EDUCAUSE | Privacy

Getting Started in Privacy: Recommendations from the Higher Education Chief Privacy Officers (HE-CPO)

Mon, 01 Apr 2013 21:29:11 +0000

Whether you are a Chief Privacy Officer (CPO) at your institution, have responsibility for privacy on your campus, or just want to learn more about becoming a privacy professional in higher education, this list of key resources compiled by current CPOs is a great starting point. Find out where to learn more about privacy (listservs, newsletters, conferences, or webinars), which standards you should be familiar with, recommended reading, joining professional organizations, how to become a certified privacy professional, and how to convince your institution that privacy is important.

Call for Participation: The Multi-Factor Authentication Cohortium

Wed, 20 Mar 2013 15:49:09 +0000

The Internet2 Scalable Privacy Project (ScalePriv), funded with the recent National Strategy for Trusted Identities in Cyberspace (NSTIC) grant to Internet2, is seeking campuses to participate in the Multi-Factor Authentication (MFA) Cohortium*. Applications are open until April 26, 2013 (note the deadline extension).

Who is checking your email?

Tue, 12 Mar 2013 18:44:03 +0000

What is your campus policy and procedure for access to employee email? If you don't know - or you don't have it written down - it might be time to review your practice, write it down, and vet it with the appropriate governance bodies. The issue of administration access to employee email has been peaked on campus because of a New York Times article that described a controversy brewing at Harvard University. The University had become concerned about a leak to news media regarding a student disciplinary matter that they suspected was attributable to a University administrator. According to a statement released by the University:

. . .

Privacy and Security Initiatives and Recommendations from the U.S. Department of Education

Wed, 13 Feb 2013 20:53:58 +0000

At EDUCAUSE 2012, U.S. Department of Education speakers discussed new privacy and security initiatives, as well as offering recommendations on navigating privacy efforts and preparing for and managing security breaches.
Many of the new amendments to FERPA exceptions were developed in order to improve accountability in data sharing.
At the heart of breach prevention and response are solid, established processes and targeted oversight.

ED CPO on Privacy, Emerging Technologies, and New Uses of Data

Mon, 28 Jan 2013 20:26:33 +0000

When I first accepted the position as ED’s Chief Privacy Officer the workload revolved heavily around privacy issues in the K-12 context, especially issues relating the Family Educational Rights Privacy Act (FERPA) and its applicability to State Longitudinal Databases. Recently our office is spending an increasing amount of time providing guidance in the higher ed arena. Colleges, universities, and other postsecondary institutions often have research agendas that involve data; they often have medical facilities; and most importantly, colleges and universities often function as change agents, particularly for technological and social change. The combination of new technologies and new uses of data create today’s cutting-edge privacy issues, including “Big Data,” matching with wage data, data sharing in general, the use of analytics, cloud computing, MOOCs, and school use of web engagement tools.

A Few Things about E-FERPA

Mon, 28 Jan 2013 16:34:17 +0000

Probably no statute affects higher education more, but is understood less, than the Family Educational and Privacy Rights Act, or “FERPA,” the primary federal law that regulates how we handle our records about our students. And that is no doubt especially true when it comes to electronic records (which for some reason seem to baffle us in almost every context). Data Privacy Month seems a good time to clear up some of the most common misunderstandings:

1. FERPA makes no distinction between electronic and other records. FERPA governs all records that we maintain about our students, be they written on paper; captured in film, photographs, or audiotape; made up solely of electrons; or, for that matter, carved into stone tablets, and it governs them in exactly the same way. At least for purposes of FERPA, the medium is not the message.

Higher Education Activities during Data Privacy Month

Fri, 18 Jan 2013 22:31:21 +0000

Although this is only the second year that colleges and universities are working together to observe and promote Data Privacy Month, many campuses are busy planning local or regional events, tweeting daily with the hashtags #dataprivacy and #dpd13, and writing blogs or articles about data privacy. We hope these activities will encourage you to consider ways to promote Data Privacy Month this year or begin thinking about how yor campus will participate in 2014.

January 28th is Data Privacy Day–Respecting Privacy, Safeguarding Data and Enabling Trust

Fri, 18 Jan 2013 21:57:21 +0000

As the National Cyber Security Alliance (NCSA), we have the honor of coordinating Data Privacy Day (DPD). Data Privacy Day is held on January 28th annually and is an effort to empower people to protect their privacy, control their digital footprint, and escalate the protection of privacy and data as everyone’s priority. The success of Data Privacy Day relies on everyone, including our trusted partners such as EDUCAUSE and the higher education community, to educate and create awareness about the importance of data privacy.

Lance Spitzner on Data Privacy Awareness

Fri, 18 Jan 2013 16:55:14 +0000

A common challenge many schools share is protecting the privacy of their students. Institutions maintain a surprising amount of highly confidential student information including medical, financial, personal, and educational data. As a result, institutions have to comply with numerous regulations including HIPAA, FERPA, or GLBA. Remembering all of these different compliance rules and regulations can be confusing or overwhelming for faculty and staff. However, if you take a step back, many of these regulations have the same goal–protection of private information. In addition, the steps people are expected to follow in order to protect data are often the same.

Data Privacy Month Awareness Video, 2013

Mon, 14 Jan 2013 17:08:11 +0000

SANS and EDUCAUSE have developed a free privacy awareness video that colleges and universities can use during Data Privacy Month in January, and throughout the year, in their privacy education and training efforts. High and low resolution versions of the video are available.

ERO Video Conversation: The Relationship Between Privacy and Security

Tue, 08 Jan 2013 17:13:46 +0000

Data Privacy Month: Are You Smarter Than Your Phone?

Fri, 04 Jan 2013 22:38:31 +0000

Nearly everyone on a college campus today has a mobile phone, capable of accomplishing amazing tasks while on the go. But, how SHOULD you make use of your smartphone? You are smarter than your phone if you know that you need to make careful choices about using your geo-location feature. You might post a picture to Facebook while on your European trip if there are other people still living at your address back home. But, if your house is empty while you travel, you would be smarter to wait to post until you get home. Do you really want everyone to know you are out alone at midnight by "checking in" at your local donut shop? You are smarter than your phone if you use sound judgment about revealing your location. You’re smarter than your phone if you know you need to think critically about the sensitivity of the data you put on or access through your phone. Do you use your phone for banking, without password protecting the device? Your phone is happy to do it. But you are smarter than your phone if you protect it with a password. If you’re not thinking critically about what you do with your phone, we’ll help you think again!

This session is part of a Data Privacy Month series of events.

EDUCAUSE Review: Print Edition, Volume 48, Number 1, January/February 2013

Fri, 04 Jan 2013 19:56:45 +0000

This is the full issue of EDUCAUSE Review: Print Edition, Volume 48, Number 1, January/February 2013

Privacy, Security, and Compliance: Strange Bedfellows, or a Marriage Made in Heaven?

Fri, 04 Jan 2013 18:00:24 +0000

The authors examine several campus issues lying at the intersection of privacy, security, and compliance and provide insight for institutional leaders planning strategic directions.

Information Privacy Revealed

Fri, 04 Jan 2013 17:48:04 +0000

IT senior leaders and IT staff should learn what privacy is, why it is important in higher education today, and how they can identify and address privacy risks.

January 2013 is Data Privacy Month! Free Webinars and Easy Ways to Increase Awareness

Fri, 21 Dec 2012 19:05:38 +0000

Data Privacy Month is an annual effort to empower people to protect their privacy and control their digital footprint, as well as escalate the protection of privacy and data as everyone's priority. Spend the month helping to ensure your campus community is respecting privacy, safeguarding data, and enabling trust. This year’s Data Privacy Month Planning Task Force has selected weekly themes for the higher education community to focus on. Several free webinars will also be offered throughout the month of January.

UploadsAttachments:

PrivacyTower2.jpg

PrivacyHero2.jpg

Privacy Officers around the Virtual Water Cooler

Thu, 20 Dec 2012 21:52:47 +0000

This conversational webinar explores how three higher education Chief Privacy Officers (CPOs) are addressing current privacy challenges on campus.

The Family Educational Rights and Privacy Act: 7 Myths — and the Truth

Fri, 30 Nov 2012 22:06:21 +0000

The author tried to clarify common confusions surrounding The Family Educational Rights and Privacy Act (FERPA).

This aritcle riginally appeared in the Chronicle of Higher Education
Section: Commentary Volume 54, Issue 32, Page A53
April 18, 2008

PTAC Data Breach Response Checklist

Thu, 25 Oct 2012 16:31:06 +0000

The Privacy Technical Assistance Center (PTAC) recently published a Data Breach Response Checklist that institutions of higher education may use to develop a comprehensive data breach response plan. The checklist is meant to be used as a general example illustrating some current industry best practices in data breach response and mitigation applicable to education community. A PDF version is available to download.

Security and Privacy Sessions at EDUCAUSE 2012

Tue, 16 Oct 2012 19:47:48 +0000

The annual EDUCAUSE Conference (November 6-9) offers a variety of security and privacy-related sessions. Whether you plan to join us in Denver or participate online, we encourage you to attend as many of these presentations as possible. Also remember to mark your calendar for the upcoming Security Professionals Conference, which will be held April 15-17, 2013 in St. Louis, Missouri, and Online. A Call for Proposals is currently out, with a November 13, 2012 deadline.

Tuesday, November 6, 2012

Preconference Seminars (separate registration required)

National Cyber Security Awareness Month 2012 is HERE!

Mon, 01 Oct 2012 18:52:25 +0000

It’s that time of year again! October is National Cyber Security Awareness Month.

Help us raise awareness with your faculty, staff, and students this October by promoting National Cyber Security Awareness Month (NCSAM).

We will start the month off with an EDUCAUSE Live! webinar on October 4 (1-2 pm EDT). Register here and join Dave Cullinane, Chief Information Security Officer at eBay (retired) and Co-Founder of the Cloud Security Alliance, as he discusses “Security Awareness and Communication in the C-Suite.”

If you plan on holding an event in October, please share your plans and any applicable URL’s with this group or send an e-mail to security-council@educause.edu so your institution's activities can be included with our list of 2012 campus events.

Privacy and Data Management on Mobile Devices

Thu, 06 Sep 2012 15:23:17 +0000

A new survey by the Pew Research Center’s Internet & American Life Project found that more than half of mobile application users have uninstalled or avoided certain apps due to concerns about the way personal information is shared or collected by the app. This report was authored by Jan Lauren Boyles, Aaron Smith, Mary Madden.

Cybersecurity: Selected Legal Issues

Fri, 17 Aug 2012 20:41:35 +0000

The federal government’s role in protecting U.S. citizens and critical infrastructure from cyber attacks has been the subject of recent congressional interest. Critical infrastructure commonly refers to those entities that are so vital that their incapacitation or destruction would have a debilitating impact on national security, economic security, or the public health and safety. This report discusses selected legal issues that frequently arise in the context of recent legislation to address vulnerabilities of critical infrastructure to cyber threats, efforts to protect government networks from cyber threats, and proposals to facilitate and encourage sharing of cyber threat information among private sector and government entities. This report also discusses the degree to which federal law may preempt state law.

7 Ways BYOD Could Get You Sued

Tue, 07 Aug 2012 20:27:47 +0000

The author, Sam Narisi, discusses some of the biggest legal issues to consider when coming up with a BYOD policy and strategy.

ECPA Amendment Letter

Mon, 06 Aug 2012 19:17:22 +0000

In this letter sent to Senate Majority Leader Reid and Minority Leader McConnell, EDUCAUSE joined with the Association of Research Libraries, businesses, and other trade associations to support Senate Amendment 2580, cited as the “Electronic Communications Privacy Act,” to the Cybersecurity Act (S. 3414). This amendment would provide privacy protections for email and other electronic communications — including requiring that the government obtain a search warrant based on probable cause in order to obtain email content. The amendment would also implement the first principle of the Digital Due Process (DDP) coalition -- of which EDUCAUSE is a member -- whose goal is to simplify, clarify, and unify the ECPA standards.

More information can be found in the August 3, 2012 blog, "EDUCAUSE Joins Letter in Support of the Electronic Communications Privacy Act Amendment."