Due to the nature and complexity of operations and the academic culture of open access, educational institutions, and in particular, large research-oriented universities, face unique exposures related to the internet and information security and privacy. An overriding challenge that educational institutions face when dealing with privacy and security risks continues to be the fundamental conflict between a culture that values an unfettered exchange of ideas, and the security and privacy of sensitive or private information.
Nowhere is the paradox of openness and expectation of privacy more evident than in social networking sites, which are used extensively by student. Sites like Facebook and twitter allow students to share personal information in a more publicly accessible way than ever before. Many universities have incorporated the use of social networking websites into their student code of conduct, with some even monitoring students’ postings. Institutions walk a fine line when they begin monitoring online behavior, since doing so may create a duty of care to protect students from dangerous or criminal behavior.
Nearly all universities have custody of student health information in the context of on campus health clinics, which means they must ensure compliance with Health Information Portability and Accessibility Act (HIPAA) privacy and security rules. Universities with associated hospitals, those that host clinical trials, and even those that conduct any human subject research, may have additional exposure and resultant liability.
The protection and disclosure of confidential consumer information – both personally identifiable information (PII) and protected health information (PHI) – is currently governed by a patchwork of state and federal laws that target different exposures and different entities. Some of these statutes include Family Educational Rights Privacy Act (FERPA), HIPAA, Gramm Leach Bliley Act (GLBA), Fair Credit Reporting Act, Sarbanes-Oxley (SOX), Federal Privacy Act, and others. The regulations most applicable to the education industry include:
TBG Security provides end-to-end information security solutions. We have a proven track record of helping our customers gain efficiencies through technology support and implementation. Our experienced network of security experts has subject- matter expertise in a broad array of disciplines.
Through our industry expertise and track record with PCI and other compliance requirements for over 15 years, TBG Security acts as a trusted advisor to its clients around the world. We are on hand to guide our clients through their compliance program, to provide often vital advocacy to the compliance organizations and , and to supply any necessary remediation services. Our Industry expertise is reflected in these key benefits:
Unlike companies that simply know network security, we understand the requirements for a broad range of compliance regulations. We’ve seen the issues before and have implemented solutions across a broad spectrum of industries and customer profiles. Few other vendor can apply this unique knowledge and expertise to achieve faster, higher integrity project completion.
We pride ourselves on our customer driven approach to solving your organizations security challenges. TBG does not partner with any security vendors leaving us with a unique ability in the industry to present truly objective solutions.