Educause Security Discussion mailing list archives
Re: Do students hold universities accountable for protecting their information?
From: Linc Nesheim <nesheijl () WHITMAN EDU>
Date: Mon, 11 Jun 2018 14:21:09 -0700
I'll say 'yes' in a similar way that RobertB responded. I do think there is an expectation to help -- this can even extend to situations which may not end up directly related to things under our influence or control. A little over a year ago we received a handful of 'inquiries' about our response to another institution in our region that had a data breach completely unrelated to our institution. Just happened some of our students had responded to a survey so they were contacted as part of a notification process. Both students and parents contacted us -- either to ask how we could let this happen; or what they should be doing about it. Either way, there were folks trying to make sense of how to navigate even if the initial responsibility was misunderstood. And how many of us have received contact around tax time where someone has been victim of tax fraud only to assume it was our institutional systems that were the root of a compromise? In these cases, it seems people are looking where it makes sense to them for guidance and response. Although it's not always correctly placed... part of our goal is to educate and assist. I don't really know how this translates to accountability, though -- the Equifax, Facebook, etc. situations raise awareness on one hand, but are also beginning to make some folks numb to the perceived status quo of the "data industry." This is long winded for -- I think our constituents do have a *reasonable* expectation that we protect their information/privacy. I'm a 'glass-half-full' sort of person -- I know most of us work pretty hard to protect the information we have amassed across our systems. Linc *Linc Nesheim* Information Security Officer Whitman College *509-527-5852* On Mon, Jun 11, 2018 at 1:15 PM Barton, Robert W. <bartonrt () lewisu edu> wrote:
I would have to say yes. I would go further that they expect us to help with a situation, when they arise (e.g. virus on personal laptop they will come to the support desk). GDPR, FERPA, and HIPAA will hold us responsible for sure, although the student will not necessarily raise their flag when/if there is an issue. Robert W. Barton Director of Information Security Lewis University One University Parkway Romeoville, IL 60446-2200 815-836-5663 *From:* The EDUCAUSE Security Constituent Group Listserv < SECURITY () LISTSERV EDUCAUSE EDU> *On Behalf Of *Paige Francis *Sent:* Monday, June 11, 2018 3:10 PM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* Re: [SECURITY] Do students hold universities accountable for protecting their information? I’m not sure if they hold us accountable but I do believe they absolutely have that expectation. In addition, with FERPA and HIPAA we’re bound to safeguard protected data. -- *Paige Francis* Associate CIO, University of Arkansas Fayetteville, AR #UARK #GoHogs Need IT Help? <https://its.uark.edu/> | Twitter <https://twitter.com/CIOPaige> | LinkedIn <https://www.linkedin.com/in/paigefrancis/> | Blog <https://www.linkedin.com/in/paigefrancis/> *From: *The EDUCAUSE Security Constituent Group Listserv < SECURITY () LISTSERV EDUCAUSE EDU> on behalf of "McIntosh, Keith" < kmcintosh () RICHMOND EDU> *Reply-To: *The EDUCAUSE Security Constituent Group Listserv < SECURITY () LISTSERV EDUCAUSE EDU> *Date: *Monday, June 11, 2018 at 9:07 AM *To: *"SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU> *Subject: *[SECURITY] Do students hold universities accountable for protecting their information? Colleagues, Someone recently asked me the following question and I wondered what you would say. I believe students and parents have reasonable expectations that we are both protecting their information and ensuring privacy. * Do students hold universities accountable for protecting their information? * *Keith W. "Mac" McIntosh* he/his/him <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.mypronouns.org_&d=DwMFAg&c=7ypwAowFJ8v-mw8AB-SdSueVQgSDL4HiiSaLK01W8HA&r=MiccpEVSKT3DA5jws6edeA&m=xE9EjWmvszeA_LQHaZyOAO9TheSRXZP5Z1nRtLKN22E&s=9ZKxtGifiJT_omfG3l59i0uii-6HEcp-4bOI_XeNt58&e=> Vice President and Chief Information Officer Information Services Jepson Hall G-12 28 Westhampton Way University of Richmond, VA 23173 Office: 804.289.8771 Fax: 804.289.8988 http://is.richmond.edu <https://urldefense.proofpoint.com/v2/url?u=http-3A__is.richmond.edu_&d=DwMFAg&c=7ypwAowFJ8v-mw8AB-SdSueVQgSDL4HiiSaLK01W8HA&r=MiccpEVSKT3DA5jws6edeA&m=xE9EjWmvszeA_LQHaZyOAO9TheSRXZP5Z1nRtLKN22E&s=90YlN-N0Ju2PBK4xgYEsTM3k3lRUUnkwKAc-OBTeK-I&e=> Email: kmcintosh () richmond edu Twitter: @ <https://urldefense.proofpoint.com/v2/url?u=https-3A__twitter.com_Keith-5FMcIntosh&d=DwMFAg&c=7ypwAowFJ8v-mw8AB-SdSueVQgSDL4HiiSaLK01W8HA&r=MiccpEVSKT3DA5jws6edeA&m=xE9EjWmvszeA_LQHaZyOAO9TheSRXZP5Z1nRtLKN22E&s=i_IyoJXiAP-3SUHk3zFgcVFLCwKMzDYy-9FVM8y16mQ&e=> Keith_McIntosh <https://urldefense.proofpoint.com/v2/url?u=https-3A__twitter.com_Keith-5FMcIntosh&d=DwMFAg&c=7ypwAowFJ8v-mw8AB-SdSueVQgSDL4HiiSaLK01W8HA&r=MiccpEVSKT3DA5jws6edeA&m=xE9EjWmvszeA_LQHaZyOAO9TheSRXZP5Z1nRtLKN22E&s=i_IyoJXiAP-3SUHk3zFgcVFLCwKMzDYy-9FVM8y16mQ&e=> This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, privileged, confidential, and exempt from disclosure under applicable law or may constitute as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, notify us immediately by telephone at (815)-836-5950 and (i) destroy this message if a facsimile or (ii) delete this message immediately if this is an electronic communication. Thank you.
-- *Linc Nesheim* Information Security Officer Whitman College *509-527-5852*
Current thread:
- Do students hold universities accountable for protecting their information? McIntosh, Keith (Jun 11)
- Re: Do students hold universities accountable for protecting their information? SPolsky@PACC (Jun 11)
- Re: Do students hold universities accountable for protecting their information? Josh Callahan (Jun 11)
- Re: Do students hold universities accountable for protecting their information? Hudson, Edward (Jun 11)
- Re: Do students hold universities accountable for protecting their information? Paige Francis (Jun 11)
- Re: Do students hold universities accountable for protecting their information? Barton, Robert W. (Jun 11)
- Re: Do students hold universities accountable for protecting their information? Linc Nesheim (Jun 11)
- Re: Do students hold universities accountable for protecting their information? Brad Judy (Jun 11)
- Re: Do students hold universities accountable for protecting their information? John Ramsey (Jun 12)
- Re: Do students hold universities accountable for protecting their information? Frank Barton (Jun 12)
- Re: Do students hold universities accountable for protecting their information? Ruth Ginzberg (Jun 12)
- Re: Do students hold universities accountable for protecting their information? Valerie Vogel (Jun 12)
- Re: Do students hold universities accountable for protecting their information? Pitt, Sharon (Jun 12)
- Re: Do students hold universities accountable for protecting their information? Semmens, Theresa (Jun 12)
- Re: Do students hold universities accountable for protecting their information? McIntosh, Keith (Jun 12)
- Re: Do students hold universities accountable for protecting their information? Barton, Robert W. (Jun 11)
- Re: Do students hold universities accountable for protecting their information? Josh Callahan (Jun 12)