As the 2nd webinar in Data Privacy Month, this EDUCAUSE webinar focused on Privacy and Security Risks in Higher Ed on January 10, 2012. Learn more about Data Privacy at educause.edu/policy/dataprivacy

The archived recording, slides, and transcript of the webinar that launched data privacy month is available here: http://www.educause.edu/policy/dataprivacy

The webinar archive from today’s session is located at http://www.educause.edu/Resources/PrivacyandSecurityRisksinHighe/243679

Solove founded TeachPrivacy that provides education, training, and advice to help schools protect privacy, minimize data security breaches, and deal with online social media issues. Check out the quick video about TeachPrivacy and Education here.

Today’s presenter is one of the world’s leading experts on privacy laws and the Founder, TeachPrivacy, http://teachprivacy.com – Professor Daniel J. Solove – George Washington University Law School

Privacy goes way beyond FERPA. It also includes alumni data, donor data, employee data, cyberbullying, electronic devices, confidentiality, websites, computer use policy, data retention, surveillance, online gossip, data security.

Handling FERPA is just one part of a much larger set of issues when it comes to privacy.

Can a single policy address all the privacy concerns? Solove says it should be looked at holistically to have everyone on the same page; it’s the most effective way (having a unified holistic program throughout the entire institution); the challenge is how institutions of higher ed are structured.

Federal Privacy laws relevant to schools:

• FERPA
• computer fraud and abuse act
• communications decency act
• gramm-leach-bliley act
• no child left behind act
• title IX
• clery act
• electronic communications privacy act
• HIPAA privacy rule

The above are just the federal laws – but there are also a variety of state laws that are applicable, depending on where the institution resides.

Privacy problems in higher ed

• fragmented protections
• undetected problems
• lack of coordination
• lack of oversight
• lack of training
• lack of student education and awareness

http://www.symantec.com/content/en/us/about/media/pdfs/symantec_ponemon_data_breach_costs_report.pdf
The above link takes you to a report entitled “2010 Annual Study: U.S. Cost of a Data Breach – Compliance pressures, cyber attacks targeting sensitive data drive leading IT organizations to respond quickly and pay more.” It is a benchmark study of 51 U.S. companies about the financial impact, customer turnover and preventive solutions related to breaches of sensitive information with a March 2011 publication date; Copyright Symantec

From the above report: “The average organizational cost of a data breach this year increased to $7.2 million, up 7 percent from $6.8 million in 2009.”

privacy = nontechnical aspects of security (how are people trained; what are the policies for different things)
security = technology
Solove views data security as a subset of privacy
data security = protecting information from being lost, stolen, or improperly accessed
privacy = how data is managed or used or stored

Why does privacy matter?

• legal compliance
• reputation
• financial costs of incidents
• student well-being
• employee well-being
• donor and alumni well-being
• time and resources
• soured relationships

You can have the best technology for security, but the human element can quickly cause a breach – carelessness (for example)

Training and Education needs:

• Privacy and Data Security Awareness
• FERPA
• Online Social Media
• Privacy in the Digital Age

He mentioned a book, and said it was a very interesting and informative read, entitled “Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker” written by Kevin Mitnick – here’s a link to an excerpt
http://www.wired.com/threatlevel/2011/08/kevin-mitnick-excerpt/

He believes that people who have access to or who could take copies of lots of data should be required to undergo specific training.

Student Privacy in Peril: Massive Data Gathering With Inadequate Privacy and Security
Posted: 12/19/11
http://huffingtonpost.com/daniel-j-solove/student-privacy-in-peril-_b_1156907.html
Solove comments on a breach of privacy in the Department of Education servers that allowed the social security numbers, bank routing numbers, and borrowing history of thousands of college students to be exposed and open to anyone on the Internet for a period of time. In this article from the Huffington Post, Solove comments that:

…the Department of Education’s mishandling of personal student financial data in this latest data breach proves that we should be wary of how the Department will utilize this type of data in the future. Maybe it is time to reevaluate the ED’s rush to have enormous quantities of student data collected and disseminated. There are certainly problems with our educational system, and there is nothing inherently wrong with wanting to gather more data about this system. But it is irresponsible to do so when the ED and the other entities that collect and maintain the data are ill-equipped to safeguard privacy and provide appropriate data security. The entire FERPA legal structure is inadequate. Before racing to gather so much personal data, ED should ensure that the appropriate privacy and data security reforms are in place to protect that data. Otherwise, in its zeal to solve some problems with the educational system, the ED might be opening up an enormous and greater problem, putting all students at serious risk.

An audience member in the session commented about “You are what you tweet” reputation management sessions by Amber MacArthur
Article: http://www.fastcompany.com/1805231/u-r-what-u-tweet-5-steps-to-a-better-personal-brand

In honor of Data Privacy Month, you can download Matt Ivester’s book (lol…OMG!) for FREE! Just visit this link between 12:01 am on Jan. 27th and 11:59 pm on Jan. 30th. http://bit.ly/AFe8pr
Matt Ivester is the speaker for the January 30 session.

Image attribution: Image copied by C Russell 20120111 // Photo of Cartoon: Big Data // Photo provided by Space & Light http://www.flickr.com/photos/t_gregorius/5839399412/  // Some rights reserved by Space & Light http://creativecommons.org/licenses/by-nc-nd/2.0/deed.en