IMPLEMENTING AN INFORMATION PRIVACY AND SECURITY TEAM

Session Speakers: Mike Leach, Jenn Stewart

The change in online threats and increasing incidents of data spills at educational institutions has raised awareness across the nation. Data breaches are being exposed regularly and as a result, federal and state laws and regulations continue increasing their security requirements. The need for institutional risk assessment is vital now more than ever. Jointly, the Senior Director for Security Operations and Services and the Chief Privacy Officer at Penn State identified the need to change our security posture and developed an Information Privacy and Security (IPAS) project plan. The project plan consists of three full time staff members, two committee chairs and a multi-phased detailed project plan. The first phase of the project evolved around compliance efforts towards the Payment Card Industry Data Security Standards (PCI DSS). The primary goals of the second phase are to ensure the privacy of critical information relative to current statutes and to improve the ability to respond to new legislation. Effective collaborations were built - and continue to be built - across Penn States 24-campus locations. Representatives from various administrative areas serve on a Working Group to evaluate new services and review existing policies. University-wide security enhancements were made; including the addition of centralized services (scanning, encryption and eCommerce). Not all services were well received; therefore, collaborative efforts and support from senior management were obtained prior to implementation. The IPAS project faced both challenges and experienced successes over the years. Participants can expect to learn collaborative efforts in the development and implementation of an information, privacy and security project. Mitigate your institutions potential loss of data and stay out of the media.