Data privacy is everyone’s responsibility, say education leaders
In higher education, the responsibility of protecting data is institution-wide, technology experts said at Educause’s annual conference in Chicago last week.
With data breach scandals popping up in the news more than ever before, many people have become wary of data collection and questioning whether institutions are doing enough to maintain data privacy. In 2018 alone, there were nearly 41 million records breached at educational institutions, according to Privacy Rights Clearinghouse, a nonprofit for privacy issues.
“What we’re seeing is an explosive distrust of technology,” Mark Roman, chief information officer at Simon Fraser University, told the audience. And many higher education institutions are struggling with how to address this challenge, he said.
To improve the data privacy at a college or university, Cathy Hubbs, chief information officer at American University, said that privacy needs to become an institution-wide priority. The responsibility of keeping institutional and student data private doesn’t solely fall on the shoulders of the IT department, but belongs to the entire institution and its community of people, she said.
However, she said, most colleges and universities don’t have chief data or privacy officers who can create an institution-wide action plan on how to protect valuable data.
But in the near future, Celeste Schwartz, chief digital officer at Montgomery Community College, said she believes that will change.
“I believe that there will be privacy officers at most of our institutions in the next five years. Privacy regulations will force that to happen,” she said.
Privacy is something that is constantly evolving, Schwartz said, and with it, privacy regulations are emerging as well.
But Ann Nagel, university privacy officer at the University of Washington, said she thinks institutions need to do more than what the law mandates.
Because there is so much data being collected that falls beyond the legal parameters of privacy laws and regulations, institutions need to think beyond what is required of them and look at the humanitarian and ethical responsibility of privacy as well, Nagel said.
“I think we need to be including privacy in the design [of computer systems],” she said.
Schwartz offered that the best place to start is to educate an institution’s administration and staff on privacy.
“Privacy at out colleges and universities is really all of our responsibilities,” she said.