To safeguard private information held by Penn that could be accessed by computer, the University has appointed its first chief privacy officer, Lauren Steinfeld (C’89).
She is also the first chief privacy officer to be appointed in the Ivy League.
Although the position of chief privacy officer appears all over the corporate world, Steinfeld said, in universities the position is a rarity, outside of their health systems. An informal survey of several nearby colleges and universities turned up no other CPOs.
Steinfeld, who served as associate chief counselor for privacy in the Clinton White House, is no stranger to Penn, having worked as a consultant for privacy issues here for the past eight months. “I really wanted to start applying and working on the implementation side of privacy issues,” said Steinfeld of her move from Washington and the policy side of privacy issues.
Steinfeld, who has a law degree from New York University, said the position is a response to the “sense of an invasion of privacy” stemming from accessible personal records. Steinfeld’s task goes beyond enforcing Penn’s privacy policies and the laws already in place. Some of what she has to think about are “risk and good practice issues,” she said.
“I think about the protection of the personal information of students, staff, faculty, patients, alumni and other Penn constituencies,” said Steinfeld. Those other constituencies include research subjects and former employees. Personal information includes medical records, financial data and Social Security numbers.
Concurrent with the announcement of Steinfeld’s appointment, Provost Robert L. Barchi and Executive Vice President John Fry sent an open letter in Almanac (Feb. 26) to the staff asking them to examine their offices’ information practices. “Special care should be taken to safeguard people’s most sensitive information, including their medical records, financial data and Social Security numbers,” they wrote.
The letter also reported some of the steps the University has already taken to insure privacy, including reducing the visibility of Social Security numbers on forms like pay stubs, class enrollment lists and grade sheets.
The Health System already had in place a privacy coordinator, Russ Opland, for helping the Health System comply with the privacy standards outlined in Congress’s Health Insurance Portability and Accountability Act (HIPAA). Steinfeld will be working with Opland, as well as other University privacy efforts, such as those by the University Council, Information Security and Computing, and Audit & Compliance.
The number of privacy efforts already in place at Penn, Steinfeld said, shows how much the University cares about privacy.
- Jeffrey Updike recently joined the Office of Affirmative Action and Equal Opportunity Programs, where he will be in charge of coordinating training programs for diversity awareness. He comes to Penn with a background in recruiting and human resources for the U.S. Army. Compensation analysis and employee relations are among his specialties.
Originally published on March 28, 2002