Information Security

Educause Guidance for Higher Ed Leaders: Basics of Data Privacy Oversight, Transparency, and Compliance

• By Kristal Kuykendall
• 02/09/23

A new Showcase Series from Educause, titled “Privacy and Cybersecurity 101,” offers guidance for higher education leaders on pressing issues of the day: data privacy, information security, and institutional transparency around both.

Everyone is talking about data privacy and security, Educause’s post says, but “how many of us in higher education understand the role we play in data use and protection, realize how we can help students gain clarity about what these issues mean for them, and are aware of what lies ahead for compliance requirements?”

The first key step, dubbed “The Intention-Protection Connection,” is a clear explanation from leaders of higher education institutions that lays out what kind of data will be collected, how it will be used, and how it will be protected, Educause said.

The Educause post features a video Q&A with Ben Archer, privacy manager at Arizona State University, which starts with Archer explaining why data privacy literacy is a foundational requirement for higher education leaders.

The brief video explains such things as why education leaders not only need to practice data privacy literacy but also should be capitalizing on the “opportunity to show students how their data should be handled.”

The Educause post then delves into the importance of transparency by higher education institutions around data collection, data use, and data privacy — basing its guidance on results of a broad survey conducted last year, “Student Data Privacy and Security: A Call for Transparent Practices."

The resulting report from that survey explains why students feel like they cannot trust their institution without transparency about the institution's data privacy and information security practices, and it further explains how data privacy and infosec are equity issues.

Finally, Educause advises IT practitioners and leaders at higher education institutions to continue working toward full compliance with federal infosec guidelines using the NIST SP 800-171 Toolkit. “Campus leaders need to understand the requirements, the ways those requirements might run counter to the higher education values of openness and collaboration, and how to demonstrate institutional compliance,” Educause said.

Learn more and access the guidance materials at the Educause website.