The attorneys in Ice Miller's Data Security and Privacy Practice assist higher education clients in staying at the forefront of industry best practices while maintaining compliance with the ever-changing legal landscape.
Regulators, legislators, consumers, and the public are focused on privacy and data security like never before. An increasingly complex legal landscape, coupled with recent high-profile incidents that have impacted both consumer trust and regulatory and statutory compliance, mean that every business sector must be more diligent and aware.
Higher education faces specific legal data security and privacy challenges. In an environment where operations are often decentralized, one of the greatest challenges may simply be mapping the great volume and wide variety of personal information the institution creates, receives, maintains, and transmits. While colleges and universities rely every more heavily on technologies that collect and store personal information, data handling policies and procedures may be inconsistent across functional areas. Further complicating the picture are the array of data protection laws and regulations to which higher education institutions may be subject. For example, colleges and universities that receive federal financial assistance from the Department of Education are subject to the Family Educational Rights and Privacy Act (FERPA), which protects the privacy of students’ education records. HIPAA may impact university health clinics, as well as research efforts that involve individuals’ health information. NIST 800-171, addressing federal Controlled Unclassified Information, is a new area of uncertainty. Colleges and universities may also be required to comply with various state data protection and breach notification.
Our team believes legal advisers best help clients when they understand the technologies in which data security and privacy issues reside. Ice Miller’s Data Security and Privacy Practice offers attorneys who have hands-on experience with these technologies, and speak the same language as our client's most equipped technical resource. Our attorneys include former computer programmers, performance quality analysts, and systems, network, and security engineers who have worked in both the public and private sectors. One Ice Miller lawyer was the technical lead of the information protection team for a major .com, and possesses over a decade of systems, network, and security engineering experience in both the private and public sectors.
Our representation of clients encompasses privacy and data security counseling in such areas as:
-
Performing risk and gap analyses;
-
Data mapping;
-
Developing policies and procedures;
-
Training workforce members;
-
Educating and training the c-suite and board;
-
Interpreting legal, statutory, and regulatory frameworks against implemented policies, procedures, and technologies;
-
Counseling and building policies on international aspects of compliance;
-
Assisting with internal investigations;
-
Responding to agency inquiries; and
-
Incident response, including responding to potential data breaches.