CISO Memo: Security, Data, Privacy, & Compliance

It's funny how our past experiences can help us in our current and future endeavors. Before coming to Brown, I worked in a highly regulated financial services company. Moving into higher education was akin to moving to the wild, wild, west, but I wouldn't have wanted it any other way. The openness, academic freedom, and spirit of cooperation are palpable on any campus, but especially here at Brown.

However, openness is sometimes in direct confrontation with security (of any kind). As a result, we hear of more and more data breaches from the media, or in letters we receive at our homes. With that comes law, policy, and regulation, and higher education is not immune. I'm glad that I have the background that I do!

With federal laws (such as HIPAA for medical records, and PCI for credit cards) and state resolutions (such as the Massachusetts Breach Notification law, 201 CMR 17.00, that went into effect on March 1st) beginning to impact our campus, efforts are underway to not only remain compliant with all the laws, but also ensuring the protection of the information necessary for the business and the teaching at Brown to continue unhindered.

In the coming months you'll be hearing about efforts on campus for data stewardship, record management, privacy, and personally identifiable information (PII). We'll be focusing on the reduction of social security numbers (where not needed for business processes), retention periods, and the proper handling of Brown restricted information.

A Steering Committee has been formed and plans are being made. It's important for this initiative to provide the tools necessary for individuals and departments to be successful in this, and the development and selection of the solution are in progress. This will be a well-thought out and lengthy process, but Brown and I are committed to its success. As Marie Curie once said "I was taught that the way of progress is neither swift nor easy." I think she would say the same about this.

As always, I welcome your comments and feedback. Please feel free to reach out to me directly at david_sherry@brown.edu, or the entire team at ISG@brown.edu. Let me know how we are doing, areas of concern you may have, or questions on protecting your identity or personal computing security. And remember, sec_rity is not complete without U!

Problems with this page? Write to secureit@brown.edu

May 2010 Edition

• May 2010 home page
• CISO Memo
• Password Sharing
• Profile: Sewell & Seth
• New Email, New Password
• Facebook & Privacy
• What's on Your Copier?
• Safer Online Banking
• Website in the Works
• Security Headlines
• Secure IT! Archives

Contact us at isg@brown.edu