Embed Size (px)
Citation preview
Privacy,Policy,andDataGovernanceintheUniversity
PrivacyImplicationsofResearchDataNISO– RDAJointInterestGroupSeptember11,2016
ChristineL.BorgmanDistinguishedProfessorandPresidentialChairinInformationStudiesUniversityofCalifornia,LosAngeleshttp://christineborgman.infohttps://knowledgeinfrastructures.gseis.ucla.edu/@scitechprof
• AustralianResearchCouncil– CodefortheResponsibleConductofResearch– Datamanagementplans
• NationalScienceFoundation– Datasharingrequirements– Datamanagementplans
• U.S.Federalpolicy– Openaccesstopublications– Openaccesstodata
• EuropeanUnion– EuropeanOpenDataChallenge– OpenAIRE
• ResearchCouncilsoftheUK– Openaccesspublishing– Provisionsforaccesstodata
2
Openaccesspolicies
3
4
• HowshouldUCLAcollect,organize,anduseresearchanalyticsaboutourcommunity?
• Whoshouldhaveaccesstothesedata?– WithinUCLA?– Inpartnershipwithpublicandprivateentities?
• Whatarethegovernanceprinciples?
• Whatarethegovernanceprocesses?DataGovernanceTaskForceSite:
https://ccle.ucla.edu/course/view/datagov
UCLADataGovernanceTaskForce*
5
Faculty StaffChristineBorgman,Co-Chair,InformationStudies
KentWada,Co-Chair,ChiefPrivacyOfficer
ChristinaChristie,Education,IRB AmyBlum,SeniorCampusCounselVickieMays,Psychology, Health MegBuzzi,
AcademicPersonnelSystemNeilWenger,Medicine,Ethics MikeLee,
SocialScienceComputingKristenMcKinney,StudentAffairsInfoSystem
*AnnaJoyce,PolicyAnalyst,StafftotheTaskForce
KellyWahl,Statistical Analysis,AcademicPlanning&Budget
Datacollectedby ourcommunity• Datatypes– Researchdata– Analyticsforteachingandlearning– Evaluationofindividuals,programs,services
• Policyandmanagementresponses– Mandatesoffundersandjournals– Researchdatamanagementservices– Releaseandretentionpractices– Lawsandpolicies
• Humansubjectsregulations• Openrecordslaws• HIPAA,FERPA,PII…
Datacollectedaboutourcommunity
• Studentrecords– Registrar– Coursemanagementsystems– IDcardbasedservices:library,dorms,food,health…– Internetservices:email,socialmedia,music,…
• Facultyrecords– Publications– Grants– Teachingevaluations– Serviceactivities– Financial,medical– Internetservices
Datagovernancescenarios
• Studentrecords• Facultyrecords
8http://www.rrcc.edu/sites/default/files/studentRecords_Banner.jpg
Studentrecords
• Whatdoestheuniversitycollect?• Whatcanotherentitiescollect?• Whohasaccesstotheserecords?• Whatusesmightbemadeoftheserecords?• Howshouldusebygoverned?
9
Facultyrecords
• Whatdoestheuniversitycollect?• Whatcanotherentitiescollect?• Whohasaccesstotheserecords?• Whatusesmightbemadeoftheserecords?• Howshouldusebygoverned?
12
Bibliometrics,Scientometrics,Informetrics,Webometrics…
Ohm,P.(2010).BrokenPromises ofPrivacy:Responding totheSurprising FailureofAnonymization.UCLALawReview,57,1701.
Borgman,C.L.(2015).BigData,LittleData,NoData:ScholarshipintheNetworkedWorld.CambridgeMA:MITPress.
MappingScholarship
Börner,K.(2010).AtlasofScience:VisualizingWhatWeKnow.Cambridge,Mass:TheMITPress.
15
Bibliometrics bySource
Searchesforauthor:ChristineBorgman,ChristineL.Borgman,CLBorgman(excludingotherCBorgmanauthors)onJuly28,2014andFebruary25,2016forGoogleScholar,Web ofScience,ScopusUCLAcancelledScopussubscriptionby2016
Source Publications20142016
Citationsreceived20142016
H-index20142016
GoogleScholar(Google)
380 443 7766 9701 39 43
WebofScience(Thomson-Reuters)
145 150 1629 1967 20 23
Scopus– July2014(Elsevier)
77 1314 14(after1995)
16
17
Recommendation1:Scope• Thescopeofdatatobegovernedincludes:
– Datathecampuspossesses aboutanyUCLAperson;i.e.,staff,faculty,students
– Datathatareidentifiable bynameorthatcaneasilybelinkedtoaperson
– Datathatthecampuspossessesonanypersonthatwasgeneratedduringthescopeoftheperson’sbusinesswiththeUniversity,includingdatathatweresenttosomeoneattheUniversity
• Thescopeofdatatobegovernedexcludes:– ResearchdataunderthepurviewofIRBregulations– ProtectedHealthInformation(PHI)governedbyHIPAA,or
individuallyidentifiablehealthinformationincampusstudenthealthcarefacilities
18
Recommendation2:Inventory
• Extenddatamanagement workalreadyundertakenbycampustoincludedatathatareinthestatedscopeofdatagovernance.
19
Recommendation3:Bestpractices
• Builduponestablishedfairinformationpracticesprinciplesforprivacyandextendtheseprinciplestoaccountforappropriateusesofthedataastechnology,practice,andpolicyevolve.
20
PrivacyandInformationSecurity
UniversityofCaliforniaPrivacyandInformationSecurityCommittee
http://ucop.edu/privacy-initiative/
Triggersforreview• Whendataareusedtomakedecisionsaboutpeople• Whendataarecollectedaboutpeoplewithouttheirknowledgeorconsent
• Whendataaboutpeopleareusedinunexpectedwayswithoutsubjects’knowledgeorconsent– Newapplicationsofdataorsystems– Mining,analysis,andaggregation
• Whendataaresharedwithexternalentities– Privatesectorpartners– Publicsectorpartners– Otheruniversitie
Recommendation4:Existingstructures
• ExtendexistingstructuresandpracticesforgoverninginformationtechnologyatUCLAtotheoperationalframeworkfordatagovernance.
23
BoardonPrivacyandDataProtection
ExecutiveViceChancellorandProvost*
*decision-making authority
Votingmembers• FacultyChair– AppointedbyEVC+Senate• AdministrativeViceChair– ViceProvost, IT• 6facultymembers• 6administrativemembers• 1undergraduatestudentrepresentative• 1graduatestudentrepresentative
Non-votingmembers• UCLAChiefPrivacyOfficer• ChiefInformationSecurityOfficer• DesigneeoftheEVCandProvost• DesigneefromAudit&AdvisoryServices
BoardonPrivacyandDataProtection
ExecutiveViceChancellorandProvost*
*decision-making authority
OversightCommitteeonAudit, ITGovernance,
ComplianceandAccountability*
ITPlanning Board
AcademicSenate*
BoardonPrivacyandDataProtection UCLAChiefPrivacyOfficer
• Trainingandawareness• Governancesupport• Privacybreachanalysis• Policydevelopmentandinterpretation• Datausequestions• UCprivacyandinformationsecurityreportrecommendationsimplementation
BoardonPrivacyandDataProtection
*decision-making authority
UCLAChiefPrivacyOfficer
InstitutionalReviewBoard*
TheOfficeoftheUCLACPObecomesthetriagepointforincomingrequests
Recommendation5:Activities
• Developprogrammaticactivitiesnecessarytosupporteffectivedatagovernance.
28
Discussiontopics• Problem:dataorusesofdatanotcoveredbyexistinglawsorpolicies(e.g.,FERPA,HIPAA,PII)
• HowtoextendFIPSprinciples?– Notice– Consent
• Howtoscopethedatagovernanceproblem?– Bysubjectsofdatacollection?– Byusesofdata?– Bypartiescollectingdata?Usingdata?
• Whatareappropriatecriteria,values,practices?• Whatareworkablegovernanceprocesses?
Acknowledgements
• KentWada,UCLAChiefPrivacyOfficerandChiefInformationSecurityOfficer
• JamesF.Davis,UCLAAssociateViceProvostforInformationTechnology
• UCLAPrivacyandDataProtectionBoard• UCInitiativeonPrivacyandInformationSecurity
DataGovernanceTaskForceSite:https://ccle.ucla.edu/course/view/datagov
![[Privacy Webinar Slides] Building a Privacy Governance Program](https://img.pdfslide.net/doc/110x75/586fe77d1a28ab92198b456f/privacy-webinar-slides-building-a-privacy-governance-program.jpg)
