January 2018: Privacy Is Our Shared Responsibility

Authors:: Jenny Patterson
Published:: Monday, September 25, 2017
Columns:: Cybersecurity and Privacy

min read

Campus Security Awareness Campaign 2018
This post is part of a larger campaign designed to support security professionals and IT communicators as they develop or enhance their security awareness plans. View all 12 monthly blog posts with ready-made content by visiting our security awareness resource page.

Every year, we post about keeping your information private. What about your customers' information? No matter how you define customers, you and your organization collect their information, and it is up to you to respect and keep their information private. Consider the following content as you get ready to observe Data Privacy Day (or Data Privacy Month) on your campus.

Get the Word Out

Newsletter or Website Content

Everyone in our community is responsible for the protection of our customers' privacy and their personal information. However, you don't need to understand the nuances of every privacy regulation currently affecting higher education to tackle data privacy issues on campus. Whether you are working on a data breach response plan, updating institutional policies, collaborating with researchers on a new project, or educating students, faculty, and staff about data privacy, consider teaming up with your institution's privacy officer(s). The privacy officer(s) will be more than happy to lend expertise and help make sure privacy, risk, and information security considerations are carefully weighed.

Know and understand your privacy policies.

Most institutions have a standard privacy policy, statement, or notice on their website to help visitors understand the practices related to the collection, use, or disclosure of information. Two examples include Indiana University and the University of California, Berkeley.
Additional privacy statements or notices may be included in third-party contracts or services offered to students, faculty, and staff (e.g., learning management systems used for classes).
Also consider any third-party privacy policies or terms and conditions you may have agreed to as an individual (e.g., Facebook or any other third-party services or apps that aren't officially hosted by the institution through a signed contract).

Always start with privacy.

Include privacy in the planning phase of all new projects.
If you don't need personal information, don't collect it. You can always ask for more information later.
Inform your customers about why you're collecting their personal information.

Keep and use data securely.

Keep personal information confidential and limit access to the data.
Make sure you're only using the data the way you said you'd use it. Ensure you get the customer's consent before you use it otherwise.
Destroy or deidentify private information when you no longer need it.
Know your data breach response plan.

Privacy is Good for Business — *Source:* STOP. THINK. CONNECT. privacy is good for business infographic

**Figure 1. Use this image to support your message**

Social Posts

Note: These are Twitter-ready, meeting the 140-character length restriction.

#Privacy is our shared responsibility. #PrivacyAware #CyberAware
I'm protecting the #privacy of your information the way I hope you'd protect mine! #PrivacyAware #CyberAware
We have established #privacy policies in place to protect you & our institution. #PrivacyAware #CyberAware
Do you know how websites & third parties are sharing your info? http://www.kdnuggets.com/images/cartoon-dog-big-data.jpg #Privacy #PrivacyAware #CyberAware

E-Mail Signature

Ask staff members to add a tip to their e-mail signature block and link to your institution's information security page.

Example:

Jane Doe

Information Security Office

XYZ College

I'm protecting the privacy of your information the way I hope you'd protect mine. Learn more. [Link "Learn more." to your institution's privacy guidelines or link to STOP. THINK. CONNECT.’s privacy tips .]

Embed or Share Videos

Juan Enriquez: Your Online Life, Permanent as a Tattoo (5:57 min)

Securing the Human: Privacy (2:06 min)

The Terrifying Cost of "Free" Websites (6:20 min)

Resources

Share these resources with end users or use them to inform your awareness strategy:

Read the EDUCAUSE Review articles "Consenting Adults? Privacy in an Age of Liberated Learning Data" and "Naked in the Garden: Privacy and the Next Generation Digital Learning Environment."
Explore three reasons for the campus community to care about privacy: "I have nothing to hide. Why should I care about privacy?"
Learn more about privacy challenges and best practices in the Leadership Exchange article "Privacy in the Age of Big Data."
Discover your privacy personality, learn more about the Privacy Paradox, and take on daily privacy challenges.
Watch the informative documentary Terms and Conditions May Apply. It's worth the 80 minutes of your time.
Share this 2017 infographic from STOP. THINK. CONNECT.: Privacy Is Good for Business.
See our previous Campus Security Awareness Campaign blogs about privacy: January 2017: Keep What's Private, Private, January 2016: Guard Your Privacy Online, and February 2016: Guard Your Privacy When Offline or Traveling

Brought to you by the Awareness and Training Working Group of the EDUCAUSE Higher Education Information Security Council (HEISC).

ParentTopics:: Data Privacy Data Security Privacy