With data becoming increasingly important to people in many roles, the Chief Data Officer (CDO) has...
Big data has been a global hot-button issue for several years, which has led to a major focus on higher ed privacy. Lack of transparency and ugly intentions can leave students open to abuse of their autonomy. But a passionate group of professionals is leading the charge in protecting our students from hostile actors.
Pegah Parsi, Chief Privacy Officer at the University of California - San Diego, shares her thoughts on privacy in the high
er ed space and why its security matters on the Podcast, The Higher Edge.
Redefining Privacy Leadership in Higher Education
As universities navigate increasingly complex data landscapes, a new role is emerging at the forefront of protecting sensitive information: the Chief Privacy Officer (CPO). Still considered a pioneering position in academia, CPOs are shaping what privacy means for institutions that not only teach but also house, feed, and provide healthcare for thousands of individuals.
Pegah Parsi, Chief Privacy Officer at the University of California San Diego, is part of this emerging vanguard. "Privacy is where security was maybe 15, 20 years ago," she explains. "No one quite knew what it meant. No one knew what it entailed... but 15 years later, there's no doubt that's a critical position at any research university."
While information security is now a well-established function in higher education, dedicated privacy leadership remains relatively rare, with most universities still lacking a privacy office or privacy function. Those pioneering this space are essentially building their role descriptions as they go, deciding what the position entails and how to prioritize competing demands.
Beyond Compliance: The Strategic Privacy Advocate
The positioning of a privacy office within an institution's organizational structure significantly impacts its scope and influence. At UC San Diego, the privacy office sits within academic affairs rather than in a compliance department—a deliberate choice that enables broader reach across campus.
"I'm not seen as a compliance office, which is great. I don't want to be a compliance person," Parsi notes. "I get to be an advocate. I get to talk about ethics. I get to talk about our institutional philosophy around what we do with data, what sorts of stewards we are of people's information."
This distinction between compliance and advocacy represents a critical evolution in how universities approach privacy—moving from a rules-based mindset to a values-based framework that considers the ethical implications of data practices.
Security vs. Privacy: Understanding the Difference
A common misconception is equating information security with privacy, when they serve fundamentally different purposes. As Parsi explains, "One way to view privacy is as having self-determination over yourself. Having agency and autonomy over your body, your space, your communications, your information."
While security focuses on protecting information through mechanisms like encryption and access controls, privacy concerns what should be done with information in the first place. The analogy Parsi offers clarifies this distinction: "Security is whether you lock your door and deadbolt it and have a security camera watching who comes in and goes out. Privacy is what you do within the walls of your house."
This difference becomes particularly significant when considering that organizations can have robust security while still engaging in privacy-compromising practices. "The NSA and Facebook, much of the things that they do are absolutely secure," Parsi points out, "but I think many of us would take issue with whether or not they should have it to begin with."
Collaboration: The Foundation of Higher Ed Privacy
Given the nascent state of privacy leadership in higher education, collaboration across institutions has become essential. Privacy officers routinely share knowledge, tools, and training materials with counterparts at other universities, recognizing that no single institution can navigate these challenges alone.
"We don't have many resources," Parsi acknowledges. "I still steal liberally from my privacy officer counterparts at other universities, and I open all of the tools and trainings that I have to everybody else as well."
This collaborative approach proved particularly valuable during the COVID-19 pandemic, when universities suddenly faced unprecedented privacy challenges related to contact tracing, notifications, wastewater testing, and vaccination records. By working together, privacy leaders could develop appropriate responses without each institution having to reinvent solutions independently.
Privacy Beyond Campus: The Broader Landscape
University privacy officers don't operate in isolation from the wider world. As Parsi emphasizes, "No university is in a vacuum. The world is such that most industries, most companies, organizations, aren't in a vacuum. You are sharing information with for-profit entities, government entities, international organizations, NGOs."
This interconnectedness necessitates that higher education privacy professionals stay informed about developments across sectors and engage with organizations like the International Association of Privacy Professionals (IAPP). The implementation of the European Union's General Data Protection Regulation (GDPR) has further elevated the importance of cross-sector privacy expertise.
Privacy as Fundamental Right: Beyond Data Protection
Recent judicial decisions have highlighted the fundamental nature of privacy rights, particularly regarding bodily autonomy. The Supreme Court's Dobbs decision, which overturned Roe v. Wade, represents a significant shift in the privacy landscape with implications extending far beyond reproductive rights.
"It would be a mistake to view Roe as simply a ruling about abortion," Parsi explains. "It actually impacts all of these other things that are important to us that we should not take for granted, and that impact every single one of us."
The decision has raised questions about what information can be subpoenaed or accessed by law enforcement, underscoring that data privacy issues are not abstract concerns but have real-world consequences. From insurance rates to targeted advertising and even personal safety, how our information is collected and used affects daily life.
"Privacy is not just for criminals. Privacy is not just for whistleblowers. It's not just for VIPs, and it's not just for people that want to cut the cord and go live in the woods," Parsi argues. "Privacy is for every single one of us."
Privacy and Public Good: A False Dichotomy
A widespread misconception presents privacy as inherently at odds with other important values—suggesting that we must choose between privacy and public safety, student success, or public health. Parsi vehemently rejects this framing.
"It is a mistake to think that it's either you have privacy or public safety," she insists. "Privacy can sit in the same hand at the same time as all of these other things."
The COVID-19 pandemic illustrated this principle clearly. When universities implemented transparent privacy practices around contact tracing—explaining how information would be used and what safeguards would protect it—compliance rates increased dramatically. Rather than hindering public health efforts, strong privacy practices enabled them by building the trust necessary for community participation.
Future Privacy Professionals: Shifting the Focus
For those considering careers in privacy, Parsi offers transformative advice: "I started viewing my work differently when I shifted my focus from trying to protect the organization... to protecting the data subjects."
This people-first approach represents a fundamental shift from traditional risk management and compliance mindsets. Additionally, modern privacy professionals must cultivate expertise across disciplines—from legal knowledge to technical skills.
"Privacy folks are no longer just called on to be compliance people or people to read the law and tell you how to comply with it," Parsi notes. "We're increasingly called to be privacy engineers and data ethicists, some of us data scientists, to have a real deep technical understanding."
For more information about privacy in higher education, resources are available at privacy.ucsd.edu, including a monthly Privacy 101 workshop open to anyone interested in learning more about these critical issues.
Listen to the full Podcast Episode Here