Privacy In the News
- Google hit with £44m GDPR fine over ads
- Protecting your privacy when getting rid of old phones
- At CES, tech's biggest trade show, privacy was the buzzword
- Data Privacy Day at Duke: January 25, 2019. Join us for a panel discussion on “Data Privacy Day – The current state of privacy law in Europe and the US” featuring Prof. Jolynn Dellinger, founding coordinator of Data Privacy Day.
- February 6, 2019: “Cybersecurity Law and Policy – What are the top issues for 2019?” Join this panel discussion featuring Ari Schwartz – Managing Director of Cybersecurity Services at Venable. Former lead cyber policy official in the Obama administration and former Deputy Director of the Center for Democracy and Technology.
- NC Introduces Strict Data Breach Notification Law – NC Attorney General Josh Stein reintroduced data privacy legislation that would give organizations 30 days to report a breach and outlines consumer data protections.
- Sen. Hassan: 'Incumbent' on Congress to impose data privacy law
- Data Care Act
- E-mail Impersonation Fraud
- What is your phone telling your rental car? | Consumer Information
- Marriott data security incident
With responsibility for providing assurance to Duke University leadership over the lifecycle management and safeguarding of sensitive information assets, Duke Privacy assesses and collaborates with campus stakeholders to address institutional privacy-related risks and plays an instrumental role in facilitating compliance with federal, state and global privacy laws and regulations.
The Duke Privacy team serves the greater Duke community as a subject matter resource, manages privacy incident assessments and related mitigation and training, conducts risk assessments and risk-based privacy assurance reviews, collaborates with campus partners on privacy impact assessments, and partners throughout the institution on privacy-related matters that impact the university. Grounding all in the Fair Information Practices Principles and Privacy by Design, Duke Privacy takes a strategic, collaborative, dynamic and privacy awareness-first approach to its operational role for the institution.
Privacy at Duke
Duke is committed to appropriate oversight and takes safeguarding sensitive and/or regulated information seriously, promoting responsible stewardship of information assets institution-wide.
Privacy Incident Assessments
The Privacy team is responsible for privacy incident assessments and investigates allegations of regulatory violations and impermissible disclosures of regulated information, including Protected Health Information (PHI) as defined and regulated by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), to assure timely compliance with federal and state breach investigation and reporting requirements.
Every privacy incident assessment involves:
- A thorough investigation of the alleged violation and of the information allegedly disclosed
- An evaluation of the use and adequacy of the privacy and information technology (IT) security controls implemented for safeguarding the information at issue
- Breach remediation and mitigation assistance
- Cooperation with and recommendations to Duke Human Resources and/or management
- Training and guidance to educate and/or reinforce best practices for safeguarding information assets to ensure compliance with federal and state laws and regulations and Duke policies
IT security and privacy are often mistakenly considered to be interchangeable. Information security and privacy are not the same, and the difference is critical. Privacy assesses what information needs to be protected and security addresses how to protect it. Privacy looks at the characterization of the information and identifies the protections that may be required. Security addresses the controls necessary to electronically protect the information. Duke’s Privacy and IT Security teams work closely together to ensure appropriate safeguarding of Duke’s information assets. Links to information security offices at Duke are:
General Data Protection Regulation (GDPR)