Data Privacy Digital Scavenger Hunt Jan 20-22, 2021
We’re hosting a Data Privacy Digital Scavenger Hunt. Sign up to receive the clues via email. Registered participants will receive a digital prize. Registration form: https://go.illinois.edu/ScavHuntSignUp
We are a Privacy Aware Champion Organization
The National Cybersecurity Alliance offers many resources that help you to better understand and safeguard privacy. Tips include Online Safety Basics, Managing Your Privacy, Checking Your Privacy Settings, Free Online Security Checkups and Tools, and more.
Data Privacy Day National Events
Educause Webinar Data Privacy Panel Discussion
January 26 from 12-1pm Central
Educause Data Privacy Panel Registration Link
Meeting data privacy compliance isn’t always as pretty and neat as the regulators think. Join us for a lively panel discussion with an attorney, an information security officer, and a cybersecurity professional as we talk about how to “win ugly” when it comes to compliance. We’ll discuss GLBA, FERPA, HIPAA, and other regulations and showcase real-world examples from legal and higher education perspectives. Joining the panel are Ben Nixon, Director of Information Security at Point Loma Nazarene; Christian Auty, Partner at Bryan Cave; and Thomas Coke, Chief Strategy Officer of BitLyft Cybersecurity. After a guided portion of the discussion, webinar participants will have the opportunity to ask live questions to any panelist.
- Learn about overcoming compliance challenges
- Hear real-world examples of navigating data privacy
- Take a look into the future of data privacy for higher education
More About Privacy
Quick-links to relevant University of Illinois System privacy policies
- University of Illinois System Web Privacy Notice
- University of Illinois System Web Privacy Notice
- DAT-01 Data Security Standard
- DAT-02 Information Access Control
Quick-links to relevant University of Illinois System data privacy regulation-related resources
Personal (and Identifying) Information:
- Illinois Personal Information Protection Act
- Illinois Identity Protection Act
- U of I OBFS Social Security Number Policy
Health (and Medical) Information:
Financial (and Consumer) Information:
- Cardholder Information (PCI-DSS)
- Gramm-Leach-Bliley Act Privacy Rule
- FCRA/FACTA Red Flags Rule
- U of I OBFS Red Flags Rule
Other Applicable Laws:
The diagram of the Data Privacy Life Cycle
Data Privacy is a Process!
The Data Privacy Life Cycle is a simple process flow (represented here as a diagram) to show the vital points where privacy decisions need to be considered. This is often used by organizations, but consumers also can use this to help understand privacy policies and questions they may have about use and maintenance of their personal information. It is vital to pose the following questions at every decision point in the data privacy life cycle: Who? What? When? Where? Why? How?
Retention – Sometimes called Storage or Archiving, is where personal data is stored for a time during or after its intended use, per business or legal requirements. This can include archiving where data is stored digitally–sometimes offline–for a time before it is determined that it is no longer wanted or needed. Archived data often contains aggregated personal data and should be protected very securely.
Destruction – Also called Disposition, is where the data is destroyed because it reached the end of the data life cycle. Sometimes hardware holding the data still may be usable, so the hardware may be set aside (dispositioned) to be used again but without granting the new user access to the old user’s data. Some new laws such as GDPR grant users the ability to request destruction of their personal data by organizations that may have it.
What additional steps can I take?
At UIS, we want to help students, faculty and staff make wise choices about their personal data and provide applicable knowledge in order to protect such data. Below are some tips, tricks and hacks one can take to safeguard themselves when using popular technologies.
Review your location data.
- If appropriate delete your historical data. Review which apps can access your phone’s GPS features and consider whether you want to provide this history of your daily movement to them.
- Cell phones are great at providing directions and recommendations for restaurants nearby. To do this they use GPS and poll your phone every few minutes. Most cell phone makers and cellular providers keep a record of this data. Individual mobile apps and even games, if GPS permissions are given, can also track this data. In many cases there is no limit to how long this data can be stored or shared.
Rethink the messages and content you share publicly. Understand that not all “deleted” messages are deleted.
Any social media post that is public is often indexed by third parties including researchers, media, and government entities. Even after deleting content the content can be retained. Other social media companies claiming “private messaging” are sometimes found not to be private or anonymous. Before sending that private message check your platform and consider whether you really want to send it.
Review apps that offer ‘secure’ messaging to see if their platform has been endorsed by a trusted third party:
Cover your webcam and double check which software and apps have access to your microphone.
Many security professionals cover their cameras and safeguard access to their microphones. There are numerous exploits that allow hackers to turn those devices on–often with no indicators.