College and University Privacy Leadership by ProQuest


More Info
									forum                                                                                  Commentary

                                                 College and University privacy leadership
                                                                                                By Rodney J. Showalter

Beginning in the late 1990s, international corporations         responses to FERPA, the registrar provides a unity of lead-
began hiring chief Privacy officers (CPOs). By 00, large      ership, knowledge, and credibility in coordinating the
universities responded to this trend by creating this dis-      institution’s compliance and training and its response to
tinct position or modifying an existing job description to      various threats. Where a registrar demonstrates an ex-
include CPO responsibilities. While not every registrar as-     pected level of expertise with regard to FERPA and the pri-
sumes the role of CPO, increasing practical and legislative     vacy of education records, a CPO’s responsibility extends
requirements make it necessary for colleges to respond in       to the variety of records, threats, information-sharing
a coordinated fashion to identity management, informa-          practices, and federal and state regulations applicable to
tion vulnerabilities, and data breaches. it seems inevitable    the entire institution.
that registrars will interact with someone assuming the            This is a tremendous responsibility given the stagger-
role of CPO.                                                    ing amount of data that colleges and universities maintain.
   although it is an important first step, appointment          registrars certainly are familiar with sensitive information
of a chief Privacy officer does not guarantee that con-         lurking in the academic record. But consider the extensive
stituents’ private data will never be exposed. Who could        data maintained by other offices:
anticipate, for example, that because a professor selected       W financial information about students and their par-
the wrong file, student grades would be uploaded to the            ents, including financial aid applications, income tax
public Web site; or that a financial aid administrator’s lap-      returns, employment history, salary, work schedules,
top would be stolen? instead, CPOs respond to vulnera-             loans, bursar accounts, records of purchases charged to
bilities to constituent privacy by translating best practices      campus accounts, and insurance claims;
and constantly changing external regulations in a uniform        W Health information collected by campus health centers,
manner that fits the institution’s need and circumstance.          athletic programs, and campus-provided insurance ser-
   registrars have been filling this function for years            vices regarding students, employees, and their families;
(making us potential candidates for this role, at least in       W Broad financial and other personal information relating
small colleges, and with the support of general coun-              to employees’ payroll, insurance, benefits, retirement,
sel). instead of campus offices attempting individualized          research accounts, travel reimbursements, and vehicles;

                                                 College & University | 51
W student, faculty, and staff e-mail (sent
   or received), centrally stored and/or ac-                                      questions for
   cessed documents, backup files, internet-
                                                                     institutional privacy leaders
   browsing records, telecommunications               W who are the chief privacy officer and chief security officer? how do their

   and internet use patterns, voicemail, and            roles differ and compl
To top