Thursday, January 24, 2019

Data Privacy in an Era of Compliance

January 28 is Data Privacy Day. Data privacy for individuals means reviewing privacy settings on social media, being mindful of entering data into websites, and taking ownership of one's online identity. Data privacy for higher education institutions extends these principles to caring for other people's data, from collection, processing, sharing, and storing to destruction. 
The internet is full of data about you. Whenever you play a game, shop, browse websites, or use any of numerous apps, your activity and some of your personal information may be collected and shared.
Similarly, the business of higher education requires us to collect, process, and store the digital information of others. Whenever we handle such information, we need to think about how we want our own information treated and treat other people's data with the same care and respect.
Protect yourself by following these tips:
  • Know what you are sharing. Check the privacy settings on all of your social media accounts; some even include a wizard to walk you through the settings. Always be cautious about what you post publicly.
  • Guard your date of birth and telephone number. These are key pieces of information used for identity and account verification, and you should not share them publicly. If an online service or site asks you to share this critical information, consider whether it is important enough to warrant it.
  • Keep your work and personal presences separate. Your employer has the right to access your email account, so you should use an outside service for private emails. This also helps you ensure uninterrupted access to your private email and other services if you switch employers.
Protect the information, identity, and privacy of others by following these tips:
  • Know what policies are in place at your institution. A privacy policy governs how the institution collects, processes, stores, and deletes the personal data of constituents; a data classification policy governs how the institution organizes the data it interacts with and what rules are in place for processing it; and an information security policy articulates how the institution governs and prioritizes information security activities. For reference please review the Manhattan College Data Security Policy
  • Keep constituents' personal information confidential and limit access to the data.
  • Only use data for its intended purpose. If you need to use data for another reason, always check relevant resources and policies first for guidance.
  • Destroy or de-identify private information when you no longer need it.


Partially reposted from: Educause Blog January 2019: Data Privacy in an Era of Compliance