Privacy Matters Interview
As printed in the UWM Report, April 2013 (Volume 64, Number 3)
An interview with Tanya Choice-Henry,
IS Privacy and Awareness Analyst & UITS Privacy Officer
What is meant by “data privacy?”
“Data privacy” can mean the privacy of any data but the most common application of the term refers to protecting the privacy of personal data as mandated by state, federal, compliance and/or UW System requirements. Some of the requirements include: HIPAA (Health Insurance Portability and Accountablity Act), FERPA (Family Educational Rights and Privacy Act), PCI (Payment Card Industry) compliance, UWM and UW System Acceptable Use policies, and Wisconsin Act 134.98.
Why is this such a “hot topic” right now?
Data privacy has always been an important issue but it is really becoming a hot topic because of new and proposed legislation that expands or creates new requirements for the protection of electronic personal data. Many of the laws/regulations that are currently in place were written when electronic personal data and the sharing of that data was non-existent. With all the data breaches and potential for abuse of unsecure electronic data, just about any privacy or information security law/regulation that doesn’t specifically address electronic data, could be subject to revision. This is a trend that is expected to continue, and even the President of the United States is calling for legislation to protect electronic data.
What are the common types of data covered? What types of data are not usually considered but should be?
Data privacy includes common personal information, i.e., medical, educational and credit card records. But it is also important to know that data privacy and the related regulations can be applicable to research that is done with grant funds, copyright/publishing/invention information, banking data, human resource applications, passwords, and especially social security numbers—which should only be used as required by law!
Who’s responsible for data privacy?
Everyone has a role in protecting data! Whether accessing your own personal data or if you are privy, directly or indirectly, to the personal data of other person(s), safe computing habits are the first line of defense for protecting data.
What are the unique challenges for data privacy in higher ed?
Higher education institutions are in the difficult position of being required to adhere to many data privacy regulations when having access to private personal data is not the primary business of the institution. Many other industries (i.e., medical, banking or credit card industries) have one type of data to protect and can focus funding and policy efforts on protecting that data.
Since faculty and staff have responsibility for protecting data, where can they find help about how to do this?
UWM has taken many steps to provide data protection but individuals also have important roles for protecting institutional and private data. General information and specific resources by audience (i.e., faculty/staff, technical staff and students) is available at the Information Security website, security.uwm.edu. In addition, PrivacyMatters is a newly-developed tool that centralizes privacy-related information, policies and training available from various sources.