Main Nav

Lance Spitzner on Data Privacy Awareness

A common challenge many schools share is protecting the privacy of their students. Institutions maintain a surprising amount of highly confidential student information including medical, financial, personal, and educational data. As a result, institutions have to comply with numerous regulations including HIPAA, FERPA, or GLBA. Remembering all of these different compliance rules and regulations can be confusing or overwhelming for faculty and staff. However, if you take a step back, many of these regulations have the same goal–protection of private information. In addition, the steps people are expected to follow in order to protect data are often the same.

One of the key steps in any privacy awareness program is engaging people. We need to answer the question "Why should they even care about privacy?" Once you have engaged people, then you can begin to teach people. SANS worked with the EDUCAUSE Higher Education Chief Privacy Officers group to discuss this challenge and how we can help solve it. After a team discussion we came up with an approach: respect. Ultimately, when protecting student information we should do this out of respect for others, just like we would want others to respect and protect our own private information. Once people are engaged and understand the need to respect others, then you can begin to explain the most common steps that are required to protect private information and common steps that apply to many of the compliance standards.

To help schools support their privacy programs SANS and EDUCAUSE have developed a privacy awareness video that you are welcome to use for free in your campus privacy program. You can download high or low-resolution versions of the video or embed the video on your institution's website.

Lance Spitzner is the training director for the SANS Securing The Human program. Learn more about security awareness and access free security and privacy awareness resources.

Tags from the Community