Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy and Security Risks in Higher Education

Similar presentations


Presentation on theme: "Privacy and Security Risks in Higher Education"— Presentation transcript:

1 Privacy and Security Risks in Higher Education
Professor Daniel J. Solove John Marshall Harlan Research Professor of Law George Washington University Law School & Founder, TeachPrivacy, Tracy Mitrano IT Policy Director Cornell University

2 Privacy Beyond FERPA

3 FEDERAL PRIVACY LAWS RELEVANT TO SCHOOLS
Gramm-Leach-Bliley Act Clery Act FERPA No Child Left Behind Act Electronic Communications Privacy Act Computer Fraud and Abuse Act Communications Decency Act HIPAA Privacy Rule Title IX

4 Privacy Problems in Higher Education
Fragmented Protections Undetected Problems Lack of Coordination Lack of Oversight Lack of Training Lack of Student Education and Awareness

5 WHAT IS PRIVACY? DATA HOLDERS INFORMATION PROCESSING Aggregation
Identification Insecurity Secondary Use Exclusion INFORMATION COLLECTION Surveillance Interrogation DATA HOLDERS INFORMATION DISSEMINATION Breach of Confidentiality Disclosure Exposure Increased Accessibility Blackmail Appropriation Distortion DATA SUBJECT INVASIONS Intrusion Decisional Interference

6 WHY DOES PRIVACY MATTER?
 Legal Compliance  Reputation  Financial Cost of Incidents  Student Well-Being  Employee Well-Being  Donor and Alumni Well-Being  Time and Resources  Soured Relationships

7 PRIVACY ISSUES IN HIGHER EDUCATION
Privacy Program policies, privacy point person, oversight, training, privacy risk assessments  Searches and Surveillance computer network monitoring, surveillance cameras  Student Data FERPA, confidentiality of student records, sharing of data about students in distress  Employee Data notice, access, rights regarding data, confidentiality  Others’ Data data regarding alumni, donors, customers, vendors, and others  Data Security safeguards on data, incident response plan  Information Management confidentiality agreements, outsourcing  Websites privacy policies, online data collection  Speech social media use, cyberbullying, harassment, gossip websites

8 Privacy and Data Security
how data is managed, used, and disclosed Data Security protecting information from being lost, stolen, or improperly accessed

9 Privacy and Data Security
Improper disclosure of data Curiosity Lack of awareness of privacy risks or importance of privacy Lack of administrative controls about data Misunderstanding about rules regarding when and with whom data may be shared Data Security Inadequate technical controls Failure to keep anti-virus protection updated Failure to provide encryption

10 The Human Element Carelessness Lack of awareness Blunders
Lack of oversight Inadequate policies Misunderstanding of policies Lack of awareness of policies Failure to understand the technology or the risks

11 Privacy and Data Security: Data Security and Technology
Passwords Privacy and the Human Element Reuse of passwords from other accounts Writing passwords on Post It notes near one’s computer Keeping passwords in one’s wallet Storing passwords in one’s browser Copying data to unauthorized portable devices or unprotected servers Failing to password-protect one’s smart phone Data Security and Technology Technical controls requiring all users to select passwords of the appropriate length and complexity

12 Training and Education
Privacy and Data Security Awareness  most privacy and data security incidents are caused by careless or ill-informed conduct that is readily preventable  need basic awareness about importance of privacy, how to recognize risks and how to prevent them Online Social Media  students need guidance about how to use online social media responsibly  faculty, administrators, and staff need guidance about how to use social media responsibly and how to handle issues arising on campus involving the clash between harmful speech and free expression FERPA  all employees who handle student data need basic awareness of FERPA Privacy in the Digital Age  all members of an institution’s community should have a basic understanding about privacy – which is of central importance to one’s reputation, financial well-being, and ability to function in contemporary society

13 Privacy and Security Risks in Higher Education
Professor Daniel J. Solove John Marshall Harlan Research Professor of Law George Washington University Law School & Founder, TeachPrivacy, Tracy Mitrano IT Policy Director Cornell University


Download ppt "Privacy and Security Risks in Higher Education"

Similar presentations


Ads by Google