Data privacy is a major risk issue for any business, including the University. We are ultimately responsible for the data we have access to at the University, and there are people who want to fraudulently access that information. What can we do about it?
The first step is to recognize where the vulnerabilities lie. A data breach could happen as a result of simple mistakes, such as:
- losing a laptop, USB or smartphone;
- leaving files in a public place;
- emailing the wrong person;
- sharing personal information on social networking websites.
A breach may be linked to an unfortunate event, like a theft at the office, or it may be caused by a sophisticated attack such as a deliberate hack to the network or card skimming. Each department should classify the type of information they hold and categorize the level of hazard attached to each category. For instance, credit card details are arguably the most valuable data currency for hackers, but they are also interested in personal health information, social insurance numbers and passport information.
You should take a layered approach to preventing data loss, including:
- Physical security: Protect against break-ins and theft of equipment containing personal data
- Anti-virus and anti-malware: Use regularly and keep up-to-date
- Access controls: Restrict access to systems to users and sources based on roles and responsibilities. Each user must have their own username and password. You should use strong passwords and change them on a regular basis.
- Awareness: Employees need to be aware of their roles and responsibilities. Train your staff to recognize threats such as phishing emails and other malware.
As big data concepts are increasingly brought into the educational arena to use student data to better inform institutional direction and speak to learning outcomes, privacy has to be considered and robust data governance and policies need to be in place to safeguard student privacy. The same goes for employee and research information. Given the roles and responsibilities in IT, we must get more informed and educated about legal, policy and ethical aspects.
As individuals who use social media and other digital services, we need to:
- Recognize threats
- Defend our rights
- Protect our family.
This particularly applies in protecting the privacy of our personal information when enjoying social media tools. With bring-your-own-devices (BYOD) at work and school (and everywhere else!), the risks of our private data being misused multiplies exponentially. Privacy and our behavioural patterns are real issues in the reality of a connected world, which is set to expand as the IoT (Internet of Things) slowly starts going mainstream. All these fun and useful apps leave a growing digital trail of our life. Protection of privacy and data should be everyone's priority.