We began 2019 with renewed efforts to enhance our community’s understanding of data privacy and how to navigate security threats and pitfalls. Recent efforts include the celebration of Data Privacy Day on January 28ththis year, which coincided with the beginning of Tax Identity Theft Awareness week (January 28-February 1). Data privacy is always on our minds, but these events provide an opportunity to reflect on what we can do within our institution to protect data.
On our campuses, we have some well-known guidelines that must be followed, but the battle doesn’t end there. According to Chief Information Security Officer Kevin Hardcastle, “When we are talking privacy, it is not just HIPAA for patients or FERPA of students. All 50 states have some privacy laws and depending on the type of breach, there are many different requirements to report to those impacted and the state’s attorney general.”
Hardcastle says that it is absolutely critical that our staff understand that having access to sensitive data comes with the obligation to be professional and discreet. According to Hardcastle, “One key point for IT staff is that even though you have been granted access to support systems, it doesn’t give you the right to invade the privacy of our patients, staff or students. The majority of breaches are caused by internal staff accessing information they should not, so please use your access to do your job and not to snoop on your co-workers.”
Some of the best solutions for protecting your privacy online and keeping data safe can be easily integrated into daily tasks. Hardcastle says the top three things people can do to protect their data privacy are:
- Use multifactor authentication for sensitive accounts and e-mail. (The university uses WashU 2FA provided by Duo.)
- Think before you click on links in an e-mail or respond to e-mail asking for user ID and passwords.
- Set your privacy settings in social media to not share personal information with everyone.
The United States Computer Emergency Readiness Team (US-CERT) is also urging people to take care during tax season to protect themselves from tax-related identity theft. According US-CERT, “tax-related identity theft occurs when someone steals a Social Security number and uses it to claim a tax refund or get a job”. You can find more useful resources for staying safe during tax season on the US-CERT website.
Our new Information Security Office website is a fantastic resource for learning more about data privacy. You will find information about key policies, standards, and guidelines on the policies page.
Hardcastle says, “Data privacy is everyone’s responsibility, if you see or hear something, please notify the Information Security Office at email@example.com we can investigate.”