Readings on Higher Education Privacy

January 28 is Data Privacy Day. Throughout the months of January and February, the EDUCAUSE Cybersecurity Initiative will highlight higher education privacy issues. To learn more, visit StaySafeOnline.

Six years ago, the EDUCAUSE Cybersecurity Initiative launched the Higher Education Chief Privacy Officers (HE-CPO) Working Group. The intent of that initial group was to establish a supportive environment for higher education chief privacy officers to improve professional networking, enhance coordination and communication, and advance the privacy profession in the higher education community. Fifteen privacy officers participated in the first meeting in 2011.

The group has grown quite a bit since its inception, more than doubling its number of active members to include those with primary institutional responsibility for privacy activities who may not hold the CPO title. This popularity is not surprising, especially as the number of chief privacy officers in higher education has grown. No longer content to merely support one another, members of that working group as well as the EDUCAUSE Privacy Discussion Group, now engage in active collaboration to contribute to the higher education body of privacy knowledge. The purpose of this week’s blog is to showcase some of our best higher education privacy resources:

  • The Higher Education CPO Primer, Part 1: A Welcome Kit for Chief Privacy Officers in Higher Education. Authored by members of the HE-CPO, this “how to” document provides a high-level overview of higher education privacy issues to help new CPOs (or individuals new to higher education) better understand the privacy challenges unique to colleges and universities.
  • The Chief Privacy Officer in Higher Education. This riveting article provides an overview of how the role of the higher education CPO has grown and changed, and includes commentary on how CPOs see the role evolving in the future.
  • Privacy vs. Privacy. This compelling article defines autonomy privacy, information privacy, and information security, and discusses the delicate balance between data stewardship and information privacy on the one hand, and academic freedom and autonomy privacy on the other.
  • HEISC Information Security Guide — privacy chapter. This brand-new chapter serves as a clearinghouse of resources readily available to higher education IT practitioners to help them learn about privacy issues.1

Can’t find what you’re looking for? Please start a discussion on the EDUCAUSE Privacy Discussion Group, reach out to us to volunteer on a topic of special interest, or simply let us know if there are additional resources that you’d like to see developed for the higher education privacy community. Send e-mail to


  1. Privacy and information security are separate disciplines, so it may be a bit confusing that a privacy chapter was added to the HEISC Information Security Guide. Both the editorial board for the Information Security Guide and the HE-CPO Working Group felt such placement was appropriate, given that many information security practitioners require a working knowledge of privacy issues.

Joanna Lyn Grama is director of cybersecurity and IT GRC programs for EDUCAUSE.

© 2017 Joanna Lyn Grama. This EDUCAUSE Review blog is licensed under Creative Commons BY-NC-SA 4.0.