On January 28, Lauren Barnett Steinfeld was appointed the University's
first Chief Privacy Officer. Penn is the first Ivy League university
to establish such a position. Rick Whitfield, vice president for
Audit & Compliance, remarked that "Lauren will help us
develop a comprehensive and coordinated proactive approach to
privacy issues at Penn. It is a top priority that the Penn community
can trust that its personal information is protected."
Steinfeld brings to the University and the Health System a uniquely
valuable portfolio of expertise and experience in privacy matters.
Most recently, she served as Associate Chief Counselor for Privacy
at the Office of Management and Budget, Executive Office of the
for the Administration in the areas of medical records, financial
data, online privacy, Social Security numbers, public record information,
government records and others. Before arriving at OMB, Ms. Steinfeld
served as Attorney Advisor to Federal Trade Commissioner Mozelle
Thompson. As an advisor, she was involved in the legal and policy
aspects of some of the first Internet- and privacy-related cases
brought by the FTC. Ms. Steinfeld graduated Phi Beta Kappa and
magna cum laude from the College at Penn in 1989 and received
her J.D. from NYU School of Law in 1992.
to Mr. Whitfield, the expertise and experience provided by Ms.
Steinfeld are important resources for Penn at this time. In recent
years, there has been significant public concern that many institutions
do not adequately protect the privacy of personal information,
particularly medical records, financial data, and Social Security
numbers. Some of this concern has been fueled by the enormous
growth of electronic communications, which has generated more
information collection and sharing, in more sophisticated ways,
with risks of easy transmission of personal data to vast numbers
of recipients. The public concern regarding the protection of
personal information has led to legislative action at the federal
and state level, significant media attention, education efforts
in the advocacy community, and a more active plaintiff's bar.
The last few years alone have witnessed the enactment of sweeping
privacy regulation in the medical records area (also known as
HIPAA rules) as well as the regulation of privacy in the financial
institutions such as Penn house large amounts of data on students,
faculty, staff, alumni, patients, and research subjects. There
have been several initiatives at Penn to examine privacy--including
significant work by the University Council, the Deputy Provost,
and others. In addition, the Offices of General Counsel, Information
Security and Computing, and Audit & Compliance provide ongoing
service on a number of privacy issues. Given the increased focus
on the privacy of personal information, it was agreed that a Chief
Privacy Officer was needed to champion the issue and to coordinate
efforts at the University to protect personal information.
the past several years, over 500 corporations have appointed Chief
Privacy Officers to address privacy risks and to maintain the
trust of their constituencies. Chief Privacy Officers have taken
on a wide range of functions, including assessing data safeguards,
instituting mechanisms to provide constituents appropriate levels
of control over their data, reviewing third party relationships
and contracts with respect to proper use of institutional data,
providing training and awareness programs, receiving and responding
to complaints--to name several. Ms. Steinfeld will take on a similar
agenda, working with the many others throughout Penn who have
been and will be undergoing efforts to strengthen privacy protection.