As data risk management grows more complex, privacy has evolved from a compliance concern to a strategic imperative for higher education institutions. In this video, two chief privacy offers explore this evolution and share how it informs their approach to balancing risks and opportunities.
View Transcript
Joe Conley
Chief Privacy Officer
University of Arizona
Joe Gridley
Chief Data Privacy Officer
University of Maryland
Gerry Bayne: Amid the many evolving challenges in higher education, the strategic use of data has become essential to institutional success, yet as more data is collected, stored, and shared on campuses, privacy risks continue to grow. In response, institutions are increasingly seeking separate but interdependent roles for privacy and cybersecurity.
Joe Conley: Privacy used to be really heavily legal, so when I first started working in privacy, everyone who worked in privacy were either lawyers or they were paralegals or had some sort of legal background. Now you're starting to see people who have more technical backgrounds. Maybe it's IT, maybe it's cybersecurity.
Joe Gridley: Privacy used to be, have we gotten the consents right, and do we have a data breach, and how do we respond to that? In the last seven or eight years, we've seen a shift. I think that does start with the GDPR.
Gerry Bayne: The GDPR, a regulation created by the European Union, helped to introduce tools like data protection impact assessments to evaluate risks not only to the organization, but to individuals.
Joe Gridley: Now, you have a group of folks at your organization that is asking about the risk to a data subject, not the risk to the organization, but actually the human being that's involved, and so for a while, that's kind of a quiet thing. That sort of sits, it's not as important as maybe the risk to our DOD research or whatever the case might be. That, though, has become now the privacy office, and sometimes, there's some crossover with legal or ethics or security, but the organization now has these folks that are asking these questions, and as we move more into AI and more into modeling and predictive analytics, we find ourselves in a place where stuff feels creepy, and having someone, having some part of the organization that can respond to that, I think is why we're seeing more and more demand for privacy professionals.
Joe Conley: It's really grown, and I think why it has grown, more than anything, is just technology. When I started, there wasn't a Facebook, there wasn't a smartphone. We didn't have Instagram, we didn't have... I mean, YouTube was barely a blip on the radar, and now you have all of these organizations that are collecting our data, they're storing our data. Sometimes, we don't even know they're doing it. Sometimes they have to be forced to tell us what they're doing.
Gerry Bayne: These social networks, along with the unbridled popularity of AI tools, translates to addressing privacy in a diverse range of settings, and approaching these complex risks is more successful when privacy officers are involved in projects earlier.
Joe Gridley: Getting privacy introduced at ideation is the goal. That is training, that is awareness, that is a long journey. I think honestly, most of the time we have folks that are in the third quarter, and we get brought in, and there's good and bad in that. We got brought in, that's great, and we can kind of talk about what we need to do to help our data subjects, but it is kind of disruptive. They're partway down, and now we have to make a change.
Joe Conley: We, I think, as privacy professionals assume that everyone understands privacy. You know yeah, they understand some of the bare basics of privacy, but they don't understand the ins and outs and the nuances and whatnot of privacy, so it's my job to educate them on how privacy is important, why it's important, and how to best sort of incorporate it in whatever project, whatever software system you're hoping to bring in, whatever it is you want to do. I want you to think privacy as you're doing that.
Gerry Bayne: As the role of privacy continues to evolve in higher education, early integration, proactive collaboration, and ongoing education will be key to addressing the risks of today's data-driven institutions. By prioritizing privacy today, institutions can lay the groundwork for secure and ethical innovation tomorrow.