Card, mobile credential, payment and security
Guidance for privacy, security, and compliance subject of new ebook from TouchNet
By Martha Wilson, ISA Director, Product Compliance, TouchNet
Campus ID systems rely on technology to make processes more efficient, productive, and convenient. In these processes, ID systems collect and generate a lot of data. This is both an intensely valuable benefit and a significant liability to manage.
Data is a crucial resource for higher education administration. Colleges and universities depend on data analysis to understand student behaviors, improve services, better allocate resources, and more. Data is also the world’s most valuable resource, more than oil and precious metals, and attracts security threats, raises privacy concerns, and involves compliance obligations.
The result is higher education is rich with data and a growing target for cybercriminals. These bad actors not only want financial information but the personally identifiable information (PII) connected to it, and they will use fraud methods to take, use, and ransom data. The cost of a data breach can be substantial and is increasing every year.
Properly managing campus ID data to make it private and keep it secure, while achieving regulatory compliance, is imperative to the daily operations and long-term health of an institution. Here are best practices to help your institution create and maintain privacy, security, and compliance of campus ID data:
The human element is the number one root cause of breaches, not technology. Ploys include email phishing, fake invoices and documents, account takeover, and human errors such as weak or shared passwords, not updating software and hardware to new versions, and more.
Technology is designed to be private, secure, and compliant, but humans still need to monitor and maintain technology to ensure it performs correctly. When changes happen, technology usually does not change itself, humans must intervene to adjust it.
You can only manage what you know about and can control. Dig into every corner of the institution where there may be physical and digital items in need of privacy, security, and compliance measures. Having both a solid data asset map and a physical security map is critical to maintaining control across your entire institution.
Once you know what data exists, gain visibility into the data’s life cycle: what data you have on hand, how it’s generated or collected, where it’s stored, who can access it, what are your data retention policies, and more.
Not all data is the same, and it should not be treated the same. Certain types of data require more extensive protections or particular management to satisfy both business needs and compliance requirements. Make sure your organization conducts due diligence to identify different types of data and the best ways to manage them.
Identify and actively manage the access third-party companies and organizations have to institutional data, including how they use that data. Ensure industry-standard security practices are followed by third parties and review and update contracts with them. Request independent third-party security audits of any vendors that process student data. Make sure you understand what types of restrictions vendors implement when processing student data. These and other management steps will likely require coordination between IT, legal, procurement, and other stakeholders at your institution.
Stay up to date on developments in technology, regulations, and changing human habits (legal and illegal) by joining higher education and technology industry organizations. Consult with experts in those organizations and use the information and resources they provide. Communicate and coordinate with your institution’s legal counsel, information technology, privacy, and campus security teams as well as other key stakeholders.
A platform approach to solutions provides a comprehensive strategy to integrate software and hardware, standardize processes, and deliver consistent privacy and security measures across an entire system. A single platform is easier to learn, control, configure, and monitor, and covers more ground than multiple disconnected solutions with disparate approaches to privacy and security.
TouchNet is a longstanding leader in developing campuswide ID management solutions and services that are private, secure, and compliant by design. Download our ebook to learn more best practices in privacy, security, and compliance and how they can help your institution prevent and mitigate fraud.
