2022 Privacy Program Year In Review

The past year proved to be another big year for privacy at Ohio State and beyond, with increased interest in regulating privacy nationally and internationally. More states and countries passed privacy laws with the goal of protecting the access, use, and disclosure of consumer’s personal information. 

At Ohio State, the university’s first Chief Privacy Officer, Holly Drake, moved on to another role and is credited with getting the formal campus privacy program off the ground and thriving. While she is terribly missed, Privacy@Ohio State continues to thrive as the privacy team and privacy partners across the university remain dedicated to building the program.  

Privacy in the News 

The American Data Privacy and Protection Act was proposed in the U.S. Congress last year, though it has not yet been passed. The bill would create national standards for safeguarding personal information companies collect on consumers. While the U.S. currently has privacy laws to protect certain types of data, such as those that fall under the Health Insurance Portability and Accountability Act (HIPAA) and the Children's Online Privacy Protection Act (COPPA), it does not have a comprehensive consumer privacy law at the federal level.  

In the absence of federal legislation, several states have passed their own comprehensive privacy laws. In 2022, Connecticut and Utah passed privacy legislation, joining the likes of California, Colorado, and Virginia. While the details differ among the states, the main goal of each bill is to protect individual’s privacy rights over their data such as the right of access, right to request deletion, and right to request a company not sell their data. These laws will go into effect in 2023.  

Internationally, major legislative efforts have been proposed and passed including Australia’s Privacy Legislation Amendment Bill 2022, India’s Digital Personal Data Protection Bill, and Indonesia’s Personal Data Protection Bill. Additionally, the European Union and United States are working on a joint Data Privacy Framework, which could be finalized during 2023.  

Privacy@Ohio State 

The past year has been a productive one for Privacy@Ohio State. Below are a few highlights of the program’s work: 

Privacy Pros Completed ISCR.a Privacy Questions 

The Information Security Control Requirements Assessment (ISCR.a) is an annual process to review and evaluate Ohio State’s systems against privacy and cybersecurity criteria. The process consists of gathering answers to a variety of questions relating to privacy and security of data at the university. Excitingly, 93% of university units took part in this privacy process last year (an increase of 59% over 2021), further embedding privacy into university work. 

Hosted a Datafied Classroom Workshop 

The Datafied Classroom Project is a three-year research project, funded by the Institute of Museum and Library Services (LG-18-19-0032-19), that investigates faculty perspectives of student privacy and their practices in relation to emerging learning analytics tools and initiatives. 

As part of this effort, the privacy program hosted a “Student Privacy in the Datafied Classroom” workshop on December 9, 2022. A mix of faculty and library and instructional technology staff from across the university engaged in a vibrant discussion of the student privacy landscape in higher education. They learned the basics of how student data analytics are collected and used, privacy concerns surrounding this data, and how the university can determine the most appropriate actions to mitigate any potential problems.  

First Year Student Success Course for Students 

More than 70 students participated in this year’s First Year Student Success Series on privacy. During the workshop, students got an overview of the Privacy@Ohio State program, including the university’s Privacy and Student Analytics Principles. Students also learned how analytics are used and how to identify and protect their own digital footprint.

Launched the International Privacy Working Group 

The International Privacy Working Group was created to develop awareness of emerging international privacy laws that may affect the university. During its first few months, the group created a photo consent form for use in international settings.  

Looking Forward to 2023 

2023 promises to be another active year for Privacy@Ohio State! The program’s exciting plans include:  

Privacy Day Activities: Ohio State will be celebrating International Data Privacy Day in January through a series of events at the university and at other Big Ten schools to increase the dialogue about data privacy in higher education. You can find more details about the day’s activities on the 2023 Privacy Everywhere Conference website.  

Launching the Security and Trust Advisory Board: The university’s Privacy Governance Council will now be included in the newly created Security and Trust Advisory Board, dedicated to governing security, privacy, and data governance work at Ohio State. 

Updating Policies: The privacy and cybersecurity programs will update policies related to information security and responsible use of university computing over the next year. 

Adding Additional Privacy Controls to the Security Framework: We plan on adding additional privacy information to the university’s Information Security Control Requirements (ISCR) and renaming the document to include privacy.