UNIVERSITY PARK, Pa. — Every day, Penn State collects and uses information to support its mission of teaching, research and public service. From student transcripts and medical records, to employee files and research data, the University is entrusted with protecting the personal information of hundreds of thousands of individuals. Behind the scenes, the Privacy team is diligently working to ensure that privacy remains a foundational element in every aspect of our operations.
As part of National Corporate Compliance Week, the Penn State Office of Ethics and Compliance is highlighting the work of its various units.
The Privacy team plays a vital role in Penn State’s commitment to upholding a culture of ethics and compliance. Its work is to help ensure that personal data is collected, used and shared responsibly by units across the University. Whether advising researchers on handling health data, providing guidance to administrators on compliance requirements, or supporting students with privacy concerns, the team aims to foster a culture where respect for personal information is part of Penn State’s identity.
The team’s work spans several key areas:
- Policy development and oversight: Regular review and updates of Penn State’s privacy policies to align with evolving laws, regulations and best practices.
- Training and awareness: Creating and sharing training resources that help faculty, staff and students understand how to handle sensitive information responsibly and legally.
- Guidance and consultation: Assisting units in assessing data practices to reduce risk and support University operations.
- Incident response: Partnering with University stakeholders to assess privacy concerns, review incidents and improve data practices.
The Privacy team includes three professionals with diverse expertise and while the team itself is small, the impact of its work can be felt across the University and privacy communities in big ways. Penn State is recognized for its leadership in higher education privacy, often collaborating with peer institutions to share expertise and advance best practices. Through this work, the University not only protects its own community but also helps shape the standards for privacy nationally across the field.
Collaboration is crucial to success. The Privacy team works closely with Penn State Information Technology’s Information Security team, Office of General Counsel, Office of the University Registrar and many other units to ensure compliance with a wide range of federal, state and international regulations. These regulations include, but are not limited to, the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Acy (GLBA) and the European Union’s General Data Protection Regulation (GDPR), as well as emerging state privacy laws.
As Penn State celebrates ethics and compliance week, the Privacy team’s work serves as a reminder that privacy isn’t just about data, it’s about people, said Holly Swires, acting chief information security officer, chief privacy officer and deputy chief ethics and compliance officer.
To learn more about Penn State’s Privacy program and guiding principles, visit Privacy — Penn State Office of Ethics and Compliance.
Stay tuned to Penn State Today for daily articles about each functional area and visit the Office of Ethics and Compliance for more information.
Trivia Contest
Think you know your stuff? Test your knowledge during Ethics & Compliance Week with our Trivia Contest! Each day, we’ll be sharing a new trivia question related to ethics and compliance. Submit your answer, and if it's correct, you'll be entered into that day's prize drawing.
How to participate:
- Look out for the daily trivia question.
- Submit your correct response by 4 p.m. on Friday, Nov. 7.
- Test your knowledge every day — all correct entries will be entered into a grand prize drawing to be given at the end of the week.
Trivia questions #2 and #3
Today's trivia questions are about knowing how to respond to a data mishap and recognizing what counts as sensitive information, which are essential skills for the Penn State community.
If a Penn State employee accidentally emails sensitive information to the wrong recipient, what should they do first?
- Recall the message and ignore it
- Report the incident to the Privacy team at privacy@psu.edu
- Contact the recipient and ask them not to open it
- Post about it on social media
Which of the following is an example of Personally Identifiable Information, or PII, that should be protected?
- Driver’s license number
- Financial account number
- Social Security number
- All of the above