College and University Privacy Leadership by ProQuest

VIEWS: 13 PAGES: 5

More Info
									forum                                                                                  Commentary




                                                 College and University privacy leadership
                                                                                                By Rodney J. Showalter


Beginning in the late 1990s, international corporations         responses to FERPA, the registrar provides a unity of lead-
began hiring chief Privacy officers (CPOs). By 00, large      ership, knowledge, and credibility in coordinating the
universities responded to this trend by creating this dis-      institution’s compliance and training and its response to
tinct position or modifying an existing job description to      various threats. Where a registrar demonstrates an ex-
include CPO responsibilities. While not every registrar as-     pected level of expertise with regard to FERPA and the pri-
sumes the role of CPO, increasing practical and legislative     vacy of education records, a CPO’s responsibility extends
requirements make it necessary for colleges to respond in       to the variety of records, threats, information-sharing
a coordinated fashion to identity management, informa-          practices, and federal and state regulations applicable to
tion vulnerabilities, and data breaches. it seems inevitable    the entire institution.
that registrars will interact with someone assuming the            This is a tremendous responsibility given the stagger-
role of CPO.                                                    ing amount of data that colleges and universities maintain.
   although it is an important first step, appointment          registrars certainly are familiar with sensitive information
of a chief Privacy officer does not guarantee that con-         lurking in the academic record. But consider the extensive
stituents’ private data will never be exposed. Who could        data maintained by other offices:
anticipate, for example, that because a professor selected       W financial information about students and their par-
the wrong file, student grades would be uploaded to the            ents, including financial aid applications, income tax
public Web site; or that a financial aid administrator’s lap-      returns, employment history, salary, work schedules,
top would be stolen? instead, CPOs respond to vulnera-             loans, bursar accounts, records of purchases charged to
bilities to constituent privacy by translating best practices      campus accounts, and insurance claims;
and constantly changing external regulations in a uniform        W Health information collected by campus health centers,
manner that fits the institution’s need and circumstance.          athletic programs, and campus-provided insurance ser-
   registrars have been filling this function for years            vices regarding students, employees, and their families;
(making us potential candidates for this role, at least in       W Broad financial and other personal information relating
small colleges, and with the support of general coun-              to employees’ payroll, insurance, benefits, retirement,
sel). instead of campus offices attempting individualized          research accounts, travel reimbursements, and vehicles;




                                                 College & University | 51
W student, faculty, and staff e-mail (sent
   or received), centrally stored and/or ac-                                      questions for
   cessed documents, backup files, internet-
                                                                     institutional privacy leaders
   browsing records, telecommunications               W who are the chief privacy officer and chief security officer? how do their

   and internet use patterns, voicemail, and            roles differ and compl
								
To top