January 28 is National Data Privacy Day.
According to Stay Safe Online, an educational website sponsored by the National Cyber Security Alliance (NCSA), Data Privacy Day is observed in an effort to create awareness about the importance of privacy and protecting personal information.
WashU stores, collects and uses data from multiple sources in fulfilling its clinical, academic and research missions. The WashU Information Security Office, Office of Research, HIPAA Privacy Office and other departments prioritize implementing solutions, business processes and policies to protect student, staff, patient, research and other data.
“As an institution for higher learning and a leader in the health care industry, data privacy is important. Washington University privacy policies, information security protocols and various technologies help protect personally identifiable information (PII) of our faculty, students, patients and staff as well as the universities intellectual property. However, we also recognize the power of knowledge, actions and role that we all play in protecting our information at work and at home. Our goal is to inform and enable the WashU community to take action and help create a culture of data privacy,” said Chief Information Security Officer, Kevin Hardcastle.
Data Privacy at WashU.
Director of Enterprise Applications Douglas Briggs works diligently with his team to keep PPI safe at the WashU data warehouse.
Briggs says, “We typically think of the data we are most concerned about protecting according to its security classification. The CISO has defined categories of data based upon its sensitivity.”
Briggs notes, “For us in the data management organization, the most visible component of our data privacy activity concerns data stored in the university’s data warehouse. Protected data fields (or data “elements” as we often refer to them) are restricted from casual use in reports by segregating them to reports and areas of Cognos (the university’s standard data reporting tool) that require special authorization to use. In many cases, access to information is restricted by need to specific departments or schools, and requires high-level approval for wider authorization. In most cases, we use identical protocols to those in the source systems to restrict access. In other cases, the data warehouse has separate security authorization for some kinds of data distinct from that of the source system(s) originating it.”
Briggs talked about additional security techniques. “We also employ some techniques like hashing, encrypting, and masking of some data fields as they are brought into the data warehouse so they cannot be misused.”
Be aware. Be informed. Be proactive.
Staysafeonline.org is a great resource for awareness of security topics relevant to our everyday activities and ways to better protect data. The website is used to educate and advocate our shared responsibility in information security.
Privacy is good for business: We can create a culture of privacy at work by teaching all employees what privacy means to your organization and the role they have in making sure privacy is achieved and maintained. Check out their Privacy is Good for Business tip sheet for help getting started. You can also visit it.wustl.edu to access a comprehensive list of IT security policies for WashU.
Own your online presence: Talk to your family and friends about protecting personal information and how to stay safe online. Get started with Privacy Tips for Parents or download Open DNS at home.
OpenDNS is a company that WashU uses to provide cloud-delivered network security services that protects devices from known and emergent threats such as malware, spyware, adware and phishing sites. WashU students, faculty and staff who would like to take advantage of the OpenDNS protection service at home can visit the website for options of the software download.
In Your Community
Share your privacy knowledge: Volunteer in a local school, senior care facility or faith-based organization, send messages on community listservs and NCSA’s privacy resources to spread the word.
Attend a Data Privacy Day event: See what Data Privacy Day activities are taking place in your area.
According to Dan Zweifel, Director of Shared Infrastructure, “Growing phishing email threats are leading the university to increase protection of both university and personal data.” In spring 2018, WashU 2FA enrollment will be made mandatory for all WUSTL Key users. This service will expand to require two-step authentication for all WashU systems and increase protection of applications from off campus locations. To learn more about WashU 2FA two-step authentication and the WashU 2FA+ expansion visit the website.