Campus Security Awareness Campaign 2018
This post is part of a larger campaign designed to support security professionals and IT communicators as they develop or enhance their security awareness plans. View all 12 monthly blog posts with ready-made content by visiting our security awareness resource page.
Every year, we post about keeping your information private. What about your customers' information? No matter how you define customers, you and your organization collect their information, and it is up to you to respect and keep their information private. Consider the following content as you get ready to observe Data Privacy Day (or Data Privacy Month) on your campus.
Get the Word Out
Newsletter or Website Content
Everyone in our community is responsible for the protection of our customers' privacy and their personal information. However, you don't need to understand the nuances of every privacy regulation currently affecting higher education to tackle data privacy issues on campus. Whether you are working on a data breach response plan, updating institutional policies, collaborating with researchers on a new project, or educating students, faculty, and staff about data privacy, consider teaming up with your institution's privacy officer(s). The privacy officer(s) will be more than happy to lend expertise and help make sure privacy, risk, and information security considerations are carefully weighed.
Know and understand your privacy policies.
- Most institutions have a standard privacy policy, statement, or notice on their website to help visitors understand the practices related to the collection, use, or disclosure of information. Two examples include Indiana University and the University of California, Berkeley.
- Additional privacy statements or notices may be included in third-party contracts or services offered to students, faculty, and staff (e.g., learning management systems used for classes).
- Also consider any third-party privacy policies or terms and conditions you may have agreed to as an individual (e.g., Facebook or any other third-party services or apps that aren't officially hosted by the institution through a signed contract).
Always start with privacy.
- Include privacy in the planning phase of all new projects.
- If you don't need personal information, don't collect it. You can always ask for more information later.
- Inform your customers about why you're collecting their personal information.
Keep and use data securely.
- Keep personal information confidential and limit access to the data.
- Make sure you're only using the data the way you said you'd use it. Ensure you get the customer's consent before you use it otherwise.
- Destroy or deidentify private information when you no longer need it.
- Know your data breach response plan.
Social Posts
Note: These are Twitter-ready, meeting the 140-character length restriction.
- #Privacy is our shared responsibility. #PrivacyAware #CyberAware
- I'm protecting the #privacy of your information the way I hope you'd protect mine! #PrivacyAware #CyberAware
- We have established #privacy policies in place to protect you & our institution. #PrivacyAware #CyberAware
- Do you know how websites & third parties are sharing your info? http://www.kdnuggets.com/images/cartoon-dog-big-data.jpg #Privacy #PrivacyAware #CyberAware
E-Mail Signature
Ask staff members to add a tip to their e-mail signature block and link to your institution's information security page.
Example:
Jane Doe
Information Security Office
XYZ College
I'm protecting the privacy of your information the way I hope you'd protect mine. Learn more. [Link "Learn more." to your institution's privacy guidelines or link to STOP. THINK. CONNECT.’s privacy tips .]
Embed or Share Videos
Juan Enriquez: Your Online Life, Permanent as a Tattoo (5:57 min)
Securing the Human: Privacy (2:06 min)
The Terrifying Cost of "Free" Websites (6:20 min)
Resources
Share these resources with end users or use them to inform your awareness strategy:
- Read the EDUCAUSE Review articles "Consenting Adults? Privacy in an Age of Liberated Learning Data" and "Naked in the Garden: Privacy and the Next Generation Digital Learning Environment."
- Explore three reasons for the campus community to care about privacy: "I have nothing to hide. Why should I care about privacy?"
- Learn more about privacy challenges and best practices in the Leadership Exchange article "Privacy in the Age of Big Data."
- Discover your privacy personality, learn more about the Privacy Paradox, and take on daily privacy challenges.
- Watch the informative documentary Terms and Conditions May Apply. It's worth the 80 minutes of your time.
- Share this 2017 infographic from STOP. THINK. CONNECT.: Privacy Is Good for Business.
- See our previous Campus Security Awareness Campaign blogs about privacy: January 2017: Keep What's Private, Private, January 2016: Guard Your Privacy Online, and February 2016: Guard Your Privacy When Offline or Traveling
Brought to you by the Awareness and Training Working Group of the EDUCAUSE Higher Education Information Security Council (HEISC).
© 2018 EDUCAUSE. This EDUCAUSE Review blog is licensed under Creative Commons BY-NC-SA 4.0.