Data privacy should be imposed in universities, who knows how much information they have and whom they share it with.
Data privacy is a must
Since the Cambridge Analytica controversy, the issue of data privacy has been ringing the bell of the public. Cambridge Analytica, a company that purchased Facebook user’s data and was allegedly used as premeditation for people to vote Trump. The company denied the issues though, they believe it was just a plot facilitated by anti-Trump supporters who didn’t like the result of the election.
The situation of data privacy in colleges
US universities have started to hire information security officers as part of the school’s IT team. Chief information security officers will be tasked to ensure the data privacy of university students is well kept from the public.
Celeste Schwartz, vice president of IT and chief digital officer at Montgomery County Community College suggests that all colleges should have privacy officers on a compulsory basis. A law should be made to mandate it in all universities.
However, at American University in Washington, they prefer forming a group to look over their data privacy matters instead of hiring a chief privacy officer.
We see the responsibility to protect our university’s data as a shared responsibility. We are doing a good job so far, but not yet conisdered as an expert in it.
–Cathy Hubbs, chief information security at American University
One of the pioneering universities to adopt the privacy officer policy was The University of Pennsylvania. It started its data privacy policy way back in 2001.
We now have seven full time privacy officers. We are tasked to monitor policy developments and ensure that the university complies. Our role as privacy officers is to raise awareness on privacy issues in the campus and help protect university data from being used without permission.
-Scott Schafer, chief university privacy officer at University of Pennsylvania
Laws have difficulty in keeping up with technology. This is why data issues on the micro level should be addressed first by responsible institutions before it gets out of hand.
Schafer also added that data should be collected on a need-to-know basis. Users should also have the responsibility of determining why data was being gathered and up to what extent shall it be used. Privacy is a component of security, but both should go hand in hand in order to preserve the purpose of securing what you consider is private data.