“…distributed leadership requires shared values and a sense of community.”
- UW Provost Phyllis Wise
Executive Summary
The state supported University of Washington (UW) is faced with a Herculean set of information age problems to ensure its reputation, which may be viewed as risk management issues, framed within its own mission of providing educational excellence for the state, the region, and the nation. As limited economic resources are used to protect and manage information, paying for information management and security reduces the amount of funds remaining to serve the University’s primary mission, ”the preservation, advancement, and dissemination of knowledge.” (Board of Regents, 1998)
The University’s senior management strategy is that a collaborative, institution-wide model (Strategic Risk Initiative Review Committee, 2006) built on best practices will work best within their framework while reducing costs. Using this method will protect its decentralized, collaborative and entrepreneurial culture, and its information technology, including Personally Identifiable Information, and education information assets, while conforming to state and federal regulations.
Upon the request of UW President Mark Emmert a study was conducted, and, after an in-depth analysis and public comment period (Strategic Risk Initiative Review Committee, 2006), they chose to hire one executive as a C-Level manager, their Chief of Information Security, Kirk Bailey. Although he has no staff, he has the ability to summarily shut down any system. His objective is to advise and inform the three campus and sixteen colleges, and their information manage teams to secure sensitive and other information, and provide a clear direction for information risk management based on his expert knowledge domain, including dynamic social networking (Interview with Kirk Bailey, 2007).
Background
Founded on November 4, 1861, the University of Washington is comprised of three campuses: Seattle, with sixteen schools and colleges ranging from first-year undergraduates through doctoral-level candidates; and the Bothell, and Tacoma campuses, with upper-division undergraduates and graduate students.
As a core value to serve its purpose “the University is committed to maintaining an environment for objectivity and imaginative inquiry and for the original scholarship and research that ensure the production of new knowledge in the free exchange of diverse facts, theories, and ideas.“ (Board of Regents, 1998) In effect this means allowing colleges and schools a great deal of self-governance within the University, because those organizations are the best at understanding what they do.
As a large educational, research, and medical facility the UW acquires, stores, disseminates, and uses vast amounts of data, through its libraries and collections, courses, faculty scholarship, and publications. It advances new knowledge through research, inquiry, and discussion; and disseminates it through classrooms, laboratory, scholarly exchanges, creative practice, international education, and public service. As such the University itself can be considered both a consumer of vast amounts of data, and a source of information.
Some of this information is directly related to individuals – this essentially private data is termed “Personally Identifiable” and has broad implications in its use in credit, grades, tracking and membership, medical, and as related to other types of sensitive research, such as intelligence. Personally Identifiable Information (Executive Officers of the University of Washington, 2001) is regulated by state and federal laws, such as the Health Insurance Portability and Accountability Act (HIPAA) catching up to the ramifications of easily collectable, storable, and frequently transferable information (PII). As a best practice there is also a wealth of compliance issues related to private data housed within a public institution. (Strategic Risk Initiative Review Committee, 2006)
References:
Title: UW Role and Mission Statement
Author: Board of Regents
Publication: http://www.washington.edu/home/mission.html
Date: February 1981; revised February 1998, modified: November 5, 1998
Title: Collaborative Enterprise Risk Management
Author: Strategic Risk Initiative Review Committee, V’Ella Warren, Vice President, Financial Management, David Hodge, Dean, College of Arts and Sciences, co-chairs
Publication: www.washington.edu/admin/finmgmt/erm/ermsummary021306b.pdf
Date: February 13, 2006
Title: Enterprise Risk Management, University of Washington
Author: Strategic Risk Initiative Review Committee, V’Ella Warren, Vice President, Financial Management, David Hodge, Dean, College of Arts and Sciences, co-chairs
Publication: http://www.washington.edu/faculty/facsen/sec_minutes/05-06/sec_021306.pdf.
Date: January 9, 2006
Title: Privacy Policy, University of Washington
Author: Executive Officers of the University of Washington; the President, the Executive Vice President, the Provost, and the University's Privacy Officer, Vice President for Computing and Communications
Publication: http://www.washington.edu/computing/rules/privacypolicy.html
Date: October 6, 2001
Title: Interview with Kirk Bailey
Location: University of Washington, Seattle
Date: February 22, 2007
No comments:
Post a Comment