Educational Facilities: Universities and Privacy Exposures
Last year in our blog we wrote about the increased cyber exposures facing educational institutions, including the types of threats schools face – from employee fraud to on-line payment risks. We’re revisiting this issue, as privacy is a critical exposure all universities increasingly face.
When you consider everything that a university offers you readily understand that its environment represents the entire data privacy world in a microcosm. From providing financial services, food services and housing to student stores and medical services, colleges and universities handle a broad range of personal information from students, staff, alumni, donors, and other community members that is at risk if in the wrong hands.
To begin with, at universities and colleges, you have a fluid population with members interacting on a variety of personal mobile devices and individuals communicating on social media – many unaware of the data privacy risks. Universities and colleges are also subject to financial, medical, and educational privacy regulations, which expose them to compliance risks. Moreover, if a breach does occurs the university’s reputation is at stake.
These privacy exposures and others require that a system-wide enterprise risk management (ERM) program is developed and implemented to identify and develop strategies to minimize the impact of risk, reduce costs and improve safety for the university community at large. This involves:
- Understand the university’s risk picture. Assess the types of privacy-related events could impact the institution’s ability to achieve its mission and put in place the proper security measures.
- Conduct ongoing, thorough risk analyses that not only identify critical vulnerabilities but also prioritize them based on their potential impact on the individuals affected, the organization, its reputation, and its financial health.
- Build ongoing risk mitigation practices into the management process and daily activities of the organization.
- Set objectives that will protect the institution’s assets and financial health.
- Ensure that the institution adheres to applicable laws and regulations governing financial transactions, medical practices, student privacy, etc.
At Caitlin-Morgan, we specialize in providing insurance and risk management programs to educational institutions and can help you address your client’s specific needs and exposures. Give us a call to discuss our programs further at 877.226.1027.