This ECAR research bulletin addresses the data privacy issues that must be covered by contractual language when entering into an agreement for externally provided IT services or for external consulting about institutional systems. It covers instances in which external agents have access to data that is considered confidential and/or where data can be linked to personally identifiable records. It is based on work done at The College of New Jersey between November 2008 and May 2009.
Citation for this work: Stern, Nadine. “Privacy and Confidentiality: Holding IT Service Providers Accountable” (Research Bulletin, Issue 22). Boulder, CO: EDUCAUSE Center for Analysis and Research, 2009, available from http://www.educause.edu/ecar.