Information Security and the Protection of Personal Data in Universities

Abstract

ncreases in the number of computers and the rate of information systems used in today’s universities makes viewing universities as information security centers difficult. As a result, such universities are often required to form an information security culture within the framework of university information security policies in which legal arrangements and international standards are considered in conjunction with technical precautions, sharing responsibilities among all units within the university setting. In this study, existing university conditions regarding personal data protection are evaluated; moreover, proposals to meet these deficiencies are made with the intent of providing support in establishing an information security culture. To this end, a survey was conducted in data processing centers of 15 universities in Ankara, and the information security precautions taken by these universities were evaluated.The results of this study reveal that risks of data loss were minimized by taking various technical precautions such as the university data processing department (DPD) backing up data; however, overall legal arrangements and precautions taken by university DPDs are insufficient. More specifically, there is no policy regarding the protection of personal data. In addition, when there is destruction of data or data storage systems fail in universities, no report on risk analysis is filed, responsibilities are not shared among university units, and units other than DPDs do not participate in the process of providing information security