UNIVERSITY PARK, Pa. — Penn State recently pledged its commitment to data privacy by registering as a 2023 Data Privacy Week Champion with the National Cybersecurity Alliance. As a champion, Penn State recognizes and supports the principle that all organizations share the responsibility of being conscientious stewards of personal information.
Data Privacy Week is an annual expanded effort from Data Privacy Day — taking place this year from Jan. 22-28. The aim of this week is to spread awareness about online privacy among individuals and organizations. The goal is twofold: to help citizens understand that they have the power to manage their data, and to help organizations understand why it is important that they respect their users' data.
All online activity generates a trail of data. Websites, apps and services collect data on an individual’s behaviors, interests and purchases. According to the Pew Research Center, 79% of U.S. adults report being concerned about the way their data is being used by companies.
While it is true that individuals cannot control how each byte of data concerning themselves is shared and processed, one is not helpless. In honor of Data Privacy Week, Penn State News recently sat down with Holly Swires, chief privacy officer at Penn State, to discuss best practices for achieving and maintaining data privacy.
Penn State News: For starters, why is it so important for individuals to take data privacy seriously?
Swires: It’s important for our Penn State community members to be continuously informed of the privacy services available to them and encourage them to adopt a privacy-focused mindset with not only their personal information but the personal information they work with at Penn State.
Penn State News: Are there any new measures or policies that Penn State has put in place recently to protect personal data for students, faculty and staff?
Swires: Penn State’s Privacy Office has built a robust privacy program that has been able to sustain the recent additions to the privacy and data protection regulatory landscape. There are many proactive steps that can be taken to help faculty, staff and students not only protect the personal data they work with, but also manage the use of that data. The mission of the Privacy Office is to create one privacy program for the University, which includes Penn State’s Privacy Policy, AD53, and its corresponding standard and guiding principles.
Due to all the varying U.S. and international privacy and data protections laws, faculty, staff and students are encouraged to first reach out to the Privacy Team to request a Privacy Impact Assessment, or PIA, to analyze how their unit collects, uses, shares and maintains personal information on behalf of Penn State. This assessment is designed to help units meet all applicable legal and regulatory requirements, determine any potential privacy-related risks, evaluate protections, and identify processes to mitigate these potential risks.
Penn State News: How have data privacy laws changed over the years to address this growing concern?
Swires: Data privacy laws are continuously changing and evolving, and it’s critical that we, as a Privacy Team, build a privacy program at the University that is forward-thinking and futuristic. The key to addressing these newly emerging requirements is really staying on top of the regulatory landscape and most impactfully benchmarking with our privacy colleagues in higher education to develop consistent strategies to address concerns related to data privacy.
Penn State News: Can you share any practical advice for Penn State community members to take immediate action to prevent theft of or unauthorized access to their personal information?
Swires: Penn State only collects and retains personal information where required by law, University policy, or where necessary for business or educational purposes. Community members should be mindful of who has access to their personal information and limit the data they share.
Many mobile apps request access to your personal information, including geolocation, contacts and photos, all of which often contain a wealth of personal information. Denying or restricting access to this information across your various apps and social media accounts is an effortless way to help your private information stay private.
The National Cybersecurity Alliance (NCA) maintains a guide with more information on how individuals can protect their data. Along with managing your data privacy settings, the NCA provides the following cybersecurity tips to keep your data safe:
- Create long (at least 12 characters), unique passwords for each account and device.
- Turn on multifactor authentication (MFA) wherever it is permitted. This keeps your data safe even if your password is compromised.
- Turn on automatic device, software and browser updates, or make sure you install updates as soon as they are available.
- Learn how to identify phishing messages, which can be sent as emails, texts or direct messages.
It’s also important to never give out personal information over the phone when contacted. Hang up and call back the number listed on a financial statement or credit card or ensure the call is legitimate, regularly check your credit reports, and limit your exposure. For example: Limit the amount of credit cards you carry in your wallet and don’t carry your Social Security card, in the event your wallet is lost or stolen.
Penn State News: Any last thoughts on how best to celebrate Data Privacy Day this year?
Swires: I think the best way to celebrate Data Privacy Day is being informed that there is a Privacy Team that is made up of a dedicated team of privacy professionals, who are ready and available to help units across Penn State evaluate their privacy practices and incorporate the University’s privacy principles into their daily work. I would encourage all members of the University community to connect with the Privacy Team at privacy@psu.edu to learn more about how the Privacy Office can help support their business practices.
Click here for more information about Penn State’s current data privacy policies.
Click here for more information about Data Privacy Week and how to get involved.
Click here for more information about the National Cybersecurity Alliance.