Take advantage of Data Privacy Day to help campus constituents understand the way your institution collects and uses their personal data. The twelve Security Awareness blogs feature ready-made content designed to enhance security awareness.
Campus Security Awareness Campaign 2019
This post is part of a larger campaign designed to support security professionals and IT communicators as they develop or enhance their security awareness plans. The campaign is brought to you by the Awareness and Training Working Group of the EDUCAUSE Higher Education Information Security Council (HEISC). View the other monthly blog posts with ready-made content at the security awareness resource page.
January 28 is Data Privacy Day. Data privacy for individuals means reviewing privacy settings on social media, being mindful of entering data into websites, and taking ownership of one's online identity. Data privacy for higher education institutions extends these principles to caring for other people's data, from collection, processing, sharing, and storing to destruction. Use this suggested content to promote personal privacy, institutional privacy, and data privacy compliance at your institution.
Get the Word Out
Newsletter or Website Content
The internet is full of data about you. Whenever you play a game, shop, browse websites, or use any of numerous apps, your activity and some of your personal information may be collected and shared.
Similarly, the business of higher education requires us to collect, process, and store the digital information of others. Whenever we handle such information, we need to think about how we want our own information treated and treat other people's data with the same care and respect.
Protect yourself by following these tips:
- Know what you are sharing. Check the privacy settings on all of your social media accounts; some even include a wizard to walk you through the settings. Always be cautious about what you post publicly.
- Guard your date of birth and telephone number. These are key pieces of information used for identity and account verification, and you should not share them publicly. If an online service or site asks you to share this critical information, consider whether it is important enough to warrant it.
- Keep your work and personal presences separate. Your employer has the right to access your email account, so you should use an outside service for private emails. This also helps you ensure uninterrupted access to your private email and other services if you switch employers.
Protect the information, identity, and privacy of others by following these tips:
- Know what resources are available at your institution. Colleges and universities might employ individuals with some of the following titles and responsibilities: compliance officer, who can help you navigate the laws and regulations that govern how your institution handles constituents' personal data and what safeguards need to be implemented to ensure the data stay secure; data privacy officer, who can answer questions about how your institution protects the privacy of both your data and constituents' data; and a(n) (chief) information security officer, who can answer questions about information security best practices and the technologies available to protect online identity and the personal data of constituents.
- Know what policies are in place at your institution. A privacy policy governs how the institution collects, processes, stores, and deletes the personal data of constituents; a data classification policy governs how the institution organizes the data it interacts with and what rules are in place for processing it; and an information security policy articulates how the institution governs and prioritizes information security activities.
- Keep constituents' personal information confidential and limit access to the data.
- Only use data for its intended purpose. If you need to use data for another reason, always check relevant resources and policies first for guidance.
- Destroy or de-identify private information when you no longer need it.
Social Posts
- I'm protecting the #privacy of your information the way I hope you'd protect mine! #PrivacyAware #CyberAware
- We have established #Privacy policies to protect you and our institution. #PrivacyAware #CyberAware
- Is your private data still private? Check for breaches at https://haveibeenpwned.com/ #PrivacyAware #CyberAware
Email Signature
Ask staff to add a tip to their email signature block and link to your institution's information security page.
Example:
Jane or John Doe
Chief Information Security Officer
XYZ College or UniversityDid you know: January 28 is Data Privacy Day? Learn more. [Link "Learn more" to your institution's privacy page or link to Stay Safe Online's Data Privacy Day page.]
Embed or Share Videos
Resources
Share these resources with end users or use them to inform your awareness strategy.
- Learn more about data privacy in Higher Education through the EDUCAUSE Understanding Data Privacy Issues in Higher Education Featured Topic Guide [https://www.educause.edu/guides/understanding-data-privacy-issues-in-higher-education].
- Read guidance from the Federal Trade Commission.
- Download NCSA's infographic Your Privacy in a Growing Internet of Me [https://staysafeonline.org/wp-content/uploads/2017/12/Internet_of_Me.pdf].
- Share this NCSA infographic with campus staff: Are You Doing Enough to Protect Consumers' Data? [https://staysafeonline.org/wp-content/uploads/2018/01/Data-Privacy-Day-2018-Data-Decision-Tree_Protecting-Consumers-Data.pdf]
- See our previous Campus Security Awareness Campaign blogs about privacy: January 2018: Privacy is our Shared Responsibility, January 2017: Keep What's Private, Private, January 2016: Guard Your Privacy Online, and February 2016: Guard Your Privacy When Offline or Traveling
Use This Image to Support Your Message
Emily Harris is Information Security Officer at Vassar College.
© 2018 Emily Harris. The text of this work is licensed under a Creative Commons BY-NC-ND 4.0 International License.