Privacy and Security Risks in Higher Education Professor Daniel J. Solove John Marshall Harlan...
-
Upload
juniper-quinn -
Category
Documents
-
view
215 -
download
0
Transcript of Privacy and Security Risks in Higher Education Professor Daniel J. Solove John Marshall Harlan...
Privacy and Security Risks in Higher Education
Professor Daniel J. SoloveJohn Marshall Harlan Research Professor of Law
George Washington University Law School&
Founder, TeachPrivacy, http://teachprivacy.com
Tracy MitranoIT Policy DirectorCornell University
Privacy Beyond FERPA
FERPA
Computer Fraud and Abuse Act
Communications Decency Act
Gramm-Leach-Bliley Act
No Child Left Behind
Act
Title IX
Clery Act
Electronic Communications
Privacy Act
HIPAA Privacy Rule
FEDERAL PRIVACY LAWS RELEVANT TO SCHOOLSFEDERAL PRIVACY LAWS RELEVANT TO SCHOOLS
Fragmented Protections
Undetected Problems
Lack of Coordination
Lack of Oversight
Lack of Training
Lack of Student Education and Awareness
Privacy Problems in Higher Education
INVASIONSIntrusion
Decisional Interference
INFORMATIONCOLLECTION
SurveillanceInterrogation
INFORMATIONDISSEMINATION
Breach of ConfidentialityDisclosureExposure
Increased AccessibilityBlackmail
AppropriationDistortion
DATA SUBJECT
DATA HOLDERS
INFORMATION PROCESSING
AggregationIdentification
InsecuritySecondary Use
Exclusion
WHAT IS PRIVACY?
WHY DOES PRIVACY MATTER?
Legal Compliance Reputation Financial Cost of Incidents Student Well-Being Employee Well-Being Donor and Alumni Well-Being Time and Resources Soured Relationships
PRIVACY ISSUES IN HIGHER EDUCATION
Data Security safeguards on data, incident response plan
Information Management confidentiality agreements, outsourcing
Websites privacy policies, online data collection
Speech social media use, cyberbullying, harassment, gossip websites
Searches and Surveillance computer network monitoring, surveillance cameras
Student Data FERPA, confidentiality of student records, sharing of data about students in distress
Employee Data notice, access, rights regarding data, confidentiality
Others’ Data data regarding alumni, donors, customers, vendors, and others
Privacy Program policies, privacy point person, oversight, training, privacy risk assessments
Privacy and Data Security
Privacy and Data Security
Privacy
Improper disclosure of data
Curiosity
Lack of awareness of privacy risks or importance of privacy
Lack of administrative controls about data
Misunderstanding about rules regarding when and with whom data may be shared
Data Security
Inadequate technical controls
Failure to keep anti-virus protection updated
Failure to provide encryption
The Human Element
Carelessness
Lack of awareness
Blunders
Lack of oversight
Inadequate policies
Misunderstanding of policies
Lack of awareness of policies
Failure to understand the technology or the risks
Privacy and Data Security:Passwords
Privacy and the Human Element
Reuse of passwords from other accounts
Writing passwords on Post It notes near one’s computer
Keeping passwords in one’s wallet
Storing passwords in one’s browser
Copying data to unauthorized portable devices or unprotected servers
Failing to password-protect one’s smart phone
Data Security and Technology
Technical controls requiring all users to select passwords of the appropriate length and complexity
Privacy and Data Security Awareness
most privacy and data security incidents are caused by careless or ill-informed conduct that is readily preventable
need basic awareness about importance of privacy, how to recognize risks and how to prevent them
Training and Education
FERPA
all employees who handle student data need basic awareness of FERPA
Online Social Media
students need guidance about how to use online social media responsibly
faculty, administrators, and staff need guidance about how to use social media responsibly and how to handle issues arising on campus involving the clash between harmful speech and free expression
Privacy in the Digital Age
all members of an institution’s community should have a basic understanding about privacy – which is of central importance to one’s reputation, financial well-being, and ability to function in contemporary society
Privacy and Security Risks in Higher Education
Professor Daniel J. SoloveJohn Marshall Harlan Research Professor of Law
George Washington University Law School&
Founder, TeachPrivacy, http://teachprivacy.com
Tracy MitranoIT Policy DirectorCornell University