If You Collect It, Protect It
November 12, 2019
Privacy and security are similar ideas, but they aren’t interchangeable. Here’s the difference:
Privacy refers to a person’s ability to control their personal data and how it’s used.
Security refers to how that data is protected.
Data Privacy laws are being created around the globe to ensure that every individual has a right to their Personal Data and how it is used by organizations.
As an employee at Biola, if you collect any information about a particular person (“Personal Data”) as part of your job, it’s your duty to secure that information, and use it responsibly.
What Personal Data does your department collect?
We handle a lot of data at Biola. Think about all the private Personal Data contained in the following documents:
- Prospective student applications
- Alumni transcripts
- Employee reviews
- Class rosters
- Newsletter mailing lists
- Webpage traffic and reports for logged-in users
- Department emergency contact directories
As a rule, if you collect a person’s data, you must clearly inform them about how it will be used.
Why does your department collect Personal Data?
Be open and honest about how and why you collect, use, and share personal information. Clearly communicate about your privacy practices and any data management tools you offer your customers.
- If you are collecting contact information (e.g. email addresses), explain what communications you will send, and why.
- If you use a web form or survey with a series of questions, provide a simple explanation or disclaimer about what the answers will be used for.
How does your department protect Personal Data?
If you collect it, you must protect it. You should have policies and processes that your department always follows protect individuals’ personal information from inappropriate and unauthorized access. This means:
- Only keep someone’s personal data that you need to use for your job
- Don't keep someone’s personal data longer than you need it
- Only store data in a secure location (this is true for digital and paper files)
- Make sure no one has access to personal data if they don’t need to use it
Create a culture of privacy in your department. Talk with your coworkers about their role in privacy, security, and respecting and protecting the personal information of colleagues and students.
Speak out when you see your coworkers using personal data irresponsibly.
Conduct due diligence and maintain oversight of partners and vendors. You are responsible for how they use and collect personal information.
- If you’re a professor teaching a Canvas course, talk with IT before adding a Canvas app that may collect student information.
- Biola must enter into a data protection agreement with any vendor or partner that uses Personal Data. When assessing a product to buy, consider what data the vendor collects, and whether or not you can trust them with the information.