Virtru Security Insights

University Data Protection and Regulatory Compliance – What You Need to Know

University Data Protection and Regulatory Compliance

Students. Faculty. University Health Services. Insurance providers. Campus police.

If you’re a university, these are just some of the parties at risk of leaking your most sensitive data, most of which must be protected by law.

Alumni donors. Research centers. Registrars. Disciplinary committees.

For organizations that rely on so many different groups to execute their mission, universities face significant pressure to protect sensitive information as it travels across those groups.

university groups

Judging by the numbers, most universities are struggling to keep up with this responsibility to ensure data protection and satisfy related compliance regulations. According to a report by Ellucian, 17% of all data breaches in the past decade occurred in higher education – the second highest of any industry besides healthcare. Universities experience an average of more than one data breach per week, with average fines for these breaches totaling up to $4 million.

Michigan State University, for example, lost an estimated $3 million from its 2016 security incident, which also required the school to purchase free credit monitoring services for all affected users. The incident resulted when hackers infiltrated a network database containing 400,000 student and faculty records, exposing Social Security Numbers, university access credentials, and other sensitive information.

How can universities prevent devastating financial and data losses going forward?

Most importantly, they must protect data at the object-level, so that information remains secure even if networks or databases are infiltrated. In order to effectively implement object-level protections, universities must deploy data protection software that satisfies three key technical requirements:

1. Easy for Content Creators & Consumers

Cloud collaboration has enhanced usability expectations for modern security tools. If data protection disrupts existing end-user workflows, university employees and their recipients will work around the technology – plain and simple – even if it means sharing unprotected data.

What’s more, today’s universities share data with many different organizations, service providers, and cloud applications. Effective protections must persist with the data no matter where it travels, and the user experience must remain consistent across platforms. Even the slightest complexities can limit adoption of the most secure technologies.

2. Cross-Platform Audit & Control

Full data protection requires more than just securing the data. Whether shared voluntarily with university partners, external health providers, or other third party stakeholders, or accessed by unauthorized hackers, most data ends up leaving the university’s possession at some point.

It’s critical that universities have the ability to monitor where this data travels and manage access to it even after it’s been shared and consumed. Otherwise, it becomes difficult for security and collaboration to coexist.

3. Flexible Security

Between regulatory compliance, ethical responsibilities, and internal privacy policies, it’s difficult to find user segments within a university that share the exact same security obligations. As a result, data protection approaches must offer flexible configuration options to match the privacy requirements and risk appetites of different user types and different higher education institutions.

Specifically, it’s the method of encryption that must be tailored to these needs. In order to eliminate the tradeoff between security and ease of use, universities must be able to choose where their encryption keys are stored, who can access them, and how they are managed.

Virtru was founded to combine these qualities for organizations under one seamless and pervasive data sharing platform. Virtru’s mission is to eliminate the tradeoff between data protection and ease of use by making object-level protection the new norm for institutions.

As most universities look to keep pace with emerging data protection and privacy requirements, Virtru’s novel approach fills many of the usability, control, and security gaps inherent in legacy technologies.

That’s why some of the world’s largest universities rely on Virtru’s email and file sharing protections to:

  • Share protected health information (PHI), financial reports, and student data securely with anyone.
  • Restrict, expire, and audit data access to mitigate breach risks.
  • Protect student and employee information even if the network is infiltrated.
  • Enforce easy HIPAA, FERPA, and CJIS protection for all of your users.
  • Protect against unwanted government surveillance and cloud provider access.

Unsure whether or not your organization requires additional privacy and control? The following checklist provides a list of questions frequently used by universities to assess their risk profiles and corresponding privacy and security needs:

Which of Your Emails Needs Protection Part 1
Which of Your Emails Need Protection Part 2

If you answered yes to any of these questions – or even if you just want help thinking through your biggest university data protection challenges – the Virtru team is here to help.

We believe that everyone has a right to easy-to-use data protection technology, especially those entrusted with preserving the safety and privacy of our universities and their students.

Please contact us to learn more about Virtru and see if it’s a fit for your organization.