UPenn creation of privacy office prompts University to consider following suit

The appointment of a chief privacy officer at the University of Pennsylvania has generated questions over whether Princeton and other universities should also create a centralized office for privacy concerns.

Penn appointed Lauren Barnett Steinfeld as its chief privacy officer on Jan. 28, making it the first Ivy League university to create such a position.

Steinfeld was appointed to this new position because Penn felt it needed an officer to coordinate the privacy procedures of the university's many offices and departments. She will work to ensure the security of information at an institution which stores great amounts of confidential data, said Phillis Holtzman, Penn's deputy director of university communication.

Molding a new office

University general counsel Peter McDonough said the idea of having a privacy officer has grown recently with corporate America and "more aggressively since 9/11."

Though he has not officially been designated the person in charge of privacy concerns at the University, McDonough said in an interview yesterday that he has taken it upon himself to examine the options for responding to the privacy concerns which have emerged during the past months and years.

"I have personally been paying attention to this [issue] for quite some time, whether an institution . . . ought to be having a chief privacy officer individually, or whether there ought to be a privacy team or committee," he said. "I haven't been asked or delegated this role, but I am very closely monitoring the developments in corporate and institutional America."

Steinfeld will help Penn "develop a comprehensive and coordinated proactive approach to privacy concerns," said Rick Whitfield, Penn's vice president for audit and compliance, in a statement. "It is a top priority that the Penn community can trust its personal information is protected."

Though the University has not had any major problems with privacy breaches, McDonough said he is "very attune with what Penn's doing," and noted that the large number of privacy concerns at the University — from dorm room and electronic security to medical and academic records — compels it to continue to re-examine and improve its privacy policies.

In electronic communications, for example, "the same protections that apply to student privacy at Princeton in the physical sense also pertain in the cyber-sense," said Rita Saltz, security adviser to OIT.

Current procedures

Each University office or department takes care to protect confidential information, McDonough said. But he added that he has been weighing the benefits of two alternatives: creating a new team or committee that meets periodically to examine privacy concerns or hiring a chief privacy officer.

Any changes of this sort would be a joint effort of the general counsel, the president and other top administrators, McDondough said, adding that the people already in charge of safeguarding information have done a good job.

"I have found for many years that people [who] students and faculty would hope are attentive to privacy concerns are, in fact, attentive to them," he said.