The University of California has become the first major higher education institution in the country to clearly define privacy both for individuals and the university as a whole, and to establish guiding principles and a framework to address these issues.
Privacy is a highly complex issue, even more so in higher education because universities handle a wider array of services — from education, research and health care to historical archives and mortgage loans — than most private companies do. Privacy issues touch on everything from student, patient and donor records to the websites visited on work computers and the research data shared among colleagues.
UC’s new privacy program outlines the values and operating principles needed to strike the delicate balance between protecting the personal autonomy of individuals at UC and safeguarding the data entrusted to the university by the people it serves — all while maintaining the institutional transparency required of a public agency.
“UC has taken the lead in higher education in defining these privacy concepts and moving forward,” said UC Chief Compliance and Audit Officer Sheryl Vacca. “We have taken on a new model that is not just about protecting private and restricted information, but is about balancing the many rights and values of our broad constituency.”
President Janet Napolitano supports the approach to privacy, which had its origins in 2010 when her predecessor, Mark Yudof, convened a steering committee to perform a comprehensive review of the university’s current privacy and information security policies.
The committee’s resulting 47-page report clearly defines and differentiates between autonomy privacy (the ability of individuals to conduct activities without observation such as do research and visit websites) and information security (protects information about people and infrastructure such as student or patient records and intellectual property). The report identifies these as important UC values, sets guiding principles, and establishes a common vocabulary for how the university should address these issues.
While UC has consistently worked hard to comply with federal and state regulations, the goal of the privacy program is to allow UC to operate even more effectively and efficiently.
Each campus has designated a privacy official who will work collaboratively to develop, implement and administer a comprehensive privacy program at their location. Campuses are currently reviewing their privacy controls and addressing areas of potential vulnerability.
UC’s systemwide Office of Ethics and Compliance is coordinating training to ensure campuses remain well-versed on privacy risks, protections and industry best practices.