Tornados in/around Chicago is rare. Hopefully you won't see one again for many years.

Allen Taylor, Marshall University, Huntington, WV

Welcome, everyone to today’s Industry & Campus Solutions webinar - “Shaping Privacy Policy and Legislation in Higher Education.”

Thank you to everyone who’s just joining us! Please use the chat to introduce yourself, ask questions, and make comments. Be sure to select “Panelists and Attendees” from the dropdown so we can see your comments.

Greetings everyone. Mark Chang, Florida State University, Tallahassee, FL

Be sure to select “Panelists and Attendees” from the dropdown so we can see your comments.

Micki Jernigan, Augusta University

If you have any technical difficulties, please send a private chat to “Panelists.”

Hello! Whitney Mahoney, University of Kansas, Lawrence, KS

Hi all - Sharyne Miller from University of North Carolina, Wilmington

Recordings and resources from this session will be available on the on the EDUCAUSE event archive page:https://events.educause.edu/webinar/2021/shaping-privacy-policy-and-legislation-in-higher-education

To open captioning in a separate, adjustable browser, please click on the arrow next to the “cc” button at the bottom of your window and select “View Full Transcript.”

Please feel free to ask questions or share your insights at any time. Hot topic these days.

It sure is! lol

Thank you to everyone who’s just joining us! Please use the chat to introduce yourself, ask questions, and make comments. Be sure to select “Panelists and Attendees” from the dropdown so we can see your comments.

Trudi Wright, McMaster University - Ontario, Canada

Hello, Paul Schantz from Cal State University Northridge 😀

Given the digital transformation precipitated by the COVID crisis, what should we be focusing on wrt to data protection?

Hello All. Ian Harazduk, University of California, Riverside.

Greetings from Claude Sam-Foh, Centennial College, Toronto, Canada

Hi Everyone :) Carolyn Cosentino Ponoroff, University of California, Irvine

Howdy! Sean Patterson, University of California, San Francisco

Colleen Falconer, Central Washington University, Ellensburg, WA

As a reminder, be sure to select “Panelists and Attendees” from the dropdown so we can see your comments.

Every organization should be asking themselves if they need this role and the answer should be yes if you manage people data. Many organizations do not have this as a dedicated role. Joe is an example of a CISO / CPO.

HI all! Elizabeth Goodman, University of Chicago

What privacy laws beyond FERPA exist for students in a public university?

Understanding and classifying your systems and data should be a top priority. Follow the data to understand the who, what, when, where, how and why this data is collected, processed, shared.

Do you have examples of university policy that says how you WILL use data you collect and how you will NOT use data you collect?

Hello everyone! Heidi Wachs, now with Stroz Friedberg, but former CPO for Georgetown University and unofficial president of the Kent Wada fan club!

Numerous states are legislating greater privacy protections which would include students. These are state by state and in the works at the Federal level. GLBA is another area to consider. Processing financial aid has its own set of implications.

If a university collects data about prior felony convictions of its students, is it legal for the university to share that information with potential internship sites?

What does privacy law or copyright law say about the decision by a university to store faculty lectures that have been captured on an LMS, video, or other from of storage?

Criminal conviction data is very interesting. Mugshots.com would argue they have a first amendment right to publishing arrest data. State and Federal courts regularly share disposition information. Even if an expungement of a criminal record occurs, there is value in that inaccurate data, it is a unique record at that point.

YES for CPO, EPO, etc. Ethics, trust, what we should do with the data not what we can do with the data - including limiting access

Other types of PII - PHI, HR, GLBA, donor/alum data, various state law PII

Realizing the importance of security and privacy, what recommendations do you have for a small campus with limited funding, staff, time, etc.?

Privacy and copyright laws are also interesting. For many organizations these come down to university specific policy. I have interviewed a large university where members of the faculty senate that wish it to be mandatory students turn on their cameras. I have witnessed an EU based university request consent from teaching assistants that participated in a live course introduction.

Kent has, seemingly, made a distinction between a Privacy officer and a Security officer. What's the difference between the two designations?

Agreed about our concern about the community! Also, Kent, your space is worthy of Room Rater!

will do

How do American concepts of privacy (legal & practical) differ from the rest of the world? How does this shape policy?

@Susan Cyber-security and privacy is important for cats, too! :)

Thanks Kent. That's an important nuance to highlight

Major differences between the CPO and the CISO really include the focus - security focuses on the information security program: technical and information risk management, security control assurances, security policy and threat analysis and much more. Privacy is all about people and ensuring a fundamental human right. The CPO manages privacy related concerns including people data collection / use / notification and consent. CPO and CISO overlaps most often include breach response activities, policy development, systems design objectives and more.

I haven't heard a response to the following question...How do American concepts of privacy (legal & practical) differ from the rest of the world? How does this shape policy?

Hi Patrick! We did see your question! We'll be answering questions throughout the natural flow of the presentation and discussion, and then we'll circle back at the end for questions that still need to be answered.

@christine A good place to start would be to look at the EU’s draft AI regulation.

https://www.ucop.edu/ethics-compliance-audit-services/compliance/presidential-working-group-on-artificial-intelligence.html

American concepts are equal to when cavemen roamed the earth. The EU has many privacy laws in place to safeguard residents privacy. US states have heavily leveraged GDPR like language in there legislation. Looking back on the prior questions, arrest and conviction data for the most part is only available to law enforcement in the EU.

One terrific example of transparency: https://safecomputing.umich.edu/viziblue

Here’s something from UCLA: https://ucla.app.box.com/s/hkz91b0hwj5zq5hd4g8epafao3uxyoms

Where these global concepts of privacy are starting to collide is in the area of law enforcement, where cybercrimes cross borders. Mutual Legal Assistance (MLA) is driving a lot of privacy discussion on a global scale.

Thanks, Kent!

Excellent article on bias in AI. https://www.npr.org/2020/06/24/882683463/the-computer-got-it-wrong-how-facial-recognition-led-to-a-false-arrest-in-michig

https://www.educause.edu/community/higher-education-chief-privacy-officers-hecpo-community-group

Most of our policy content appears in the EDUCAUSE Review policy channel first: https://er.educause.edu/channels/policy

How can higher education IT and Privacy professionals help influence legislation at the state and federal level?

Developing a relationship with your government relations office can be very helpful in that respect, @Merritt. Given the scope of issues any one member of that staff or the office overall may be tracking, helping them to learn about privacy principles and concerns can make a big difference in terms of their ability to identify policy developments that may affect the institution as well as where to go within the institution to get insights on their potential institutional impact.

Great discussion, thanks so much!

We appreciate your feedback! As we continue with our session, please take note of our brief session evaluation and fill it out before leaving the online room today: https://survey.alchemer.com/s3/6179048/IC2119

Access the Spirion + Huron Resource Toolkit: https://explore.spirion.com/l/spirion-huron

https://explore.spirion.com/l/spirion-huron 

At the federal level, as Kent mentioned, engaging with member/constituent groups within relevant associations--EDUCAUSE from a professional perspective, AAU/ACE/AACC/etc. from an institutional perspective--helps association government relations officers understand what issues/concerns their members have and how to work with each other (professional/institutional) to manage those concerns on behalf of higher ed. overall.

Excellent information. Thank you.

Great Webinar. Really good. Thanks guys!!!!

We appreciate your feedback! As we continue with our session, please take note of our brief session evaluation and fill it out before leaving the online room today: https://survey.alchemer.com/s3/6179048/IC2119

We have a DPO but no CPO or CISO. Not sure we're on the right track.

For example, my recent interactions with the Higher Ed. CPOs Community Group have been very helpful in understanding how the CPO perspective compares and contrasts with the issues/concerns of other higher ed. stakeholders, and therefore where/how EDUCAUSE can and should work with those stakeholders on behalf of the overall institutional interest.

DPO - specifically to comply with the GDPR and similar legislation

This was super! Thank you!

Thank you all

Great webinar 👍

Thank you for all attending. This was great!

Thanks!

Thank you for your participation! Before leaving, please don’t forget to fill out our evaluation: https://survey.alchemer.com/s3/6179048/IC2119

Recordings and resources from this session will be available on the on the EDUCAUSE event archive page:https://events.educause.edu/webinar/2021/shaping-privacy-policy-and-legislation-in-higher-education

Fabulous!!!!

Access the Spirion + Huron Resource Toolkit: https://explore.spirion.com/l/spirion-huron

Thanks for the discussion.

EDUCAUSE Privacy Community Group: https://www.educause.edu/community/privacy-community-group

Our next Industry & Campus Solutions webinar entitled, “Shaping Privacy Policy and Legislation in Higher Education” will be held on June 22nd at 1pm ET. https://events.educause.edu/webinar/2021/shaping-privacy-policy-and-legislation-in-higher-education

Thanks so much :)

Thank you!