Ben Archer, Privacy Manager for Arizona State University, answers some questions about privacy and the strategy he employs at his institution.
Gerry Bayne: What is the role of data privacy literacy in higher education?
Ben Archer: I think it is probably one of the most important things we can do. And, you know, we have this awesome responsibility and opportunity to teach the future leaders of the country and the world in, you know, a myriad of things, but one of those things is data privacy. And, you know, we have the standard videos that you would watch that, you know, explain privacy principles and how it affects you and things like that and links to tell you, oh, you know, lock down your Facebook profile and that sort of thing. And those are very good, but there's also this opportunity that we have to demonstrate to our data subjects, to our students and our community members, how their data ought to be handled. And by doing that, we're showing them the care and respect that data should be handled with and teaching them that this is how it's supposed to be so that when they grow up to lead the future free world, they have this idea of, well, you know, my college was able to do this with my data. Why can't you? I'm giving you money. So by setting that expectation of how data ought to be handled and how preferences ought to be respected, we're able to make this, you know, gradual, but make this significant change in how, you know, the country and the world really see data privacy.
Gerry Bayne: Great, the phrase cybersecurity and privacy is what you hear. Could you talk a little bit about the relationship between cybersecurity and privacy?
Ben Archer: Privacy is about making sure that the right folks have access to the right data at the right time and making sure that we're doing the right thing with those data. Cybersecurity is, you know, the lock on the door to make sure that nobody busts in and steals the data, you know, that completely unauthorized disclosure, the breach prevention, that sort of thing. Whereas privacy is making sure that if we're doing all the things that we intend to do, we don't accidentally do the wrong thing. And so, that's where I see the difference. You know, we're kind of two sides of the same coin with privacy and security. Security, cybersecurity helps prevent those unauthorized breaches and things like that. You know, the things that are intentionally malicious. Whereas privacy is we're trying to do the right thing, and we want to make sure that we actually do the right thing. And that's sort of the difference that I see between them.
Gerry Bayne: That makes a lot of sense. What do you say to someone that says privacy concerns are bureaucratic and stifle innovation?
Ben Archer: Folks are used to sharing their data. They share it with Facebook and Amazon and Google all day, every day. So the issue isn't that people don't want to share their data. It's that they want to know how it's going to be used, and they want to have some say in how it's going to be used. And so, by creating that transparency and by respecting their preferences, their agency, we're able to build a level of trust that we've never had before and have folks more willing to share additional data that they normally wouldn't. And so if it's you have to share this amount of data to be able to be a student. Okay, but if I trust the institution, I'm willing to share this much data, and that really can give a lot of new opportunities for innovation that haven't existed before because FERPA says we can't use this data in that way, and HIPAA says we can't use this data in this way. But if the data subject trusts the institution and provides consent to use their data in a way that benefits everyone, then everyone is better off, and we're able to be more innovative.