Data Privacy Day 2020
Encouraging you to know and understand your data
Scroll through your newsfeed and likely you’ll find a story about data privacy. Who is collecting your data? How they are collecting it? Who can access it? Has it been breached?
Technology Services’ Privacy and Security Team is getting out on campus on January 28—Data Privacy Day—in an effort to get the Illinois community thinking about data privacy.
What types of personal data does the University collect?
State, Federal, and international regulations, as well as university policies dictate the ways in which the university can handle personal data. Unlike other countries, the United States has not yet adopted a comprehensive, Federal data privacy law and therefore addresses data privacy by industry sector.
The university separates personal data into the following categories that often align to the industry sectors: general identification data, student (academic) data, employee data, health (medical) data, financial (consumer) data and research data.
Personal data is also classified according potential risk: High-Risk, Sensitive, Internal, and Public. The university has adopted specific information security standards to address the various levels of risk. The higher the risk level, the more security controls are employed to protect against those risks.
Do I have a say in what is done with my personal data?
The university must collect, maintain and, at times, share certain types or personal data for business purposes according to that person’s status (student, faculty, staff or alumni). Federal and State laws dictate that certain personal information must be collected and kept for specified times. However, that does not mean end-users do not have a say in what is collected, stored, shared, or how the data is used.
Kurt Finley, Lead Information Compliance Analyst, shared real-life examples to illustrate a few of these processes.
FERPA – The Family Educational Rights and Privacy Act governs how student information is handled. It allows students to withhold sharing of their personal information, known under FERPA as directory information, to third parties. This is called FERPA suppression and changes are allowed during the first week of every semester.
HIPAA -The Health Insurance Portability and Accountability Act was originally drafted to help address payment and information sharing problems, primarily between health providers and health insurers. Among other HIPAA rights, patients can opt to see with whom their health information has been shared, deny sharing if not needed, and correct health record information.
Software, including cloud services applications have privacy policies and terms of service. While they may be long and even cumbersome, Finley encourages you to read through them before agreeing to download and use an app or software program.
“You are your data. Take care where and how you share. You want to know and understand—and agree to—the ways in which companies collect, manage, share and even dispose of your data,” Finley said.
“Awareness is key. Privacy is about making an informed choice regarding who you share your personal data with and how it is used. That choice should be determined by the level of trust you have with that person or organization. If you are OK sharing your data with advertiser X or company Y in exchange for having access to a free app, fine. Just be aware that in doing so, that company providing the free app may collect and monetize your personal information. If that information is sold, it can be aggregated with other information that may someday work against you,” he added.
Where can I learn more?
Take home a webcam cover and additional privacy tips when you stop and say hello to Privacy and Security Team members at the following campus locations on Tuesday, January 28.
Illini Union, Southeast Vestibule
Ikenberry Commons, First Floor Lobby
Additional information can be found at go.illinois.edu/dataprivacy.