Data Protection and Privacy

Data protection starts with each member of your institution/organization, from students to presidents and from academic service partners to institutional support providers. Institutions collect data on students, faculty, staff, alumni, and donors to help create strategies to best serve the institution’s community. Innovative technology is emerging rapidly.  Institutions must ensure that their best practices and infrastructure keeps up with these technological advancements to prevent data insecurity. 

The combination of technological advancements and a wealth of sensitive data makes higher education an easy target for criminals to steal information or cause a severe breakdown in services at an institution. Institutions have experienced breaches much like the well-known breaches at Equifax, Target, Anthem, and Yahoo.

This is not just an IT problem! All members of an academic community must be trained with data protection best practices to preserve the security of the institution.

A breach could occur from an unintentional action by a non-technical staff member or a student causing exposure of personal or institutional data to criminals. The institution can be at risk by:

  • using weak passwords,
  • connecting to dangerous networks, or
  • opening suspicious emails.

Failure of an institution to create safeguards and follow data security requirements, as required by the  Gramm-Leach-Bliley Act (GLBA, 2002) 16 CFR 314.4 (b), could result in fines and affect participation in Title IV HEA programs, to say nothing of the massive fees that could incur from institutions trying to retrieve stolen data.

Examples of institution cyber-attacks include:

The resources here will help all members of your institutions/organization to understand their role in the development of data protection and privacy.

Woman works at a computer in an office.