https://library.educause.edu/topics/policy-and-law/data-breachen{D6783FE4-03A1-4BF2-8F7F-813B1B816D8E}https://library.educause.edu/resources/2021/10/frequently-asked-questions-about-cyber-insuranceThis document contains advice intended for general information only. To learn how cyber insurance applies to your institution, please contact your institution’s risk management office or chief information officer. Fri, 16 May 2025 12:14:00 Z{FFE47D4F-2DA6-4B85-A979-0C546A57A3DC}https://library.educause.edu/resources/2024/2/educause-comments-far-cyber-incident-reportingOn February 2, 2024, EDUCAUSE was joined by COGR and the Association of American Universities (AAU) in submitting comments on proposed changes to the Federal Acquisition Regulation (FAR) that could impose cyber incident reporting and software bill of materials (SBOM) development/maintenance obligations on all federal contractors, including colleges and universities. Mon, 19 Feb 2024 17:29:33 Z{C0B38D95-E66E-4ADB-8B03-45A4F3E72010}https://library.educause.edu/resources/2014/3/columbia-university-administrative-policy-library-computing-and-technologyColumbia University:  Administrative Policy Library Computing and Technology websiteTue, 22 Dec 2015 17:36:26 Z{1ECA8540-8BEA-423E-A7BD-28F195655F3D}https://library.educause.edu/resources/2022/10/student-data-privacy-and-security-a-call-for-transparent-practicesThe results of our survey of U.S. undergraduate students to better understand students’ experiences with institutional data privacy and security.Wed, 28 Sep 2022 20:08:54 Z{CF16CCB3-A1CA-460E-A75C-973ED6262453}https://library.educause.edu/resources/2018/10/why-cybersecurity-matters-and-what-registrars-enrollment-managers-and-higher-education-should-doThe purpose of this white paper, jointly written by the National Student Clearinghouse, EDUCAUSE and REN-ISAC, is to build upon registrars’, enrollment managers’, IT’s and higher education’s day-to-day, nationwide dialog around cybersecurity and vulnerabilities.Fri, 28 Sep 2018 21:00:13 Z{62612D65-05C2-4D6E-BA04-BC0EBE552F44}https://library.educause.edu/resources/2018/2/federal-student-aid-breach-information-security-reporting-compliance-lettersOver the last few months, Federal Student Aid (FSA), an office of the U.S. Department of Education, has sent compliance letters on breach notification and information security program reporting to various EDUCAUSE member institutions.Thu, 01 Feb 2018 17:10:46 Z{573F18F8-4D21-4800-B9F6-1CB1BAD326EA}https://library.educause.edu/resources/2018/2/educause-comments-fsa-breach-notification-information-security-reporting-requirementsEDUCAUSE submitted a letter to Federal Student Aid (FSA), an office of the U.S. Department of Education, expressing concern about its recent compliance actions in relation to data breach notification and information security program reporting. Thu, 01 Feb 2018 16:51:02 Z{7C946335-E94F-402F-AC82-888F7F15B932}https://library.educause.edu/resources/2017/2/searching-for-a-smoking-gun-chasing-a-silver-bullet-data-breaches-in-higher-educationThe EDUCAUSE Center for Analysis and Research (ECAR) published its first look at data breaches in higher education in 2014. Our current research looks at whether any factors increase or decrease the likelihood of a higher education data breach. Is there a smoking gun, something found in every higher education data breach? And, conversely, is there a silver bullet—a control or controls that higher education institutions can employ to prevent data breaches?Tue, 14 Feb 2017 19:36:15 Z{DF6989E4-5DCE-4101-B1AB-E7224F7216F4}https://library.educause.edu/resources/2014/5/just-in-time-research-data-breaches-in-higher-educationThis “Just in Time” research is in response to recent discussions on the EDUCAUSE Higher Education Information Security Council (HEISC) discussion list about data breaches in higher education.Tue, 22 Dec 2015 17:36:37 Z{15017E8E-253D-4026-90A0-47E8FBAC0F81}https://library.educause.edu/resources/2013/12/new-year-new-challenges-preparing-your-campus-for-data-privacy-and-security-issues-in-the-year-aheadAs technology continues to evolve, so do the data privacy and security risks facing colleges and universities.Tue, 22 Dec 2015 17:35:08 Z{C87D3630-A33F-4D6F-8190-A54170FCB0FD}https://library.educause.edu/resources/2012/7/7-ways-byod-could-get-you-suedThe author, Sam Narisi, discusses some of the biggest legal issues to consider when coming up with a BYOD policy and strategy.Tue, 22 Dec 2015 17:31:17 Z{40668E44-FF5B-4B64-A165-498DB3391647}https://library.educause.edu/resources/2012/1/privacy-and-security-risks-in-higher-educationThis webinar is one in a series celebrating Data Privacy Month 2012.Tue, 22 Dec 2015 17:33:27 Z{B4DFDB3C-24CB-4C17-968E-D0A254F1358D}https://library.educause.edu/resources/2010/1/information-security-and-data-breach-notification-safeguardsThe 2010 report describes information security and data breach notification requirements included in the Privacy Act, the Federal Information Security Management Act (FISMA), Office of Management and Budget (OMB) Guidance, the Veterans Affairs Information Security Act, the Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health Act, the Gramm-Leach-Bliley Act (GLBA), the Fede ...Tue, 22 Dec 2015 17:25:19 Z{F5D4B328-44F8-4E2D-8A1E-C067975A6066}https://library.educause.edu/resources/2010/1/itrc-breach-report-2009-finalITRC collects information about data breaches made public via reliable media and notification lists from various governmental agencies.Tue, 22 Dec 2015 17:25:40 Z{DB00BA55-AC70-44B6-B007-1065D58C7B87}https://library.educause.edu/resources/2009/6/security-breach-leaves-45000-at-risk-of-identity-theftRecently Cornell informed more than 45,000 current and former members of the University community that their sensitive personal information — including name and social security number — had been exposed when a University-owned laptop was stolen earlier this month.Tue, 22 Dec 2015 17:22:20 Z{664C2A04-DBA6-438D-9509-BC8975825423}https://library.educause.edu/resources/2009/6/cornell-issues-alert-about-theft-of-computer-containing-personal-dataThe following is a statement issued by Cornell University Vice President for University Communications Tommy Bruce on the theft of computer containing personal data.Tue, 22 Dec 2015 17:20:06 Z{C2143C84-4356-42DD-8DED-9B0D7FBBD0EB}https://library.educause.edu/resources/2008/7/2008-data-breach-investigations-reportThe 2008 Data Breach Investigations Report draws from over 500 forensic engagements handled by the Verizon Business Investigative Response team over a four-year period.Tue, 22 Dec 2015 17:16:51 Z{3D0DC9E1-8C61-40FE-913C-96BE4996A661}https://library.educause.edu/resources/2007/1/data-breach-bills-resurface-in-congressTue, 22 Dec 2015 17:13:06 Z{5A938B16-7917-4E67-9C53-98EC12D322E0}https://library.educause.edu/resources/2006/7/2006-annual-study-cost-of-a-data-breach-understanding-financial-impact-customer-turnover-and-preventative-solutionsThis study summarizies the actual costs incurred by 31 organizations that lost confidential customer information and had a regulatory requirement to publicly notify affected individuals.Tue, 22 Dec 2015 17:08:49 Z{C70298D4-EA53-4727-BE38-4844F4833AF9}https://library.educause.edu/resources/2018/3/ace-letter-to-fsa-on-breach-information-security-reportingThe American Council on Education (ACE) submitted a letter to the Office of Federal Student Aid (FSA) of the U.S. Department of Education (ED) on February 23, 2018, regarding FSA’s 2017-18 breach notification/information security reporting compliance actions against colleges and universities. Thu, 01 Mar 2018 16:33:50 Z