You have probably noticed that this publication comes from the Office of Audit, Compliance and Privacy (OACP) at Auburn University. Most months we lean toward the audit and compliance related components in this column. However, privacy is a very important issue for all institutions to consider and a concept that is ever evolving due to massive changes in technology over the past few years. Therefore, I have asked Kristin Roberts, a compliance manager who frequently deals with privacy concerns for OACP, to weigh in on this topic.*********************************************************************************
Data Privacy Day is observed annually on January 28. The National Cyber Security Alliance aims to raise privacy awareness and education to inform consumers that they have ownership of their online presence, and to help organizations understand how privacy is good for business.
Last year the GDPR, the European Privacy Law, changed the privacy landscape around the world. The law gives individuals in the EU control over their personal data and requires companies processing European personal data to comply with the law. Google, Facebook, Marriott, and British Airways among others, have all been assessed fines in the millions of dollars for violations of GDPR. The fines imposed demonstrate that the EU will enforce this protection of fundamental rights.
Similarly, the California Consumer Privacy Act went into effect this month requiring companies to be transparent about the data they collect from users and how they use it. Companies must also provide users with the option to prevent their personal information from being sold. California is leading the way for other states in the U.S. to create or enforce privacy legislation and opens the door for a potential federal, U.S.-wide, data privacy law. This trend is shifting the world's view of privacy toward a more consumer-protection, individual-privacy-rights mindset.
With technology all around us in our everyday lives, we tend to become desensitized to privacy notices and freely share our personal information or click ‘ok' without really understanding the implications. In this increasingly data-driven world it is even more imperative that we be diligent about protecting our privacy. As institutions of higher education, we have a responsibility to protect our customers' information and their privacy rights, in addition to complying with current and future laws.
Here are some key privacy practices to help you prioritize protecting your customers' data and prepare for advancing privacy laws:
Similarly, you should also update your own privacy settings. Check the privacy settings on your personal devices and online services. Limit what you share publicly or with the provider and consider deleting or requesting deletion of certain personal information. Enable two-factor authentication whenever available. See https://twofactorauth.org/ for a list of websites and apps that support 2FA.
Importantly, the U.S. Department of Commerce's National Institute of Standards and Technology (NIST) just released Version 1.0 of the Privacy Framework, a tool to help organizations better identify, manage, and communicate privacy risks in order to protect individuals' privacy while still providing innovative products and services. Read the Privacy Framework V1.0 for guidance and best practices to implement at your institution to proactively reduce risk related to the collection, storage, and transmission of confidential and sensitive data.
Thank you, Kristin. We must remain vigilant with respect to protecting our data along with the many other issues in higher education. We again invite you to review the events from the prior month with a view toward how you can proactively manage risk.
|100K IU Student GPAs Accidentally Made Available To All Students, Staff||02/06/2020|
|Phishing scam targets STLCC; private information exposed||02/04/2020|
|Cal Poly’s website gave visitors a surprise: hardcore porn||01/29/2020|
|Denver’s Regis University paid ransom to "malicious actors" behind campus cyberattack||01/28/2020|
|Invasive or helpful? MU using students’ phones to track if they are in class or not||01/21/2020|
|College Athlete Recruiting Software Exposed Students' Medical Info, Grades||01/08/2020|
|Cyberattack postpones start of classes at Wallace State Community College||01/03/2020|
|Oops! Lehigh University sends congratulatory emails to applicants who weren’t accepted||01/01/2020|
|Walla Walla University online network hacked||12/12/2019|
|School of Medicine notifies patients about data breach from phishing incident||11/12/2019|
|Audit released on former UT employee found guilty of stealing more than $22,000 in 2019||02/18/2020|
|UGA police charge 3 in vision clinic scheme||02/17/2020|
|Former Tennessee State University employee guilty of using student info to apply for loans||02/13/2020|
|Miami-Dade man used student names in $560,000 fraud. He later worked at another college||02/12/2020|
|Texas Southern University president ousted for violations||02/05/2020|
|N.J. man who led $3M college tuition bribery scheme sentenced to federal prison||02/04/2020|
|Woman accused of using college bookstore job to steal personal financial information, sell stolen electronics||02/01/2020|
|Alleged bribery scandal under investigation at UCF||01/28/2020|
|Harvard's chemistry chair charged with lying about China contract||01/28/2020|
|Suspect caught after stealing $140 worth of textbooks from CMU Bookstore||01/24/2020|
|Former Coach Is Convicted of Lying About Knowledge of Abuse by Larry Nassar||02/14/2020|
|South Carolina Receives NCAA Notice of Allegations Over Federal Hoops Probe||02/13/2020|
|Justice Department says Utah State mishandled sexual assault reports -- often leaving ‘additional students vulnerable’||02/13/2020|
|Harvard, Yale Targets Of Education Department Probe Into Foreign Donations||02/13/2020|
|High-ranking U-M official has years of misconduct allegations -- and school knew||02/12/2020|
|Judge overturns Silent Sam settlement between UNC and Confederate group||02/12/2020|
|Hazardous chemicals at Rutgers U. lab caused my epilepsy, ex-employee says in suit||02/11/2020|
|Valdosta State dean among 14 charged with child sex trafficking, university responds||02/10/2020|
|JSU president resigns following arrest in prostitution sting in Clinton, Mississippi||02/10/2020|
|Lawsuit alleges Mark Dantonio, Michigan State may have committed NCAA recruiting violations||02/04/2020|
|Mumps Diagnosed In Several Students At The University Of New Hampshire||02/16/2020|
|UVA reacts to online video concerning Multicultural Student Center||02/13/2020|
|Ohio State football players arrested and charged with rape, kidnapping||02/12/2020|
|Delta Kappa Epsilon suspended pending investigation||02/11/2020|
|Father of Sarah Lawrence Student Accused of Sex-Trafficking Her Classmates||02/11/2020|
|Student Pleads Guilty to Starting Dorm Fire at NJ University||02/10/2020|
|UW officials investigating allegations of racial comment directed at former basketball player Kobe King||02/05/2020|
|Fraternity suspended after university investigation||02/04/2020|
|Texas A&M-Commerce shooting leaves two dead, one toddler injured||02/03/2020|
|Controversy over ECU trustees interference with SGA election widens||02/01/2020|
Last Updated: January 22, 2020