Educause Security Discussion mailing list archives
Re: Government owned Universities that are covered under GDPR?
From: "Kimmitt, Jonathan" <jonathan-kimmitt () UTULSA EDU>
Date: Fri, 2 Apr 2021 01:38:19 +0000
That question, to my knowledge, has not been fully determined by the FTC or by the courts, if GDPR is enforceable in the US ….. There are some treaties and the GPEN memberships that comes into play, and is currently murky at best….. However, there are some cases where you absolutely, probably can fall under GDPR in some form of scope…. 1. If your…….. Wait, I am not a lawyer, or providing you official consultation in this scenario… :) 1. If your Global education department (or any other department) has signed an agreement with an .edu entity from the EU that you will abide by ‘all applicable laws’ or specifically ‘GDPR’. 2. If your organization has entered into a contract with a vendor that is from the EU or has otherwise put into their contract a requirement for GDPR compliance 3. If you use a data center that is resident in the EU to store PII on data subjects from the EU. 4. If you have an office in the EU (this could, maybe, also mean a recruiter). 5. If you have an agreement, ethics code, terms of service/use/*, state requirement/mandate, public international code of conduct, that says your organization (or any part of) will abide by all state, national, and international laws. This is just a sampling for GDPR specific concerns you might need to think about and discuss with your privacy/legal teams…. And I would strongly encourage you to talk to someone who has specific Privacy training and experience to determine scope for your organization…. Many times General counsel and external counsel teams do not have privacy training, and ‘interpret’ things differently. I would also look at the various state privacy laws that are coming down the road, which many are very similar to GDPR, and will require the same kinds of data subject rights and transparency. -Jonathan Ps…. Here is the map from IAPP about state privacy laws that I use in my privacy presentations to .edu’s…. https://iapp.org/media/pdf/resource_center/State_Comp_Privacy_Law_Map_03_23_2021.pdf ~ Jonathan Kimmitt CISSP, FIP, CDPSE, CIPP/E, CIPM, CIPT, OTCP,GLEG, GPEN, GSNA, PCIP, CEH Chief Information Security Officer Information Technology The University of Tulsa 918.631.2743 jonathan-kimmitt () utulsa edu From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Alexandre Adao Sent: Thursday, April 1, 2021 7:31 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Government owned Universities that are covered under GDPR? Hello everyone, Any idea of government owned (state) universities in the US are covered under GDPR? Thanks, -- Alex Adao ============================================= Alexandre Magno Adão Director of Information Security Systems Morgan State University (CGW 300k) Division of Information Technology (DIT) 443-885-4415 Office 443-803-3154 Cell ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Cjonathan-kimmitt%40UTULSA.EDU%7Cbaae5c660ada4d187a3908d8f56eae68%7Cd4ff013c62b74167924f5bd93e8202d3%7C0%7C0%7C637529203015673392%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=Dh4M7wKn5qAoJJLjHEQ3rYH35rrojJlX0jb%2F2n9OtFM%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Government owned Universities that are covered under GDPR? Alexandre Adao (Apr 01)
- Re: Government owned Universities that are covered under GDPR? Kimmitt, Jonathan (Apr 01)