privacy and Security Risks in Higher Education Professor Daniel J. Solove John Marshall Harlan Research Professor of Law George Washington University Law School & Founder, TeachPrivacy, http://teachprivacy.com Tracy Mitrano IT Policy Director Cornell University

More Related