Privacy and Security Risks in Higher Education

Professor Daniel J. SoloveJohn Marshall Harlan Research Professor of Law

George Washington University Law School&

Founder, TeachPrivacy, http://teachprivacy.com

Tracy MitranoIT Policy DirectorCornell University

Privacy Beyond FERPA

 

FERPA

Computer Fraud and Abuse Act

Communications Decency Act

Gramm-Leach-Bliley Act

No Child Left Behind

Act

Title IX

Clery Act

Electronic Communications

Privacy Act

HIPAA Privacy Rule

FEDERAL PRIVACY LAWS RELEVANT TO SCHOOLSFEDERAL PRIVACY LAWS RELEVANT TO SCHOOLS

 

Fragmented Protections

Undetected Problems

Lack of Coordination

Lack of Oversight

Lack of Training

Lack of Student Education and Awareness

Privacy Problems in Higher Education

INVASIONSIntrusion

Decisional Interference

INFORMATIONCOLLECTION

SurveillanceInterrogation

INFORMATIONDISSEMINATION

Breach of ConfidentialityDisclosureExposure

Increased AccessibilityBlackmail

AppropriationDistortion

DATA SUBJECT

DATA HOLDERS

INFORMATION PROCESSING

AggregationIdentification

InsecuritySecondary Use

Exclusion

WHAT IS PRIVACY?

WHY DOES PRIVACY MATTER?

Legal Compliance Reputation Financial Cost of Incidents Student Well-Being Employee Well-Being Donor and Alumni Well-Being Time and Resources Soured Relationships

PRIVACY ISSUES IN HIGHER EDUCATION

Data Security safeguards on data, incident response plan

Information Management confidentiality agreements, outsourcing

Websites privacy policies, online data collection

Speech social media use, cyberbullying, harassment, gossip websites

Searches and Surveillance computer network monitoring, surveillance cameras

Student Data FERPA, confidentiality of student records, sharing of data about students in distress

Employee Data notice, access, rights regarding data, confidentiality

Others’ Data data regarding alumni, donors, customers, vendors, and others

Privacy Program policies, privacy point person, oversight, training, privacy risk assessments

Privacy and Data Security

Privacy and Data Security

Privacy

Improper disclosure of data

Curiosity

Lack of awareness of privacy risks or importance of privacy

Lack of administrative controls about data

Misunderstanding about rules regarding when and with whom data may be shared

Data Security

Inadequate technical controls

Failure to keep anti-virus protection updated

Failure to provide encryption

The Human Element

Carelessness

Lack of awareness

Blunders

Lack of oversight

Inadequate policies

Misunderstanding of policies

Lack of awareness of policies

Failure to understand the technology or the risks

Privacy and Data Security:Passwords

Privacy and the Human Element

Reuse of passwords from other accounts

Writing passwords on Post It notes near one’s computer

Keeping passwords in one’s wallet

Storing passwords in one’s browser

Copying data to unauthorized portable devices or unprotected servers

Failing to password-protect one’s smart phone

Data Security and Technology

Technical controls requiring all users to select passwords of the appropriate length and complexity

 

Privacy and Data Security Awareness

most privacy and data security incidents are caused by careless or ill-informed conduct that is readily preventable

need basic awareness about importance of privacy, how to recognize risks and how to prevent them

Training and Education

FERPA

all employees who handle student data need basic awareness of FERPA

Online Social Media

students need guidance about how to use online social media responsibly

faculty, administrators, and staff need guidance about how to use social media responsibly and how to handle issues arising on campus involving the clash between harmful speech and free expression

Privacy in the Digital Age

all members of an institution’s community should have a basic understanding about privacy – which is of central importance to one’s reputation, financial well-being, and ability to function in contemporary society

Privacy and Security Risks in Higher Education

Professor Daniel J. SoloveJohn Marshall Harlan Research Professor of Law

George Washington University Law School&

Founder, TeachPrivacy, http://teachprivacy.com

Tracy MitranoIT Policy DirectorCornell University