Educause Guidance for Higher Ed Leaders: Basics of Data Privacy Oversight, Transparency, and Compliance

A new Showcase Series from Educause, titled “Privacy and Cybersecurity 101,” offers guidance for higher education leaders on pressing issues of the day: data privacy, information security, and institutional transparency around both.

Everyone is talking about data privacy and security, Educause’s post says, but “how many of us in higher education understand the role we play in data use and protection, realize how we can help students gain clarity about what these issues mean for them, and are aware of what lies ahead for compliance requirements?”

The first key step, dubbed “The Intention-Protection Connection,” is a clear explanation from leaders of higher education institutions that lays out what kind of data will be collected, how it will be used, and how it will be protected, Educause said.

The Educause post features a video Q&A with Ben Archer, privacy manager at Arizona State University, which starts with Archer explaining why data privacy literacy is a foundational requirement for higher education leaders.

The brief video explains such things as why education leaders not only need to practice data privacy literacy but also should be capitalizing on the “opportunity to show students how their data should be handled.”

The Educause post then delves into the importance of transparency by higher education institutions around data collection, data use, and data privacy — basing its guidance on results of a broad survey conducted last year, “Student Data Privacy and Security: A Call for Transparent Practices."

The resulting report from that survey explains why students feel like they cannot trust their institution without transparency about the institution's data privacy and information security practices, and it further explains how data privacy and infosec are equity issues.

Finally, Educause advises IT practitioners and leaders at higher education institutions to continue working toward full compliance with federal infosec guidelines using the NIST SP 800-171 Toolkit. “Campus leaders need to understand the requirements, the ways those requirements might run counter to the higher education values of openness and collaboration, and how to demonstrate institutional compliance,” Educause said.

Learn more and access the guidance materials at the Educause website.

About the Author

Kristal Kuykendall is editor, 1105 Media Education Group. She can be reached at [email protected].


Featured

  • an online form with checkboxes, a shield icon for security, and a lock symbol for privacy, set against a clean, monochromatic background

    Educause HECVAT Vendor Assessment Tool Gets an Upgrade

    Educause has announced HECVAT 4, the latest update to its Higher Education Community Vendor Assessment Toolkit.

  • illustration of a football stadium with helmet on the left and laptop with ed tech icons on the right

    The 2025 NFL Draft and Ed Tech Selection: A Strategic Parallel

    In the fast-evolving landscape of collegiate football, the NFL, and higher education, one might not immediately draw connections between the 2025 NFL Draft and the selection of proper educational technology for a college campus. However, upon closer examination, both processes share striking similarities: a rigorous assessment of needs, long-term strategic impact, talent or tool evaluation, financial considerations, and adaptability to a dynamic future.

  • university building surrounded by icons for AI, checklists, and data governance

    Improving AI Governance for Stronger University Compliance and Innovation

    AI can generate valuable insights for higher education institutions and it can be used to enhance the teaching process itself. The caveat is that this can only be achieved when universities adopt a strategic and proactive set of data and process management policies for their use of AI.

  • DeepSeek on AWS

    AWS Offers DeepSeek-R1 as Fully Managed Serverless Model, Recommends Guardrails

    Amazon Web Services (AWS) has announced the availability of DeepSeek-R1 as a fully managed serverless AI model, enabling developers to build and deploy it without having to manage the underlying infrastructure.