Educause Security Discussion mailing list archives
Re: Do students hold universities accountable for protecting their information?
From: Brad Judy <brad.judy () CU EDU>
Date: Mon, 11 Jun 2018 20:40:02 +0000
To summarize some of the points made here (as well as my own thoughts), I think you can pull this together as a can/should/do form: * Can (rights) individuals hold institutions accountable (are there supporting laws/policies/etc that set that right or expectation?) – Yes, we have some laws in that space (FERPA, HIPAA) and many schools have related policies. What individuals “can” do is also evolving with privacy law changes. * Can (capability) individuals hold institutions accountable? – This is much harder to answer and the honest response is probably “the vast majority of individuals do not have the capability themselves.” They need assistance to understand the laws, gather information, interface with organizations, etc. * Should individuals hold institutions accountable for data security/privacy – Yes, I think it’s good for anyone to hold any organization accountable for meeting privacy/security requirements/expectations. * Should all of the responsibility of accountability oversight be on the individual? No, I don’t think so. One of the reasons we have accountability offices and watchdog groups is the challenge of the capability issue. Even if we lower the bar on those challenges, it will likely still remain out of reach for many individuals. * Do individuals hold institutions accountable? - Sometimes, but it seems pretty infrequent. I would guess this is due to a mix of lack of personal priority/interest and the capability challenge. At the moment, pushing accountability on privacy often requires assistance from third-parties (non-profits, governments, etc.). Some of the movement we see in data privacy and security is putting options/tools into the hands of individuals to ask questions not just about “What data do you have about me?” but also “How do you use that data?” and “Who have you given that data to?” Perhaps someday it will be easier for an individual to understand how organizations handle your personal data, but for now, this issue is still in a very messy adolescent phase. Brad Judy Information Security Officer Office of Information Security University of Colorado 1800 Grant Street, Suite 300 Denver, CO 80203 Office: (303) 860-4293 Fax: (303) 860-4302 www.cu.edu<http://www.cu.edu/> [cu-logo_fl] From: EDUCAUSE Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Paige Francis <paige () UARK EDU> Reply-To: EDUCAUSE Listserv <SECURITY () LISTSERV EDUCAUSE EDU> Date: Monday, June 11, 2018 at 2:10 PM To: EDUCAUSE Listserv <SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] Do students hold universities accountable for protecting their information? I’m not sure if they hold us accountable but I do believe they absolutely have that expectation. In addition, with FERPA and HIPAA we’re bound to safeguard protected data. -- Paige Francis Associate CIO, University of Arkansas Fayetteville, AR #UARK #GoHogs Need IT Help?<https://its.uark.edu/> | Twitter<https://twitter.com/CIOPaige> | LinkedIn<https://www.linkedin.com/in/paigefrancis/> | Blog<https://www.linkedin.com/in/paigefrancis/> From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of "McIntosh, Keith" <kmcintosh () RICHMOND EDU> Reply-To: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> Date: Monday, June 11, 2018 at 9:07 AM To: "SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] Do students hold universities accountable for protecting their information? Colleagues, Someone recently asked me the following question and I wondered what you would say. I believe students and parents have reasonable expectations that we are both protecting their information and ensuring privacy. Do students hold universities accountable for protecting their information? Keith W. "Mac" McIntosh he/his/him<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.mypronouns.org_&d=DwMFAg&c=7ypwAowFJ8v-mw8AB-SdSueVQgSDL4HiiSaLK01W8HA&r=MiccpEVSKT3DA5jws6edeA&m=xE9EjWmvszeA_LQHaZyOAO9TheSRXZP5Z1nRtLKN22E&s=9ZKxtGifiJT_omfG3l59i0uii-6HEcp-4bOI_XeNt58&e=> Vice President and Chief Information Officer Information Services Jepson Hall G-12 28 Westhampton Way University of Richmond, VA 23173 Office: 804.289.8771 Fax: 804.289.8988 http://is.richmond.edu<https://urldefense.proofpoint.com/v2/url?u=http-3A__is.richmond.edu_&d=DwMFAg&c=7ypwAowFJ8v-mw8AB-SdSueVQgSDL4HiiSaLK01W8HA&r=MiccpEVSKT3DA5jws6edeA&m=xE9EjWmvszeA_LQHaZyOAO9TheSRXZP5Z1nRtLKN22E&s=90YlN-N0Ju2PBK4xgYEsTM3k3lRUUnkwKAc-OBTeK-I&e=> Email: kmcintosh () richmond edu Twitter: @<https://urldefense.proofpoint.com/v2/url?u=https-3A__twitter.com_Keith-5FMcIntosh&d=DwMFAg&c=7ypwAowFJ8v-mw8AB-SdSueVQgSDL4HiiSaLK01W8HA&r=MiccpEVSKT3DA5jws6edeA&m=xE9EjWmvszeA_LQHaZyOAO9TheSRXZP5Z1nRtLKN22E&s=i_IyoJXiAP-3SUHk3zFgcVFLCwKMzDYy-9FVM8y16mQ&e=>Keith_McIntosh<https://urldefense.proofpoint.com/v2/url?u=https-3A__twitter.com_Keith-5FMcIntosh&d=DwMFAg&c=7ypwAowFJ8v-mw8AB-SdSueVQgSDL4HiiSaLK01W8HA&r=MiccpEVSKT3DA5jws6edeA&m=xE9EjWmvszeA_LQHaZyOAO9TheSRXZP5Z1nRtLKN22E&s=i_IyoJXiAP-3SUHk3zFgcVFLCwKMzDYy-9FVM8y16mQ&e=>
Current thread:
- Do students hold universities accountable for protecting their information? McIntosh, Keith (Jun 11)
- Re: Do students hold universities accountable for protecting their information? SPolsky@PACC (Jun 11)
- Re: Do students hold universities accountable for protecting their information? Josh Callahan (Jun 11)
- Re: Do students hold universities accountable for protecting their information? Hudson, Edward (Jun 11)
- Re: Do students hold universities accountable for protecting their information? Paige Francis (Jun 11)
- Re: Do students hold universities accountable for protecting their information? Barton, Robert W. (Jun 11)
- Re: Do students hold universities accountable for protecting their information? Linc Nesheim (Jun 11)
- Re: Do students hold universities accountable for protecting their information? Brad Judy (Jun 11)
- Re: Do students hold universities accountable for protecting their information? John Ramsey (Jun 12)
- Re: Do students hold universities accountable for protecting their information? Frank Barton (Jun 12)
- Re: Do students hold universities accountable for protecting their information? Ruth Ginzberg (Jun 12)
- Re: Do students hold universities accountable for protecting their information? Valerie Vogel (Jun 12)
- Re: Do students hold universities accountable for protecting their information? Pitt, Sharon (Jun 12)
- Re: Do students hold universities accountable for protecting their information? Semmens, Theresa (Jun 12)
- Re: Do students hold universities accountable for protecting their information? McIntosh, Keith (Jun 12)
- Re: Do students hold universities accountable for protecting their information? Barton, Robert W. (Jun 11)
- Re: Do students hold universities accountable for protecting their information? Josh Callahan (Jun 12)