According to the recently released TRUSTe/National Cyber Security Alliance (NCSA) U.S. Consumer Privacy Index for 2016 [https://staysafeonline.org/resource/trustenational-cyber-security-alliance-u-s-consumer-privacy-index-2016-infographic/], 45% of consumers are more concerned about their online privacy than just one year ago. This statistic is brought into sharper focus as we learn that 68% are also more concerned about how their personal data is being used than with losing principle income. Given the current state of our economy, it's striking to think that misuse of personal information is seriously more important to many people than their financial livelihood. At Indiana University (IU), we're paying attention to this rising concern and doing our part to help increase awareness of the importance of privacy and how people can protect themselves and those they serve.
As part of this ongoing effort, IU participated as a Data Privacy Day Champion in the recent NCSA privacy awareness campaign in January. We used the week leading up to Data Privacy Day (January 28, 2016) to increase student and staff awareness of digital resources that can help them keep personal information private and secure. Privacy experts also shared tips ranging from how to protect institutional data to privacy-related movie picks.
Here are some examples of data protection and privacy information we developed as part of this campaign. In many cases, tips and information were pulled from our privacy and security website, the university knowledgebase, and expert resources that are available year-round. We found that leveraging preexisting pockets of information and aggregating them into consumable bits was both easy and cost-effective. For example, a guide to resources and tips for keeping personal data safe was shared through two university-wide newsletters (InsideIU and UITS Monitor), social media, and digital signage [https://protect.iu.edu/images/posters/DataPrivacyDay855x950.jpg].
The resources and costs needed to develop these communications were relatively low, which should make it easy for other institutions to adapt or modify some (or all) of these resources for their own campus privacy awareness efforts in 2016 or 2017. Additionally, NCSA makes it easy to jump in, even if it's your first time participating or if you don't have local resources to pull from. For example, we also shared several fun resources like the DPD video, social media memes, and a quiz available at StaySafeOnline.org. NCSA developed these resources and made them publicly available for reuse. What's more cost-effective than free resources!
This year, IU also delivered a few tools that required a bigger investment of time and resources, ranging from a few weeks of policy analyst time to months of consulting work with web designers and our committee of data stewards. Following is a list of these tools as examples that might be reused at other institutions.
- Critical Data Guide [https://datamanagement.iu.edu/docs/Critical-Data-Guide.pdf]: An updated guide to handling critical information at IU is available on our Data Management website. This guide is also being designed as a snazzy, multicolored, pocket-size quick reference guide [https://datamanagement.iu.edu/training/data-guide/index.php].
- Committee of Data Stewards: Our newly designed Data Management website is the go-to place to get information about how data is classified, to contact data managers or data stewards, or to ask questions about institutional data.
- Data Protection and Privacy Tutorial: This new online tutorial, accessible from the Data Management website, is available in both PowerPoint [https://datamgmt.iu.edu/docs/Data_Protection_and_Privacy.pptx] and YouTube video formats. Over the coming weeks, we plan to add voice to the video and provide a quiz at the end of the tutorial. Until then, we hope other institutions can get some ideas about what to include in their tutorials. We'd also be interested in getting feedback on how we can improve this information.
- Protect IU: The website for Public Safety and Institutional Assurance at IU wasn't developed as part of Data Privacy Day, but it provides an extensive collection of tools and guidance for staying safe online and for keeping institutional data secure. The personal preparedness pages cover a variety of cybersecurity topics (e.g., phishing, identity theft, file sharing) that can be put to use at work and at home.
- FAQ: This overview of Indiana data protection laws was compiled by University Counsel, the Information Policy and Security Office, and Internal Audit to help address common questions regarding state laws.
And last but certainly not least, IU showed its support for data privacy by involving others in the privacy campaign development effort. Even students helped with some of the awareness efforts by penning several of the following blog posts. Our student interns are such a wonderful untapped resource and bring a fresh eye to ways of expressing the need for privacy:
- Two-factor authentication for social media worth considering
- Movies about data privacy
- So many passwords!?!
- New online data privacy tutorial useful, brief
We found that IU's Data Privacy Week provided a nice opportunity to fine-tune and invigorate our data privacy outreach efforts to IU students and staff. This international initiative occurs once a year, but our collaborative efforts in developing digital resources can help our university community year-round. We look forward to continuing our educational campaign at IU and to collaborating with other institutions as we set our sights on Data Privacy Day 2017.
Sara Chambers is the chief privacy officer for Indiana University. In this position she coordinates privacy-related efforts, serves on IU's Policy Advisory Council and University Assurance Council, chairs the Committee of Data Stewards, and co-chairs the Information Security and Privacy Risk Council. She also provides oversight for the University Information Policy Office, which includes IU's IT incident response team. Sara served nine years as director of enterprise software for the university before accepting the CPO position.
Tracy James is assurance communication manager for Public Safety and Institutional Assurance at Indiana University. Before joining PSIA almost a year ago, she worked for nearly 11 years on the IU Bloomington News and Media team and, before that, as a daily newspaper reporter in Southern Illinois.
© 2016 Sara Chambers and Tracy James. This EDUCAUSE Review blog is licensed under the Creative Commons BY-NC-SA 4.0 International license.