The privacy 'evolution to revolution' in higher education

Decanda M. Faulk (df@faulk-associates.com) is General Counsel of US Post-Acute Service Solutions in Union, New Jersey, and Founder of Faulk & Associates in Newark, New Jersey, USA.

Protecting the personal information of students and employees is an ongoing concern for higher education institutions (HEIs), such as colleges and universities, that rely on modern information systems to store essential business and resource data. The security of these information systems must be adeptly handled by applying both technical and behavioral controls. However, the security culture in HEIs remains challenging because of the reportedly lax attitude of employees (particularly faculty, staff, leadership, and governing bodies) toward the HEIs’ resources and their obligations to maintain their privacy and security. In addition, the ease and comfort with which students use technology, specifically social media platforms, increase the vulnerabilities of campus information systems and exposure to malware.

Thus, balancing traditional legal and regulatory compliance with contemporary threats to privacy (e.g., data protection, data governance) and cybersecurity are top priorities for HEIs. Yet navigating the legal and regulatory landscape when managing privacy and cybersecurity threats is becoming more challenging. The legal and compliance departments of many HEIs in the United States may not be as familiar with the complexities of data privacy laws and regulations or how to comply with these laws as other sectors. Today, the growth and expansiveness of data privacy laws and risks of ransomware attacks, which pose a threat of significant reputational harm and subject HEIs to penalties for noncompliance, make robust cybersecurity and privacy programs an important compliance endeavor for HEIs.

While security has been around much longer than privacy in HEIs and, therefore, is better established in most HEIs than privacy, this situation is changing. With the numerous pieces of privacy legislation that went into effect in 2020 and 2021, as concern over data breaches, use of data-tracking people’s behavior, and biometric surveillance technologies became part of the national discourse, the privacy posture of HEIs is shifting. As privacy concerns grow, HEIs are taking a more deliberate approach to scaling up their privacy and cybersecurity efforts.

This document is only available to members. Please log in or become a member.
 


Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field