Chief Privacy Officer:
Lauren Steinfeld

On January 28, Lauren Barnett Steinfeld was appointed the University's first Chief Privacy Officer. Penn is the first Ivy League university to establish such a position. Rick Whitfield, vice president for Audit & Compliance, remarked that "Lauren will help us develop a comprehensive and coordinated proactive approach to privacy issues at Penn. It is a top priority that the Penn community can trust that its personal information is protected."

Ms. Steinfeld brings to the University and the Health System a uniquely valuable portfolio of expertise and experience in privacy matters. Most recently, she served as Associate Chief Counselor for Privacy at the Office of Management and Budget, Executive Office of the President. At the White House, she helped develop privacy policy for the Administration in the areas of medical records, financial data, online privacy, Social Security numbers, public record information, government records and others. Before arriving at OMB, Ms. Steinfeld served as Attorney Advisor to Federal Trade Commissioner Mozelle Thompson. As an advisor, she was involved in the legal and policy aspects of some of the first Internet- and privacy-related cases brought by the FTC. Ms. Steinfeld graduated Phi Beta Kappa and magna cum laude from the College at Penn in 1989 and received her J.D. from NYU School of Law in 1992.

According to Mr. Whitfield, the expertise and experience provided by Ms. Steinfeld are important resources for Penn at this time. In recent years, there has been significant public concern that many institutions do not adequately protect the privacy of personal information, particularly medical records, financial data, and Social Security numbers. Some of this concern has been fueled by the enormous growth of electronic communications, which has generated more information collection and sharing, in more sophisticated ways, with risks of easy transmission of personal data to vast numbers of recipients. The public concern regarding the protection of personal information has led to legislative action at the federal and state level, significant media attention, education efforts in the advocacy community, and a more active plaintiff's bar. The last few years alone have witnessed the enactment of sweeping privacy regulation in the medical records area (also known as HIPAA rules) as well as the regulation of privacy in the financial services sector.

Educational institutions such as Penn house large amounts of data on students, faculty, staff, alumni, patients, and research subjects. There have been several initiatives at Penn to examine privacy--including significant work by the University Council, the Deputy Provost, and others. In addition, the Offices of General Counsel, Information Security and Computing, and Audit & Compliance provide ongoing service on a number of privacy issues. Given the increased focus on the privacy of personal information, it was agreed that a Chief Privacy Officer was needed to champion the issue and to coordinate efforts at the University to protect personal information.

In the past several years, over 500 corporations have appointed Chief Privacy Officers to address privacy risks and to maintain the trust of their constituencies. Chief Privacy Officers have taken on a wide range of functions, including assessing data safeguards, instituting mechanisms to provide constituents appropriate levels of control over their data, reviewing third party relationships and contracts with respect to proper use of institutional data, providing training and awareness programs, receiving and responding to complaints--to name several. Ms. Steinfeld will take on a similar agenda, working with the many others throughout Penn who have been and will be undergoing efforts to strengthen privacy protection.