Take Four: Maintaining Privacy and Protecting Data at Colleges and Universities

The white paper “Striking a Balance: Privacy and Data Protection Strategies for Higher Education” by Trusted Network Technologies and made available by Knowledgestorm looks at the challenges universities face in protecting the privacy of their faculty, staff, students, alumni and donors while making their information available to those who need it. From February 2005 to June 2006, there were 68 breaches of personal digital information at U.S. universities and colleges, the paper reports.

In the face of this negative publicity, colleges and universities are faced with the challenge of maintaining the trust of alumni and donors, as well as students, parents and faculty. Trusted Network Technologies recommends these institutions take the following four steps to win this trust:

1. Follow the banking model where privacy and trust are cherished. Embrace the duty to protect sensitive personal and financial information in the same way you embrace your institution’s mission.

2. Do the simple stuff. A lot of identity-theft incidents at colleges and universities are the result of sloppiness, e.g., stolen or misplaced laptops. Promote care, accountability and common sense. Train and educate faculty, staff and students on your privacy policy and its importance; mandate protection of laptop computers and backup devices among staff; keep track of what information is posted to the Web; maintain caution when sending e-mail attachments.

3. Use the right technology tools for access control. Information breaches at the hands of hackers pose the biggest threat to higher-education institutions. Assess the technologies that are available and consider identity-based access controls to protect data. Some tools include firewalls, intrusion detection and other security solutions that can serve as filters; hardware tokens and smart cards that can be used for greater user authentication; network admission control technologies to verify the health of computers connecting to the network; virtual private networks, which provide an encrypted connection for remote users; and password-management products, which automate password creation and resets.

4. Take advantage of existing IT projects. Earmark part of the institution’s IT budget for operational projects such as enterprise resource planning programs for identity-based controls and make protection against identity theft a fundamental part of the IT environment.

Trusted Network Technologies is an Atlanta-based provider of identity-based management solutions and Knowledgestorm is an Alpharetta, Ga.-based online resource for technology solutions and information. To view this white paper, visit http://tinyurl.com/qphgr