January 2019 Tip of the Month: Please review: Cyber/Data/Privacy Governance Action Plan; Cooley LLP, October 2018
Why is Data Protection and Privacy Important?
Data protection starts with each member of your institution/organization, from students to presidents and from academic service partners to institutional support providers. Institutions collect data on students, faculty, staff, alumni, and donors to help create strategies to best serve the institution’s community. Innovative technology is emerging rapidly. Institutions must ensure that their best practices and infrastructure keeps up with these technological advancements to prevent data insecurity.
The combination of technological advancements and a wealth of sensitive data makes higher education an easy target for criminals to steal information or cause a severe breakdown in services at an institution. Institutions have experienced breaches much like the well-known breaches at Equifax, Target, Anthem, and Yahoo.
This is not just an IT problem! All members of an academic community must be trained with data protection best practices to preserve the security of the institution.
A breach could occur from an unintentional action by a non-technical staff member or a student causing exposure of personal or institutional data to criminals. The institution can be at risk by:
- using weak passwords,
- connecting to dangerous networks, or
- opening suspicious emails.
Failure of an institution to create safeguards and follow data security requirements, as required by the Gramm-Leach-Bliley Act (GLBA, 2002) 16 CFR 314.4 (b), could result in fines and affect participation in Title IV HEA programs, to say nothing of the massive fees that could incur from institutions trying to retrieve stolen data.
Examples of institution cyber-attacks (attacks to computer networks) include:
- Cyberattack Causes Outage for Library Consortium,
- Hackers steal identity info of 72,000 at U of Delaware,
- University of Maryland computer security breach exposes 300,000 records,
- North Dakota University System says server hacked.
- Cyber theft 2018: A computer hack of more than 140 institutions, 3,700 professors, and $3 billion in data. ...“one of the largest state-sponsored hacking campaigns ever prosecuted by the Department of Justice,” said Geoffrey S. Berman, U.S. attorney for the Southern District of New York.
The resources here will help all members of your institutions/organizations to understand their role in the development of data protection and privacy.
WCET Resources
Frontiers Blog
Webcast Archives
Events
External Resources
Additional Resources
- Cybersecurity Assessment Tool (CAT)
- DHS Cybersecurity Advisor (CSA) Program
- DHS Cybersecurity Resilience Review (CRR)
- DHS Cybersecurity Evaluation Tool (CSET)
- DHS Cybersecurity Services Catalog for SLTT Partners
- DHS Leadership Tabletop Exercise (LTTX)
- DHS National Initiative for Cybersecurity Careers and Studies (NICCS)
- DHS State and Local Intelligence Center - Fusion Center Information
- FSA Cybersecurity Compliance Webpage of Resources
- EU General Data Protection Regulation (GDPR) text of regulation
- European Commission Data Protection Website – (official EU Commission site)
- Guidelines on Territorial Scope of GDPR
- Cooley LLP - Cyber/Data/Privacy Governance - Action Plan