Presentation is loading. Please wait.

Presentation is loading. Please wait.

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator."— Presentation transcript:

1 Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator EDUCAUSE

2 IT Policy Framework Law Constitution, federal & state laws, liability Values academic freedom community expectations privacy vs. access Ethics responsible use stewardship Morality absolutes

3 Agenda Topics U.S. Constitution Federal Law and Regulation State Law and Regulation Contractual Obligations Emerging Case Law Emerging Policy Issues

4 Dimensions of Privacy Personal Privacy – the right or interest for individuals to keep their personal information, communications, and facts concerning them out of the hands of unauthorized parties. Privacy Protection – the responsibility or stewardship role of a 3 rd party that holds personal data concerning an individual that has been entrusted to them.

5 Data and the Constitution 14 th Amendment: No state shall... deprive any person of life, liberty, or property, without due process of law. 4 th Amendment: People have the right... to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures... no warrants shall issue [without] probable cause...

6 Federal Law Electronic Communications Privacy Act (ECPA) Family Educational Rights and Privacy Act (FERPA) Federal Information Security Management Act (FISMA) Foreign Intelligence Surveillance Act (FISA) Gramm-Leach-Bliley Act (GLBA) Health Information Portability and Accountability Act (HIPAA)

7 FTC Regulatory Enforcement ChoicePoint – settlement for $10 million in civil penalties and $5 million to be used to reimburse consumers for expenses due to identity theft caused by the security breach. BJ’s Wholesale Club – ordered to “establish and implement, and thereafter maintain, a comprehensive information security program that is reasonably designed to protect the security, confidentiality, and integrity of personal information collected from or about consumers.” Guidance Software, Inc. - settled for its failure to take reasonable security measures to protect sensitive customer data, contradicted security promises made on its Web site, and violated federal law. The data-security failure allowed hackers to access sensitive credit card information for thousands of consumers. The settlement will require the company to implement a comprehensive information-security program and obtain audits by an independent third-party security professional every other year for 10 years.

8 State Law Data Incident (Breach) Notification Laws  Define what constitutes a “breach”  Establish procedures for “notifications”  Qualified by exceptions and protections Privacy Policies for Websites  Applies to collection of “personal records”  Specifies “notice” requirements  Websites only

9 “Notice” and Other Principles 1.The purpose for which the personal information is collected; 2.Any specific consequences to the person for refusal to provide the personal information; 3.The person’s right to inspect, amend, or correct personal records, if any; 4.Whether the personal information is generally available for public inspection; 5.Whether the personal information is made available or transferred to or shared with any entity other than the official custodian.

10 Fair Information Practices Notification Minimization Secondary Use Nondisclosure and Consent Need to Know Data Accuracy, Inspection, and Review Information Security, Integrity, and Accountability Education

11 Contractual Obligations Contract law is a function of state law and “common law” Procurement of Hardware and Software Outsourced Services (data handling, email, etc.) Government Contracts and Grants (e.g., NASA, NIH, NSF, ED, etc.) Payment Card Industry – Data Security Standard (PCI DSS)

12 Desktop Configuration

13

14 Case Law Based upon Tort/Negligence Law  Duty  Breach of Duty  Damages  Foreseeable Risks

15 Public Policy Identity Theft Social Security Number use Data Privacy and Security Proposals FISA Amendments Communications Assistance for Law Enforcement Act Data Retention

16 For More Information EDUCAUSE/Internet2 Security Task Force http://www.educause.edu/security http://www.educause.edu/security EDUCAUSE Washington Office http://www.educause.edu/policy http://www.educause.edu/policy Rodney Petersen Email: rpetersen@educause.edu Phone: 202.331.5368rpetersen@educause.edu

Download ppt "Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator."

Similar presentations

PRIVACY ACT OF 1974 OVERVIEW. FAIR INFORMATION PRACTICES The Privacy Act is primarily concerned with fair information practices. The Privacy Act is primarily.

PRIVACY ACT OF 1974 OVERVIEW. FAIR INFORMATION PRACTICES The Privacy Act is primarily concerned with fair information practices. The Privacy Act is primarily.
IT Security Policy Framework

IT Security Policy Framework
Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.

Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.
University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.

University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.
Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.

Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.
Overview of the Privacy Act

Overview of the Privacy Act
US Constitution and Right to Privacy Generally only protects against government action Doesn’t obligate government to do something, but rather to refrain.

US Constitution and Right to Privacy Generally only protects against government action Doesn’t obligate government to do something, but rather to refrain.
©2008 Perkins Coie LLP Game Industry Roundtable Privacy Developments for the Game Industry Thomas C. Bell September 24, 2008.

©2008 Perkins Coie LLP Game Industry Roundtable Privacy Developments for the Game Industry Thomas C. Bell September 24, 2008.
Confidentiality and HIPAA

Confidentiality and HIPAA
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
Privacy Laws & Higher Education. Agenda 1.Five Privacy Laws a.FERPA b.HIPAA c.GLB d.FACTA Disposal Rule e.CAN-SPAM 2.Overview of the Laws a.What does.

Privacy Laws & Higher Education. Agenda 1.Five Privacy Laws a.FERPA b.HIPAA c.GLB d.FACTA Disposal Rule e.CAN-SPAM 2.Overview of the Laws a.What does.
© 2014 ACA International. All Rights Reserved. Obtaining Optimum Compliance Performance Foundational Training on ACA’s Professional Practices Management.

© 2014 ACA International. All Rights Reserved. Obtaining Optimum Compliance Performance Foundational Training on ACA’s Professional Practices Management.
© 2014 Nelson Brown Hamilton & Krekstein LLC. All Rights Reserved PRIVACY & DATA SECURITY: A LEGAL FRAMEWORK MOLLY LANG, PARTNER, NELSON BROWN & CO.

© 2014 Nelson Brown Hamilton & Krekstein LLC. All Rights Reserved PRIVACY & DATA SECURITY: A LEGAL FRAMEWORK MOLLY LANG, PARTNER, NELSON BROWN & CO.
Ethical Issues in Data Security Breach Cases www.ScottandScottllp.com Presented by Robert J. Scott Scott & Scott, LLP 800-596-6176.

Ethical Issues in Data Security Breach Cases Presented by Robert J. Scott Scott & Scott, LLP
Security, Privacy, and the Protection of Personally Identifiable Information Rodney J. Petersen Policy Analyst, EDUCAUSE EDUCAUSE/Internet2 Security.

Security, Privacy, and the Protection of Personally Identifiable Information Rodney J. Petersen Policy Analyst, EDUCAUSE EDUCAUSE/Internet2 Security.
Policing the Internet: Higher Education Law and Policy Rodney Petersen, Policy Analyst Wendy Wigen, Policy Analyst EDUCAUSE.

Policing the Internet: Higher Education Law and Policy Rodney Petersen, Policy Analyst Wendy Wigen, Policy Analyst EDUCAUSE.
Information & Communication Technologies 08 2014 NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.

Information & Communication Technologies NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
IT Security Challenges In Higher Education Steve Schuster Cornell University.

IT Security Challenges In Higher Education Steve Schuster Cornell University.
FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.

FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.

Similar presentations

Ads by Google