2020 Privacy Program Year In Review

Headshot of Holly Drake Chief Privacy Officer

Happy New Year! Wow, what a year 2020 has been. Like so many other colleges and universities, Ohio State has been working diligently to tackle the challenges the pandemic presents—one day at a time. Throughout the pandemic response, more than ever, the Ohio State university faculty, staff and students have come together to actively consider the privacy of the Ohio State community in our daily work.

Through the year we remain thankful for the Ohio State community which has continued to offer guidance and share expertise regarding protecting the privacy of our community members, especially during these unique times. If you are reading this and want to connect, send me and email so we can start a dialogue!

With sincere appreciation for your enthusiasm, expertise, and partnership,

Holly Drake
Chief Privacy Officer
 


Privacy in the News

Privacy professionals will look back on 2020 as a year that further advanced privacy considerations in many different industries.

Needless to say, the pandemic took over as a central focus of the year. From kindergarteners to company executives, most of the world is now using some type of video platform to communicate. This quick and massive move to remote work has led to increased scrutiny on the privacy and security features of video conferencing platforms. For example, the increased use of Zoom video conferencing exploited weaknesses in their system leading to a Federal Trade Commission settlement with Zoom citing security issues that affected user’s privacy.

Privacy issues also arose with digital efforts focused on contact tracing, pandemic data sharing issues, and use of data for research. The new year will bring more pandemic-related privacy challenges, including the use of vaccine passports and ongoing remote school and work.

In non-pandemic news, implementing various privacy regulations around the world hit the privacy radar in new and different ways. For example, California experienced the implementation of the state’s privacy regulations, which may provide insight into actions other states will take in the future. Also, the General Data Protection Regulation evolved significantly as the The Court of Justice of the European Union ruling on the Schrems II case clarified EU privacy protections. This case invalidated the privacy shield between the U.S. and the European Union ultimately changing how data flows between the U.S. and the European Union.

We anticipate 2021 will present new and exciting challenges in privacy including the possibility of a federal general privacy law and ongoing privacy challenges with managing COVID-19.

 

Privacy@OhioState

Even during a pandemic, The Ohio State privacy program is expanding and growing by leaps and bounds – grounded in our privacy principles and rooted in regulation. In fact, the university’s pandemic response was an opportunity to promote privacy outside of our already robust privacy regulatory programs. Here is a summary of what we accomplished with the university’s passion for protecting privacy during 2020:

1. Consulted on COVID-19 and Privacy

As Ohio State sought to thrive amidst the challenges COVID-19 brings, the privacy team was actively involved. We were thrilled to be at the table as Ohio State tackled COVID-19 from a technical perspective. Ohio State considered privacy at many stages of its pandemic response. The university has kept privacy issues front and center as it faces each new COVID-19 challenge head on.

2. Convened the University’s first Privacy Governance Council

In February of 2020, the university convened the first-ever University Privacy Governance Council. Council members represent key areas across the university who focus on different aspects of privacy at Ohio State. The Council drafted and adopted the Ohio State Privacy Principles.

3. Launched Several Privacy Working Groups

As part of the Privacy Governance Council’s work, it created several working groups: Digital Experience and Privacy, Faculty and Staff Privacy, Student Analytics, Minors and Privacy, and Privacy Framework. The working groups hit home runs on several projects including creating texting guidelines, reviewing recommendations for the COVID-19 testing work, and piloting a university privacy framework to further embed privacy into Ohio State units.

4. Advanced the Ohio State Community’s Involvement in Privacy Issues

In January 2020, we hosted Data Privacy Days where more than 70 people from across campus engaged in half-day discussion on hot topics related to consent, privacy, and the ethical use of data. Despite the pandemic, privacy engaged the Ohio State community on new levels. More than 100 students attended a session on privacy as part of the First Year Experience curriculum titled: Does Anyone Care about Privacy Anymore? During the sessions, the students learned about the Ohio State the Privacy Principles and broke into small groups to discuss general privacy issues facing university students.

5. Updated Ohio State’s Privacy Web Statement

The Privacy@OhioState working group, part of the University Senate Committee on Distance Education, Libraries and Information Technology (DELIT) culminated eight months of community discussions, presentations, and meetings with the publication of the Ohio State Web Privacy Statement. This statement will replace our current web privacy statement across Ohio State websites.

 

Moving Forward in 2021

In 2021, the privacy program has ambitious goals and exciting plans. We will continue to work with our community in the collection and use of data related to preventing the spread of COVID-19 at the university and across our communities.

This winter, we will be expanding our reach by recruiting privacy pros from around the university. They will join our expanding network of university partners taking action to further implement Ohio State’s privacy principles. We will also combine the privacy framework with the established security framework and work with our network of privacy pros to implement the privacy framework. Reach out to privacy@osu.edu to sign up!

We will expand our pilot of Ohio State’s cookie pop-up, and implement it on Ohio State websites as we continue to roll our new website privacy policy.

We are also looking forward to continued engagement with faculty, staff, and students from around the university.