Data protection starts with each member of your institution/organization, from students to presidents and from academic service partners to institutional support providers. Innovative technology is emerging rapidly so institutions must ensure that their best practices and infrastructure keeps up with these technological advancements to prevent data insecurity. Additionally, institutions collect data on students, faculty, staff, alumni, and donors to help create strategies to best serve the institution’s community. The combination of technological advancements and a wealth of sensitive data makes higher education an easy target for criminals to steal information or cause a severe breakdown in services at an institution. Institutions have experienced breaches much like the well-known breaches at Equifax, Target, Anthem, and Yahoo.
This is not just an IT problem! A breach could occur from an unintentional action by non-technical staff or student that could expose personal or institutional data to criminals and place the institution at risk by merely using weak passwords, connecting to dangerous networks, or opening suspicious emails. All members of an academic community must be trained with data protection best practices to preserve the security of the institution. Failure of an institution to create safeguards and follow data security requirements, as required by the Gramm-Leach-Bliley Act (GLBA, 2002) 16 CFR 314.4 (b), could result in fines and affect participation in Title IV HEA programs, to say nothing of the massive fees that could incur from institutions trying to retrieve stolen data. The resources here will help all members of your institutions/organization to understand their role in the development of data protection and privacy.