January 2018: Privacy Is Our Shared Responsibility

min read

Campus Security Awareness Campaign 2018
This post is part of a larger campaign designed to support security professionals and IT communicators as they develop or enhance their security awareness plans. View all 12 monthly blog posts with ready-made content by visiting our security awareness resource page.

Every year, we post about keeping your information private. What about your customers' information? No matter how you define customers, you and your organization collect their information, and it is up to you to respect and keep their information private. Consider the following content as you get ready to observe Data Privacy Day (or Data Privacy Month) on your campus.

Get the Word Out

Newsletter or Website Content

Everyone in our community is responsible for the protection of our customers' privacy and their personal information. However, you don't need to understand the nuances of every privacy regulation currently affecting higher education to tackle data privacy issues on campus. Whether you are working on a data breach response plan, updating institutional policies, collaborating with researchers on a new project, or educating students, faculty, and staff about data privacy, consider teaming up with your institution's privacy officer(s). The privacy officer(s) will be more than happy to lend expertise and help make sure privacy, risk, and information security considerations are carefully weighed.

Know and understand your privacy policies.

  • Most institutions have a standard privacy policy, statement, or notice on their website to help visitors understand the practices related to the collection, use, or disclosure of information. Two examples include Indiana University and the University of California, Berkeley.
  • Additional privacy statements or notices may be included in third-party contracts or services offered to students, faculty, and staff (e.g., learning management systems used for classes).
  • Also consider any third-party privacy policies or terms and conditions you may have agreed to as an individual (e.g., Facebook or any other third-party services or apps that aren't officially hosted by the institution through a signed contract).

Always start with privacy.

  • Include privacy in the planning phase of all new projects.
  • If you don't need personal information, don't collect it. You can always ask for more information later.
  • Inform your customers about why you're collecting their personal information.

Keep and use data securely.

  • Keep personal information confidential and limit access to the data.
  • Make sure you're only using the data the way you said you'd use it. Ensure you get the customer's consent before you use it otherwise.
  • Destroy or deidentify private information when you no longer need it.
  • Know your data breach response plan.
Privacy is Good for Business
Source: STOP. THINK. CONNECT. privacy is good for business infographic

Figure 1. Use this image to support your message
 

Social Posts

Note: These are Twitter-ready, meeting the 140-character length restriction.

  • #Privacy is our shared responsibility. #PrivacyAware #CyberAware
  • I'm protecting the #privacy of your information the way I hope you'd protect mine! #PrivacyAware #CyberAware
  • We have established #privacy policies in place to protect you & our institution. #PrivacyAware #CyberAware
  • Do you know how websites & third parties are sharing your info? http://www.kdnuggets.com/images/cartoon-dog-big-data.jpg #Privacy #PrivacyAware #CyberAware

E-Mail Signature

Ask staff members to add a tip to their e-mail signature block and link to your institution's information security page.

Example:

Jane Doe

Information Security Office

XYZ College

I'm protecting the privacy of your information the way I hope you'd protect mine. Learn more. [Link "Learn more." to your institution's privacy guidelines or link to STOP. THINK. CONNECT.’s privacy tips .]

Embed or Share Videos

Juan Enriquez: Your Online Life, Permanent as a Tattoo (5:57 min)


Securing the Human: Privacy (2:06 min)


The Terrifying Cost of "Free" Websites (6:20 min)

Resources

Share these resources with end users or use them to inform your awareness strategy:


Brought to you by the Awareness and Training Working Group of the EDUCAUSE Higher Education Information Security Council (HEISC).

© 2018 EDUCAUSE. This EDUCAUSE Review blog is licensed under Creative Commons BY-NC-SA 4.0.