Data Privacy & Security in Higher Ed
Joseph Gridley, Chief Privacy Officer at the University of Maryland, joins the podcast to talk about securing sensitive data in higher education, the impact and evolution of AI, and more.
Joe Gridley embarked on his professional journey fresh out of law school, landing a role at a financial firm managing charitable trusts. Tasked with overseeing the creation of a web portal for donors to direct funds, he navigated the intricate web of regulations and contract language surrounding security and privacy.
“It just so happened that I was the youngest attorney on staff by about 30 years at that point. I’ve always been kind of a nerd just by inclination, so I got the opportunity to sort of help them define what needed to be done and build that program.”
Gridley transitioned to a legacy software company, where he played a role in developing control sets and crafting compliance programs for heavily regulated sectors like defense, healthcare, and education. His affinity for compliance work led him to Penn State, where he honed his skills as an IT compliance manager before evolving into the role of assistant chief privacy officer. Later, the University of Maryland presented Gridley with the opportunity to step into the inaugural position of privacy officer— a role he couldn’t resist.
Regulating privacy at the University of Maryland
Joe Gridley shares the multifaceted nature of privacy concerns in higher education. Contrary to the common perception of universities solely focusing on student interactions, Gridley highlights the institution’s expansive scope, akin to a small city, with diverse activities ranging from academic research to running a nuclear power plant.
The sort of regulatory framework that we work under is as much of a nightmare as you might imagine
This complexity informs the university’s approach to privacy and data compliance, where Gridley navigates a labyrinth of regulations spanning international, national, and sectoral frameworks. With a significant international student population, compliance with regulations like GDPR and emerging data protection laws from countries like India poses a significant challenge.
Gridley emphasizes the importance of regulatory compliance across various sectors, from healthcare (HIPAA) to finance (GLBA), underscoring the university’s commitment to protecting the privacy and rights of all individuals within its purview, whether students, researchers, or visitors attending football games.
Rising presence and influence of AI in academia
When asked about the insights into navigating the integration of AI technologies within higher education, Gridley acknowledges the prevalence of AI tools like ChatGPT and DALL-E in various departments for tasks ranging from generative AI to data analysis.
However, he highlights the importance of establishing vendor relationships and ensuring contractual agreements to mitigate potential risks associated with these tools. Gridley cautions against overlooking the data transmission and storage implications of AI models, citing a recent incident involving Samsung’s inadvertent disclosure of classified information through a ChatGPT code review.
Despite the risks, Gridley recognizes the inevitability of AI’s presence and emphasizes the need for universities to develop internal infrastructure for securely managing proprietary data and regulatory compliance.
To hear more of Joe Gridley’s insights on data privacy, security, and AI in higher education— listen to the full podcast here.