January 2019 Tip of the Month: Please review: Cyber/Data/Privacy Governance Action Plan; Cooley LLP, October 2018
Why is Data Protection and Privacy Important?
Data protection starts with each member of your institution/organization, from students to presidents and from academic service partners to institutional support providers. Institutions collect data on students, faculty, staff, alumni, and donors to help create strategies to best serve the institution’s community. Innovative technology is emerging rapidly. Institutions must ensure that their best practices and infrastructure keeps up with these technological advancements to prevent data insecurity.
The combination of technological advancements and a wealth of sensitive data makes higher education an easy target for criminals to steal information or cause a severe breakdown in services at an institution. Institutions have experienced breaches much like the well-known breaches at Equifax, Target, Anthem, and Yahoo.
This is not just an IT problem! All members of an academic community must be trained with data protection best practices to preserve the security of the institution.
A breach could occur from an unintentional action by a non-technical staff member or a student causing exposure of personal or institutional data to criminals. The institution can be at risk by:
- using weak passwords,
- connecting to dangerous networks, or
- opening suspicious emails.
Failure of an institution to create safeguards and follow data security requirements, as required by the Gramm-Leach-Bliley Act (GLBA, 2002) 16 CFR 314.4 (b), could result in fines and affect participation in Title IV HEA programs, to say nothing of the massive fees that could incur from institutions trying to retrieve stolen data.
Examples of institution cyber-attacks (attacks to computer networks) include:
- Cyberattack Causes Outage for Library Consortium,
- Hackers steal identity info of 72,000 at U of Delaware,
- University of Maryland computer security breach exposes 300,000 records,
- North Dakota University System says server hacked.
- Cyber theft 2018: A computer hack of more than 140 institutions, 3,700 professors, and $3 billion in data. ...“one of the largest state-sponsored hacking campaigns ever prosecuted by the Department of Justice,” said Geoffrey S. Berman, U.S. attorney for the Southern District of New York.
The resources here will help all members of your institutions/organizations to understand their role in the development of data protection and privacy.