As part of an effort to stay on top of privacy and personal information issues, the University has appointed 1989 College graduate Lauren Barnett Steinfeld as its first chief privacy officer.
Over the past several years, public concern has increased over the failure of institutions to adequately protect the privacy of personal information, particularly medical records, financial data and Social Security numbers.
Reacting to these general issues, Penn has undertaken several initiatives to examine its own policies on privacy. For example, a task force, established specifically to examine privacy issues, published a report last April assessing the University's effectiveness in protecting personal information.
Steinfeld will coordinate the multiple ongoing efforts of these types of committees and task forces to help find new ways to increase protection of personal information.
"Penn is a decentralized organization," Steinfeld said. "The University holds data on students, staff, faculty, alumni, research subjects and patients. The question is, how are we going to protect the privacy of that information which we consider very important?"
Steinfeld plans to educate people in the University community on what constitutes appropriate protection practices and how to secure the personal data of others and themselves. The objective is to minimize the risk of someone abusing personal information resulting in serious problems, such as identity theft.
Administrators stress that Steinfeld's appointment was not triggered by a mishap with privacy issues. Rather, the position's creation is one part of the University's commitment to protection of personal information.
"Penn is being very proactive," Vice President for Audit and Compliance Rick Whitfield said. "We're not waiting for a major event to occur. It's just our awareness that we need to assess our overall effectiveness in dealing with the topic of privacy."
The federal government has enacted extensive privacy regulation, especially in the financial services sector and in the medical records arena. The Health Insurance Portability and Accountability Act of 1996 mandated regulations that govern privacy, security and electronic transactions for health care information. Steinfeld will also work to ensure that Penn satisfies these government requirements.
"We have significant efforts underway in the health system and the University to meet the HIPAA requirements by April 2003," Whitfield said.
Steinfeld's position is modeled on the job description of chief privacy officers in the corporate sector. In the past several years, more than 500 corporations have appointed chief privacy officers to address privacy risks and to maintain the trust of their constituencies.
However, Steinfeld is the first person in the Ivy League to hold a position of this kind. She said she does not know of anyone at a major university in a similar position.
"Penn is out in front on this, and it speaks really well of the institution," she said. "It shows Penn's concern for its community."
Steinfelda graduated from the College at Penn in 1989 and went on to receive her J.D. from New York University School of Law in 1992.
Appointed to the chief privacy post at the end of January, she returns to Penn after spending time at the White House, where she served as associate chief counselor for privacy at the Office of Management and Budget.
The Daily Pennsylvanian is an independent, student-run newspaper. Please consider making a donation to support the coverage that shapes the University. Your generosity ensures a future of strong journalism at Penn.
DonatePlease note All comments are eligible for publication in The Daily Pennsylvanian.