According to the 2007 Educational Security Incidents Year in Review, at least 1.2 million records were exposed as the result of employee fraud, impersonation, loss, penetration, theft, and other disclosures. AACRAO also is doing its part to alert constituents to the continuing need for the development of privacy standards and practices. Since November 2007, SecureU has disseminated the most pertinent cyber and campus security issues each month in an online publication.
forum Commentary College and University privacy leadership By Rodney J. Showalter Beginning in the late 1990s, international corporations responses to FERPA, the registrar provides a unity of lead- began hiring chief Privacy officers (CPOs). By 00, large ership, knowledge, and credibility in coordinating the universities responded to this trend by creating this dis- institution’s compliance and training and its response to tinct position or modifying an existing job description to various threats. Where a registrar demonstrates an ex- include CPO responsibilities. While not every registrar as- pected level of expertise with regard to FERPA and the pri- sumes the role of CPO, increasing practical and legislative vacy of education records, a CPO’s responsibility extends requirements make it necessary for colleges to respond in to the variety of records, threats, information-sharing a coordinated fashion to identity management, informa- practices, and federal and state regulations applicable to tion vulnerabilities, and data breaches. it seems inevitable the entire institution. that registrars will interact with someone assuming the This is a tremendous responsibility given the stagger- role of CPO. ing amount of data that colleges and universities maintain. although it is an important first step, appointment registrars certainly are familiar with sensitive information of a chief Privacy officer does not guarantee that con- lurking in the academic record. But consider the extensive stituents’ private data will never be exposed. Who could data maintained by other offices: anticipate, for example, that because a professor selected W financial information about students and their par- the wrong file, student grades would be uploaded to the ents, including financial aid applications, income tax public Web site; or that a financial aid administrator’s lap- returns, employment history, salary, work schedules, top would be stolen? instead, CPOs respond to vulnera- loans, bursar accounts, records of purchases charged to bilities to constituent privacy by translating best practices campus accounts, and insurance claims; and constantly changing external regulations in a uniform W Health information collected by campus health centers, manner that fits the institution’s need and circumstance. athletic programs, and campus-provided insurance ser- registrars have been filling this function for years vices regarding students, employees, and their families; (making us potential candidates for this role, at least in W Broad financial and other personal information relating small colleges, and with the support of general coun- to employees’ payroll, insurance, benefits, retirement, sel). instead of campus offices attempting individualized research accounts, travel reimbursements, and vehicles; College & University | 51 W student, faculty, and staff e-mail (sent or received), centrally stored and/or ac- questions for cessed documents, backup files, internet- institutional privacy leaders browsing records, telecommunications W who are the chief privacy officer and chief security officer? how do their and internet use patterns, voicemail, and roles differ and compl
Pages to are hidden for
"College and University Privacy Leadership"Please download to view full document