I want to talk about data privacy. NYU collects a lot of sensitive data, and IT has to handle this data in a responsible, secure, and transparent way. As IT leaders, we set the example. That means we have to make sure we’re following best practices ourselves while insisting on rigorous compliance from our staff—and making the time and providing the resources they need to do their part.
IT Professionals must follow Best Practices
Privacy determines the “what” (what information needs to be protected) and information security determines the “how” (how the information will be protected). Many data privacy best practices are similar to those that govern good cybersecurity:
- Be diligent about keeping your systems patched
- Eliminate end-of-support hardware and software
- Use strong, unique passwords
- Be aware of permission settings
- Know data privacy policy like your job depends on it
Privacy and Enterprise Data Resources at NYU
Global Privacy and Data Strategy (GPDS) collaborates with University and IT leaders to develop data privacy strategies, policies, and procedures and also ensures compliance. GPDS develops educational material and tips that you can share with your communities as well as conducts training. Within GPDS:
- Enterprise Architecture team focuses on optimizing costs, aligning work processes, and nurturing agile innovation to advance academic excellence and drive institutional success. Check out the recently-published Best Practices Top Tens developed in coordination with partners across NYU.
- Enterprise Information Governance & Management (EIG&M) implements and manages the EIM program, which serves as the backbone for organizing, aligning, and governing data and analytics initiatives at NYU.
Our access to data and the systems NYU uses to manage it means NYU places a lot of trust in us to be responsible. It’s up to us to make sure that trust is justified. There are a lot of potential ways a data leak can occur. Not all of them will be within our control. We’ve made a lot of progress as a community, but there’s always room for improving existing processes, and we need to remain alert to the evolving threat landscape.