Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

Slides:



Advertisements
Similar presentations
PRIVACY ACT OF 1974 OVERVIEW. FAIR INFORMATION PRACTICES The Privacy Act is primarily concerned with fair information practices. The Privacy Act is primarily.
Advertisements

IT Security Policy Framework
Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.
University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.
Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.
Overview of the Privacy Act
US Constitution and Right to Privacy Generally only protects against government action Doesn’t obligate government to do something, but rather to refrain.
©2008 Perkins Coie LLP Game Industry Roundtable Privacy Developments for the Game Industry Thomas C. Bell September 24, 2008.
Confidentiality and HIPAA
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
Privacy Laws & Higher Education. Agenda 1.Five Privacy Laws a.FERPA b.HIPAA c.GLB d.FACTA Disposal Rule e.CAN-SPAM 2.Overview of the Laws a.What does.
© 2014 ACA International. All Rights Reserved. Obtaining Optimum Compliance Performance Foundational Training on ACA’s Professional Practices Management.
© 2014 Nelson Brown Hamilton & Krekstein LLC. All Rights Reserved PRIVACY & DATA SECURITY: A LEGAL FRAMEWORK MOLLY LANG, PARTNER, NELSON BROWN & CO.
Ethical Issues in Data Security Breach Cases Presented by Robert J. Scott Scott & Scott, LLP
Security, Privacy, and the Protection of Personally Identifiable Information Rodney J. Petersen Policy Analyst, EDUCAUSE EDUCAUSE/Internet2 Security.
Policing the Internet: Higher Education Law and Policy Rodney Petersen, Policy Analyst Wendy Wigen, Policy Analyst EDUCAUSE.
Information & Communication Technologies NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
IT Security Challenges In Higher Education Steve Schuster Cornell University.
FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.
© 2003, EDUCAUSE Information Privacy: Public Policy and Institutional Policies Rodney J. Petersen Policy Analyst, EDUCAUSE EDUCAUSE/Internet2 Security.
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
© 2003, EDUCAUSE/Internet2 Computer and Network Security Task Force Computer Access, Privacy and Security: Legal Obligations and Liabilities Rodney J.
Banks and the Privacy of Medical Information 8 th National HIPAA Summit March 8, 2004 Joy Pritts, JD Health Policy Institute Georgetown University
Investigating & Preserving Evidence in Data Security Incidents Robert J. Scott Scott & Scott, LLP
Managing Risk in Cloud Computing Contracts Henry Ward and Todd Taylor April 30, 2015.
Handling Sensitive Data: Security, Privacy, and Other Considerations Rodney Petersen Government Relations Officer Security Task Force Coordinator EDUCAUSE.
Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.
HIPAA PRIVACY AND SECURITY AWARENESS.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
1 General Awareness Training Security Awareness Module 1 Overview and Requirements.
Enterprise data (decentralized control, data security and privacy) Incident Response: State and Federal Law Rodney Petersen Security Task Force Coordinator.
Privacy and Security Laws for Health Care Organizations Presented by Robert J. Scott Scott & Scott, LLP
Notes for Discussion on a Privacy Practice © Joe Cleetus.
Student Confidentiality: The FERPA/HIPAA Facts AISD Policy Student Records AISD Procedure AP. 11.
Part 6 – Special Legal Rights and Relationships Chapter 35 – Privacy Law Prepared by Michael Bozzo, Mohawk College © 2015 McGraw-Hill Ryerson Limited 34-1.
© Copyright 2011, Vorys, Sater, Seymour and Pease LLP. All Rights Reserved. Higher standards make better lawyers. ® CISO Executive Network Executive Breakfast.
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
New Identity Theft Rules Rodney J. Petersen, J.D. Government Relations Officer Security Task Force Coordinator EDUCAUSE.
FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.
HIPAA BASIC TRAINING Presented by Anderson Health Information Systems, Inc.
IT Security Policy Framework ● Policies ● Standards ● Procedures ● Guidelines.
Yes. You’re in the right room.. Hi! I’m David (Hi David!)
Approved for Public Release. Distribution Unlimited. 1 Government Privacy Rick Newbold, JD, MBA, CIPP/G Futures Branch 28.
Lecture 8 ETHICAL AND SOCIAL ISSUES IN INFORMATION SYSTEMS (continued) © Prentice Hall
Privacy Advisory Services … … A Best Practices, Integrated Approach Insert Firm Name Here.
Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.
Chapter 4: Laws, Regulations, and Compliance
Safeguarding Sensitive Information. Agenda Overview Why are we here? Roles and responsibilities Information Security Guidelines Our Obligation Has This.
Legal, Regulations, Investigations, and Compliance Chapter 9 Part 2 Pages 1006 to 1022.
CYBERSECURITY: RISK AND LIABILITY March 2, 2016 Joshua A. Mooney Co-chair-Cyber Law and Data Protection White and Williams LLP (215)
Data protection—training materials [Name and details of speaker]
HIPAA TRIVIA Do you know HIPAA?. HIPAA was created by?  The Affordable Care Act  Health Insurance companies  United States Congress  United States.
The Privacy Symposium: Transferring Risk of a Privacy Event Paul Paray & Scott Ernst August 20, 2008.
Understanding Privacy An Overview of our Responsibilities.
FERPA Family Educational Rights and Privacy Act
An Information Security Management System
Privacy and the Law.
E&O Risk Management: Meeting the Challenge of Change
Regulatory Compliance
Student Confidentiality: The FERPA/HIPAA Facts
Obligations of Educational Agencies: Parents’ Bill of Rights
Chapter 3: IRS and FTC Data Security Rules
Cyber Issues Facing Medical Practice Managers
Move this to online module slides 11-56
Employee Privacy and Privacy of Employee Information
The Surveillance State
Managing Privacy Risk in Your Commercial Practices
Student Confidentiality: The FERPA/HIPAA Facts
Presentation transcript:

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator EDUCAUSE

IT Policy Framework Law Constitution, federal & state laws, liability Values academic freedom community expectations privacy vs. access Ethics responsible use stewardship Morality absolutes

Agenda Topics U.S. Constitution Federal Law and Regulation State Law and Regulation Contractual Obligations Emerging Case Law Emerging Policy Issues

Dimensions of Privacy Personal Privacy – the right or interest for individuals to keep their personal information, communications, and facts concerning them out of the hands of unauthorized parties. Privacy Protection – the responsibility or stewardship role of a 3 rd party that holds personal data concerning an individual that has been entrusted to them.

Data and the Constitution 14 th Amendment: No state shall... deprive any person of life, liberty, or property, without due process of law. 4 th Amendment: People have the right... to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures... no warrants shall issue [without] probable cause...

Federal Law Electronic Communications Privacy Act (ECPA) Family Educational Rights and Privacy Act (FERPA) Federal Information Security Management Act (FISMA) Foreign Intelligence Surveillance Act (FISA) Gramm-Leach-Bliley Act (GLBA) Health Information Portability and Accountability Act (HIPAA)

FTC Regulatory Enforcement ChoicePoint – settlement for $10 million in civil penalties and $5 million to be used to reimburse consumers for expenses due to identity theft caused by the security breach. BJ’s Wholesale Club – ordered to “establish and implement, and thereafter maintain, a comprehensive information security program that is reasonably designed to protect the security, confidentiality, and integrity of personal information collected from or about consumers.” Guidance Software, Inc. - settled for its failure to take reasonable security measures to protect sensitive customer data, contradicted security promises made on its Web site, and violated federal law. The data-security failure allowed hackers to access sensitive credit card information for thousands of consumers. The settlement will require the company to implement a comprehensive information-security program and obtain audits by an independent third-party security professional every other year for 10 years.

State Law Data Incident (Breach) Notification Laws  Define what constitutes a “breach”  Establish procedures for “notifications”  Qualified by exceptions and protections Privacy Policies for Websites  Applies to collection of “personal records”  Specifies “notice” requirements  Websites only

“Notice” and Other Principles 1.The purpose for which the personal information is collected; 2.Any specific consequences to the person for refusal to provide the personal information; 3.The person’s right to inspect, amend, or correct personal records, if any; 4.Whether the personal information is generally available for public inspection; 5.Whether the personal information is made available or transferred to or shared with any entity other than the official custodian.

Fair Information Practices Notification Minimization Secondary Use Nondisclosure and Consent Need to Know Data Accuracy, Inspection, and Review Information Security, Integrity, and Accountability Education

Contractual Obligations Contract law is a function of state law and “common law” Procurement of Hardware and Software Outsourced Services (data handling, , etc.) Government Contracts and Grants (e.g., NASA, NIH, NSF, ED, etc.) Payment Card Industry – Data Security Standard (PCI DSS)

Desktop Configuration

Case Law Based upon Tort/Negligence Law  Duty  Breach of Duty  Damages  Foreseeable Risks

Public Policy Identity Theft Social Security Number use Data Privacy and Security Proposals FISA Amendments Communications Assistance for Law Enforcement Act Data Retention

For More Information EDUCAUSE/Internet2 Security Task Force EDUCAUSE Washington Office Rodney Petersen Phone:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.