The Ever-evolving Regulatory Landscape Around Data

Dan Han, CISO, Virginia Commonwealth University

Dan Han, CISO, Virginia Commonwealth University

Over the last decade, the information security and privacy industry have rapidly shifted along with technological advancements. While the controls of the yesteryears are often still in place to safeguard the legacy infrastructure in our environments, a new set of challenges has emerged for security professionals in educational institutions of today. Aside from the classic focus of confidentiality, integrity, and availability of information, information security and privacy professionals must now also pay attention to the responsible use of information, trust, and transparency.

In a world driven by complex digital machines fueled by predictive analytics model and interconnected through APIs, data elements that seemed mundane and meaningless in the past can now be correlated together to generate meaningful information about constituents in an organization. In a modern educational institution, intentional and unintentional data sensors are deployed everywhere across the campus where data about individuals and the environment in which they operate are being collected; geolocation data is collected through WiFi access points and Bluetooth beacons, building entry and exit data are collected through campus card readers and cameras, data related to diet and exercise routines collected through cafeterias and recreational facilities, and interaction data between an individual and the learning management system is collected through authentication logs. These data, among others, can then be correlated, enriched, and refined through predictive models to allow an institution to predict anything from student success to student health.

With this incredible capability to make sense of data at our fingertips, the question related to the ethical use of these data also arises. The regulatory and legal industry is struggling to keep up with the rapid development of technology and the modern ability to process data, and have only recently started to realize the impact of mass data collection and processing. With the emergence of the EU General Data Protection Regulation and the high profile court cases against the mega tech firms in the Silicon Valley, consumers and regulators alike are beginning to take notice and action against mass data collection and processing. In January of 2020, similar to the California SB 1386 that brought the data breach notification laws across the United States in the 2000s, the California Consumer Privacy Act became effective and helped to usher in a new wave of data privacy regulations being proposed across the United States. In 2019, nearly half of all states in the U.S. and Puerto Rico have had new legislative proposals related to data and information privacy.

However, without concrete regulatory guidance, it is currently up to organizations to self-govern and self-regulate to ensure we are being responsible stewards of the data collected by these data sensors. As modern institutions develop capabilities to tap into the data at its fingertips, it must also take into consideration of core privacy principle that should be provided to individuals within its realm. These include notice to individuals on the collection and use of the data, choice provided to the individuals on the use and sharing of their data, access provided to the individuals for the examination of their own data, and the security, responsible use and maintenance of the collected data. Only through the exercise of these principles, can we, as institutions and stewards of institutional data, earn the trust and confidence of our constituents and safely navigate the future where firm regulations around data processing and collection are sure to emerge.

Weekly Brief

Top 10 Security Solution Companies - 2018

Read Also

How advancing digital learning resources can drive student engagement in higher education

How advancing digital learning resources can drive student engagement in higher education

Adrian Gallagher, Associate University Librarian, Learning Resources, Technology and Infrastructure, Victoria University
From Passive to Active Cybersecurity Risk Management

From Passive to Active Cybersecurity Risk Management

Frederic Lemieux, Ph.D. Director, Master’s in Cybersecurity Risk Management, Georgetown University
Leveraging Cutting-edge EdTech to Enhance Student Experience

Leveraging Cutting-edge EdTech to Enhance Student Experience

Kenneth Pierce, Vice President at Information Technology & Chief Information Officer, Texas State University
AI and Advanced Computing in Corporate Analytics, Training and Education

AI and Advanced Computing in Corporate Analytics, Training and Education

Brendan McGinty, Director of Industry, National Center for Supercomputing Applications (NCSA), University of Illinois, Urbana-Champaign and Dr. Eliu Huerta, Director, Center for Artificial Intelligence Innovation, National Center for Supercomputing Applications and Dr. Volodymyr Kindratenko, Senior Research Scientist, Center for Artificial Intelligence Innovation, National Center for Supercomputing Applications
The Danger of Online Proctoring Tools

The Danger of Online Proctoring Tools

Udayan Das, Clinical Instructor of Computer Science, Director of Technology Programs, School of Continuing and Professional Studies, Loyola University Chicago
A Sense Of Unease When College Students Are Not Learning And Developing Well: Applying Artificial Intelligence Strategies

A Sense Of Unease When College Students Are Not Learning And Developing Well: Applying Artificial Intelligence Strategies

Michael Ben-Avie, Ph.D. Senior Director Of Learning Assessment And Research, Quinnipiac University