Name and job title: Jane Rosenthal, privacy coordinator

Years at current job: Just over six months

Job duties: I work directly for the senior vice provost, Kathleen McCluskey Fawcett. This position was formerly the Health Insurance Portability and Accountability Act coordinator for the KU-Lawrence campus and dealt with the privacy of individually identifiable health information.

I work to coordinate records among and between units and to assist them to maintain the privacy of all types of records on campus medical, financial, student related. I also serve as the custodian of records responding to open records requests that come to the KU-Lawrence campus.

What's the biggest challenge facing your department right now? I'm part of the Provost's Office, but I really have a unique position, which is new to this campus so I'm working to get out among the various units that I need to connect with to be effective. I'm also working to identify and streamline the process for handling issues that involve multiple laws and regulations. For example, when student records or identifiable information in our systems need to have certain privacy and security standards met under the law, the requirements under the various laws may have the same goal of privacy, but not necessarily the same mechanism to achieve it. In fact, nothing is usually set forth in statute that clearly tells us what we should actually do except under HIPAA; the regulations usually just tell you that you must do it and typically without funding. So we have to work to identify those and implement them.

Are you working with students whose personal information was contained on the accessible KU Web site that was recently taken offline? Yes, I have been working on the KU student housing Web site issue. My focus has been more on the process of responding to this issue and assuring it is a one-time incident. In these matters, I work with the various parts of the university that play a role, connecting them and coordinating the response.

What do you like most about your profession? When I attended KU Law School they always said that being a lawyer was a versatile career and they were right. This is my third "career:" first acting as an employment attorney, then an in-house counsel and now privacy officer. So now I get to work with great people in a lively environment and create the position as I go along which is fun mainly because it is new and challenging everyday.

What steps can KU employees take to protect their privacy? Be aware of what information they have out there on the Web, in their mailbox (both postal and e-mail) and how they share or provide private information to others. Most of us do not realize how easy it can be for someone to steal our identity or attempt to gain access to records or e-mails on our computers. If we provide our social security number or a credit card number, we should not assume that it is in a secure environment and certainly we should never provide it to an unknown entity or organization.

We're very lucky at KU because our computer security team is really great and they do a lot to protect the information in the KU systems. It really becomes a matter of all of us learning how to use the systems, follow policy and pay attention to what we're doing with our private information.

What is the most common threat to privacy in a university setting? Well, if you ask the security teams I imagine they might say hackers and probes. From my perspective, though, I think it really is the failure to follow university policy or guidelines or to stop and ask for assistance if the answer is not easily ascertainable.

What aspects of your job might others not realize you're involved with? I suspect open records requests might seem contrary to the title of privacy coordinator and most people probably don't realize I handle the inquiries from students, researchers, the press and the public who are seeking to get public information. The university is a state entity and as such has to follow the State Open Records laws. So there are numerous requests for information that come to the university and as custodian of records I respond to the inquiries.

What steps are taken to protect the privacy of KU employees? Multiple activities go on every day behind the scenes, both in computer security and in the security of hard copy records. I can tell you that our various record custodians (those people designated as the official record holder for a unit or department under our student records policy) around campus are provided recommended procedures and most of them already have those processes in place. My office is examining different proposals for removal of sensitive or nonpublic information from daily use by units in order to limit exposure. We would love to see the campus free of SSN, for example, except in the areas where it is mandated by law or absolutely necessary for business reasons.