Privacy and Confidentiality: Holding IT Service Providers Accountable

Published:: Tuesday, November 3, 2009
: Briefs, Case Studies, Papers, Reports

Author(s) and Contributors:: Author(s): Nadine Stern

Source(s) and Collection(s):: Sources(s): EDUCAUSE Research Collection(s): Research Bulletins

ParentTopics:: Agreements and Contract Management Family Educational Rights and Privacy Act (FERPA) Health Insurance Portability and Accountability Act (HIPAA) Privacy Gramm-Leach-Bliley Act (GLB Act)

Abstract

This ECAR research bulletin addresses the data privacy issues that must be covered by contractual language when entering into an agreement for externally provided IT services or for external consulting about institutional systems. It covers instances in which external agents have access to data that is considered confidential and/or where data can be linked to personally identifiable records. It is based on work done at The College of New Jersey between November 2008 and May 2009.

Citation for this work: Stern, Nadine. “Privacy and Confidentiality: Holding IT Service Providers Accountable” (Research Bulletin, Issue 22). Boulder, CO: EDUCAUSE Center for Analysis and Research, 2009, available from http://www.educause.edu/ecar.

Download Resources

Download PDF