Colleges Face Increased Global Privacy, Data Security Challenges, Say Lawyers
Higher education institutions face new data security challenges, including increased “global regulatory requirements on data privacy,” JacksonLewis attorneys blogged Friday.
Sign up for a free preview to unlock the rest of this article
If your job depends on informed compliance, you need International Trade Today. Delivered every business day and available any time online, only International Trade Today helps you stay current on the increasingly complex international trade regulatory environment.
For instance, universities must account for restrictions on cross-border data transfers, which “can impact international campuses, visiting faculty, study abroad programs, and the sharing of research data,” attorneys Benjamin Davis and Delonie Plummer wrote. “Administrators should consider establishing clear policies for potential international data sharing that incorporate the interplay between U.S. and relevant international requirements," such as the DOJ Data Transfer Rule, Europe’s GDPR and China’s Personal Information Protection Law.
Also, higher education “should consider implementing or adopting privacy policies that incorporate the use of AI.”
Meanwhile, universities’ increased use of location-tracking technologies for things like campus safety and attendance monitoring brings with it potential privacy concerns, they said. “Administrators should consider developing a program that limits data collection to what is necessary for legitimate institutional purposes and regularly review location-tracking policies and procedures to ensure compliance with global regulatory requirements.”
In addition, colleges “are increasingly susceptible to cybersecurity threats, including data breaches,” which could lead to high-cost remedies and possible privacy litigation, the attorneys said. “Institutions may want to implement and routinely update policies and procedures regarding the collection of data, safeguard data, and incident responses.”
Lastly, the JacksonLewis lawyers suggested that higher education institutions review their contracts with third-party vendors. “Proper contractual safeguards help institutions retain appropriate control over how this data is collected, processed, and maintained,” they said. “Institutions may want to consider implementing formal vendor assessment processes, including specific security and privacy requirements in contracts, conducting regular security reviews of critical vendors, and developing contingency plans for vendor security incidents.”