Examining Data Privacy

A hand holding a cell phone with a form open with fields for "Full name," "Date of birth," "Address," "City," and "Phone number."

Our personal privacy is essential to our sense of being and the formation of relationships – what we share and who we share it with helps define how we are perceived and how we perceive ourselves. So it’s no wonder that data privacy has become one of the most important concerns in higher education IT. 

Before we dive into a conversation about privacy, I want to let you know that SJSU IT doesn’t use your data to monitor you. We’re never checking in to see what you’re doing, but that doesn’t mean entities outside of SJSU aren’t. We’re doing everything possible to make your accounts and data safer and more secure. You can find our privacy notice here.

Data privacy is about more than just how and what kind of data gets collected. It’s also about protecting your data and earning your trust – privacy and security are inherently linked together. We highly value your trust and we work hard to protect your privacy and your data. 

When we talk about data privacy, it’s important to know how data about us is collected actively and passively. Active collection is when you share information explicitly, such as when you complete a transaction online, fill out a survey, make a new social media profile, or sign up for a new service. Passive collection is when your actions and choices are being monitored and mined for data, such as how cookies track which websites you visit, how long you visit them, and what you choose to click on. Another example of passive data collection is data that is collected through your everyday interactions: your gender, outward physical health, and shared experiences. In today’s world, your data is collected all the time, whether you know it or not.  

Aside from our own university privacy notice and the CSU’s privacy notice, San José State University follows an increasingly complex web of data privacy regulations and laws. Federal regulations such as the Family Educational Rights and Privacy Act (FERPA) are designed to protect student data. There are also special considerations for health and wellness data through the Health Insurance Portability and Accountability Act (HIPAA). On the state level, the California Consumer Privacy Act (CCPA) was the first comprehensive data privacy legislation in the country and remains one of the strictest. There are many more regulations, rules, and best practices to be taken into consideration when thinking about data privacy. 

However, even this ever-growing list of regulations fails to keep pace with the rate of advancement in technology. Because of this rapidly shifting landscape, we cannot rely solely on regulations and policies to protect us. We have to be extra cautious about what we share, where we share, and with whom we choose to share. It’s up to each of us to be mindful. 

Data privacy is a deep topic that weaves through many areas of Information Technology, and I know it matters to so many of you, as it does to many of us in SJSU IT.

Best regards,
Bob Lim
Vice President of Information Technology
and CIO at San José State University

 

Leave a Reply

Your email address will not be published. Required fields are marked *