Information Privacy and Records & Information Management
Colleges and universities possess an inordinate volume and variety of personal information about students and their families, employees, applicants, alumni, and donors for which they are subject to a broad array of privacy and security laws and regulations.
For example, student records are subject to the Family Educational Rights and Privacy Act (FERPA). Health related activities are subject to regulations under the Health Insurance Portability and Accountability Act (HIPPA). The security of many institutional financial records is subject to the Gramm-Leach Bliley (GLB) Act, and telephone marketing and solicitations are subject to various federal and state do not call laws.
Consequently, ALL university employees--executives, administrators, counselors, faculty, and staff--have both a legal and a moral responsibility to protect the privacy of all internal and external constituents by remaining aware of federal, state, and municipal regulations that pertain to the disclosure of information contained in official institutional records. If this obligation is not taken seriously, information breaches can bring legal liabilities to colleges and universities that can result in substantial financial costs, and just as importantly, in damage to an institution's public reputation.
Although privacy is often viewed as a legal or IT issue, Records and Information Management also has an intrinsic responsibility to control the management of and access to personal information.
Regardless of the location, size, or type, as businesses collect increasing amounts of personally identifiable information (PII), the protection of this information has become one of the largest--and most important--organizational challenges. Consequently, the more personal information that is gathered, the more stringent the measures that must be undertaken to protect that information.
What is Privacy?
According to the U.S. Dept. of Justice, privacy is defined as an individual's interest in preventing the inappropriate collection, use, and release of personally identifiable information. Privacy interests include privacy of personal behavior, privacy of personal communications, and privacy of personal data.
Other definitions of privacy include the capacity to be physically alone (solitude); to be free from physical interference, threat, or unwanted touching (assault, battery); or to avoid being seen or overheard in particular contexts.
What Is Personally Identifiable Information (PII)?
Personally identifiable information is one or more pieces of information that when considered together or when considered in the context of how it is presented or how it is gathered is sufficient to identify an individual. The pieces of information can be personal characteristics, a unique set of numbers or characters assigned to a specific individual, descriptions of events or points in time, and descriptions of locations or places. Examples include an individual's name in conjunction with their social security number or bank account numbers.
For additional and more in-depth information on information privacy, please see the following links:
- U.S. Dept. of Justice Privacy and Civil Liberties Policy Implementation Guide
- U.S. Dept. of Homeland Security Privacy Office
- International Association of Privacy Professionals (IAPP)
- National Association for Information Destruction (NAID)