Privacy and Security Risks in Higher Education

Slides:

Advertisements

Similar presentations

University of Minnesota

Advertisements

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.

Safeguarding Data to Ensure Effective Data Use Paige Kowalski |Director| State Policy & Advocacy July 2014.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna

NAU HIPAA Awareness Training

HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.

HIPAA Regulations What do you need to know?.

Protecting Personal Information Guidance for Business.

FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (FACTA)- RED FLAG RULES University of Washington Red Flag Rules Protecting Against Identity Fraud.

The Department of Defense Intelligence Oversight Program

Security Controls – What Works

1 CPSC156: The Internet Co-Evolution of Technology and Society Lectures 16 and 17: March 27 and 29, 2007 Solove’s taxonomy of privacy.

INFORMATION SECURITY UPDATE Al Arboleda Chief Information Security Officer.

Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.

© 2003, EDUCAUSE Information Privacy: Public Policy and Institutional Policies Rodney J. Petersen Policy Analyst, EDUCAUSE EDUCAUSE/Internet2 Security.

Electronic Banking BY Bahaa Abas Noor abo han. Definition * e-banking is defined as: …the automated delivery of new and traditional banking products and.

Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.

Columbia University Medical Center Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy & Information Security Training 2009.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

(Edited) WORKPLACE PRIVACY.

Outsourcing Louis P. Piergeti VP, IIROC March 29, 2011.

HIPAA PRIVACY AND SECURITY AWARENESS.

Credit unions use social media in a variety of ways, including marketing, providing incentives, facilitating applications for new accounts, inviting feedback.

“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.

1 General Awareness Training Security Awareness Module 1 Overview and Requirements.

Privacy and Security of Protected Health Information NorthPoint Health & Wellness Center 2011.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.

LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.

Open Government, Social Media, and Information Policy: Constraints and Barriers John Carlo Bertot Professor and Director Center for Library & Information.

© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.

SPH Information Security Update September 10, 2010.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Patient Confidentiality and Electronic Medical Records Ann J. Olsen, MBA, MA Information Security Officer and Director, Information Management Planning.

The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,

Working with HIT Systems

Data Governance 101. Agenda  Purpose  Presentation (Elijah J. Bell) Data Governance Data Policy Security Privacy Contracts  FERPA—The Law  Q & A.

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES 1 The Technical Services Stuff in IT Services A brief tour of the technical and service offering plethora.

Welcome….!!! CORPORATE COMPLIANCE PROGRAM Presented by The Office of Corporate Integrity 1.

1 PARCC Data Privacy & Security Policy December 2013.

Staying ahead of the storm: know your role in information security before a crisis hits Jason Testart, IST Karen Jack, Secretariat.

Lessons Learned from Recent HIPAA Breaches HHS Office for Civil Rights.

1Copyright Jordan Lawrence. All rights reserved. U. S. Privacy and Security Laws DELVACCA INAUGURAL INHOUSE COUNSEL CONFERENCE April 1, 2009 Marty.

Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.

Chapter 8 Auditing in an E-commerce Environment

Privacy Practices.

Dino Tsibouris & Mehmet Munur Privacy and Information Security Laws and Updates.

Working with HIT Systems Unit 7a Protecting Privacy, Security, and Confidentiality in HIT Systems This material was developed by Johns Hopkins University,

Privacy Evaluation Framework Overview TCAB Privacy Subcommittee Meeting February 21, 2014.

Company Proprietary and Confidential Texas Association of Community Health Centers - Proprietary and Confidential Fourth and Goal: Score with Meaningful.

The Medical College of Georgia HIPAA Privacy Rule Orientation.

New Hire HIPAA Orientation. HIPAA Overview HIPAA is an acronym that stands for the Health Insurance Portability and Accountability Act of HIPAA.

COMMUNITY-WIDE HEALTH INFORMATION EXCHANGE: HIPAA PRIVACY AND SECURITY ISSUES Ninth National HIPAA Summit September 14, 2004 Prepared by: Robert Belfort,

Contingency Management Indiana University of Pennsylvania John P. Draganosky.

Information Security and Privacy in HRIS

An Update on FERPA and Student Privacy

Using Social Media in the University Setting

Understanding HIPAA Dr. Jennifer Lu.

Chapter 3: IRS and FTC Data Security Rules

Protecting Personal Information Guidance for Business.

Red Flags Rule An Introduction County College of Morris

CompTIA Security+ Study Guide (SY0-401)

Student Privacy in the age of big data

HIPAA Privacy and Security Update - 5 Years After Implementation

Presentation transcript:

Privacy and Security Risks in Higher Education Professor Daniel J. Solove John Marshall Harlan Research Professor of Law George Washington University Law School & Founder, TeachPrivacy, http://teachprivacy.com Tracy Mitrano IT Policy Director Cornell University

Privacy Beyond FERPA

FEDERAL PRIVACY LAWS RELEVANT TO SCHOOLS Gramm-Leach-Bliley Act Clery Act FERPA No Child Left Behind Act Electronic Communications Privacy Act Computer Fraud and Abuse Act Communications Decency Act HIPAA Privacy Rule Title IX

Privacy Problems in Higher Education Fragmented Protections Undetected Problems Lack of Coordination Lack of Oversight Lack of Training Lack of Student Education and Awareness

WHAT IS PRIVACY? DATA HOLDERS INFORMATION PROCESSING Aggregation Identification Insecurity Secondary Use Exclusion INFORMATION COLLECTION Surveillance Interrogation DATA HOLDERS INFORMATION DISSEMINATION Breach of Confidentiality Disclosure Exposure Increased Accessibility Blackmail Appropriation Distortion DATA SUBJECT INVASIONS Intrusion Decisional Interference

WHY DOES PRIVACY MATTER?  Legal Compliance  Reputation  Financial Cost of Incidents  Student Well-Being  Employee Well-Being  Donor and Alumni Well-Being  Time and Resources  Soured Relationships

PRIVACY ISSUES IN HIGHER EDUCATION Privacy Program policies, privacy point person, oversight, training, privacy risk assessments  Searches and Surveillance computer network monitoring, surveillance cameras  Student Data FERPA, confidentiality of student records, sharing of data about students in distress  Employee Data notice, access, rights regarding data, confidentiality  Others’ Data data regarding alumni, donors, customers, vendors, and others  Data Security safeguards on data, incident response plan  Information Management confidentiality agreements, outsourcing  Websites privacy policies, online data collection  Speech social media use, cyberbullying, harassment, gossip websites

Privacy and Data Security how data is managed, used, and disclosed Data Security protecting information from being lost, stolen, or improperly accessed

Privacy and Data Security Improper disclosure of data Curiosity Lack of awareness of privacy risks or importance of privacy Lack of administrative controls about data Misunderstanding about rules regarding when and with whom data may be shared Data Security Inadequate technical controls Failure to keep anti-virus protection updated Failure to provide encryption

The Human Element Carelessness Lack of awareness Blunders Lack of oversight Inadequate policies Misunderstanding of policies Lack of awareness of policies Failure to understand the technology or the risks

Privacy and Data Security: Data Security and Technology Passwords Privacy and the Human Element Reuse of passwords from other accounts Writing passwords on Post It notes near one’s computer Keeping passwords in one’s wallet Storing passwords in one’s browser Copying data to unauthorized portable devices or unprotected servers Failing to password-protect one’s smart phone Data Security and Technology Technical controls requiring all users to select passwords of the appropriate length and complexity

Training and Education Privacy and Data Security Awareness  most privacy and data security incidents are caused by careless or ill-informed conduct that is readily preventable  need basic awareness about importance of privacy, how to recognize risks and how to prevent them Online Social Media  students need guidance about how to use online social media responsibly  faculty, administrators, and staff need guidance about how to use social media responsibly and how to handle issues arising on campus involving the clash between harmful speech and free expression FERPA  all employees who handle student data need basic awareness of FERPA Privacy in the Digital Age  all members of an institution’s community should have a basic understanding about privacy – which is of central importance to one’s reputation, financial well-being, and ability to function in contemporary society

Privacy and Security Risks in Higher Education Professor Daniel J. Solove John Marshall Harlan Research Professor of Law George Washington University Law School & Founder, TeachPrivacy, http://teachprivacy.com Tracy Mitrano IT Policy Director Cornell University