Skip to content

Privacy Everywhere Conference

2022 Privacy Everywhere Conference: The Promise of Privacy

Join us for a free online conference from 10 a.m.-2 p.m., Friday, January 28, 2022. Registration Form

Decisions about privacy affect our professional, educational, and personal lives. Topics include policy, privacy by design/ “Built-in privacy,” privacy and protection of research subjects, enabling data through privacy, Rokwire/ Illinois App. Track A covers Research and Emerging Issues in Privacy. Track B covers Privacy Literacy: Practical Applications for a Non-technical Audience.  

Thank you to our partners
Technology Services, iSchool, University of Illinois Library, Office for the Protection of Research Subjects within the OVCRI


 

Conference Schedule

Privacy Everywhere Logo

10:00 AM 

  • Welcome: Phil Reiter, Associate Director of Privacy, Technology Services and Sheena Bishop, Privacy Analyst, Technology Services

10:10 AM 

  • Keynote Speakers: Joe Barnes, Chief Digital Risk Officer, University of Illinois System and Chuck Geigner, Interim Chief Privacy and Information Officer, Technology Services

10:30 AM 

  • Session 1A – Privacy Features in Illinois REDCap, Michelle Lore 
  • Session 1B – Book Discussion: "Governing Privacy in Knowledge Commons", Madelyn Sanfillippo  

11:00 AM  

  • Q & A | Discussion  

11:15 AM 

  • Session 2A – Finding the Right Secure or Private Data Storage, Amy Hovious & Chris Larrison  
  • Session 2B – Privacy and the Future of Ed Tech, Daisy Bennett (Canvas)

11:45 AM 

  • Q & A | Discussion  

12:00 PM 

  • Breakout Room: Walk-In Clinic for devices. 
    Please join and get matched with an IT Professional to perform a device check for Privacy settings on your phone or computer (e.g. looking at geolocation settings, caching of data, Privacy settings on key apps).

12:30 PM 

  • Session 3A – Privacy Threat Modeling, Jonathan Fox    
  • Session 3B – Privacy in the Illinois App, Bill Sullivan  

1:00 PM 

  • Q & A | Discussion  

1:15 PM 

  • Session 4A – Privacy Engineering and the Enterprise, Amy Hariharan Dang  
  • Session 4B – Towards a Comprehensive Criteria for Privacy Protections, Masooda Bashir 

1:45 PM 

  • Q & A | Discussion  

2:00 PM 

  • Adjourn 

Session Summaries

Keynote

Joe Barnes will share a bit about his new role and vision for Privacy, as well as how that aligns to his vision for the Digital Risk office at the System.

TRACK A: Research and Emerging Issues in Privacy 

10:30 AM Privacy Features in Illinois REDCap

Michelle Lore will explore the built-in privacy features of Illinois REDCap, a HIPAA-capable data collection platform. These features allow researchers to easily incorporate privacy into their research designs.

11:15 AM Finding the Right Secure or Private Data Storage

Amy Hovious and Chris Larrison will help you discover some ways to identify and choose the right data storage option for your privacy needs. There are numerous data technology options available to researchers utilizing high risk data. Identifying the appropriate level of storage security and leveraging campus technology to ensure the best balance between access and security can be a significant challenge. They will help you to start to identify and navigate those options. 

12:30 PM Privacy Threat Modeling

In this session Jonathan Fox will focus on real world experience and knowledge of how one may distinguish privacy threats from vulnerabilities, what strategies can be employed to create context diagrams for privacy threat modeling, how privacy engineers can translate threats into user stories, and then utilize user stories to apply controls to reduce or eliminate threats to privacy.

1:15 PM Privacy Engineering and the Enterprise

"Privacy is a human right".  Whether or not the world we live in is ideal, how can we as individual contributors or as a team work together to ensure that the personal data and privacy of those that trust us with their information is respected? Organizations are also under mounting pressure from a legal standpoint to help individuals exercise rights over their personal data, and this space continues to evolve. Amy Dang will help you explore topics in Privacy management in order to spark your own thoughts to share with your teams tand help ensure overall privacy roadmap benefits from a rich set of perspectives. You have superpowers unique to you,.Mapping where you want to go as an org lets you understand how to combine powers to protect privacy for all - one step at a time.

TRACK B: Privacy Literacy- Practical Applications for a Non-technical Audience 
 

10:30 AM Governing Privacy via Collective Action: Book Discussion - "Governing Privacy in Knowledge Commons"

Madelyn Sanfillippo will discuss cases from her 2021 book Governing Privacy in Knowledge Commons and the potential for collective action to address future privacy dilemmas. Privacy, in contrast with secrecy, is a relational concept, achieved when personal information is shared appropriately between actors. Viewed in this way, privacy is necessarily contextual and complex because norms about appropriate flows and use of personal information are socially negotiated and often contested. Privacy is thus a problem of collective action. Moreover, personal information is often among the knowledge resources pooled and managed by knowledge commons. Even when that is not the case, personal information can be important in shaping knowledge commons participation and governance. [A free copy of the text can be found here: https://www.cambridge.org/core/books/governing-privacy-in-knowledge-commons/FA569455669E2CECA25DF0244C62C1A1

11:15 AM Privacy and the Future of Ed Tech

The educational technology ecosystem is vast, complicated, and rapidly changing. With the current hybrid learning environment, tracking how and where your data is being used can be challenging to understand. In this presentation, the Canvas privacy team (Instructure) will provide (a) an overview of the current privacy legal landscape, (b) predictions for the future of privacy in ed tech, and (c) best practices in personal data protection. 

12:30 PM Privacy in the Illinois App

Our data-driven society has a tricky balancing act to perform. We want to build innovative tools and services that use personal data AND we are committed to protecting people’s privacy. If you can’t meet this tricky balancing act, you either produce tools that people won’t use, or you put their privacy at considerable risk. In the Illinois app, we take this challenge on with vigor and purpose. William Sullivan will describe multiple ways we work to engage users over questions about managing their privacy. Time for questions will follow. 

1:15 PM Towards a Comprehensive Criteria for Privacy Protections 

Masooda Bashir will discuss a recent publication on privacy in cloud computing.  Abstract: Cloud computing holds the promise of democratizing access to many computer resources, such as software, by effectively outsourcing computing tasks. However, this raises a variety of security and privacy concerns. Researchers and professionals must maintain security and privacy protections when managing data and information in cloud environments. While several security-related strategies and protections have already been established, there is still no comprehensive set of controls or criteria that specifically addresses privacy protection in the cloud. In this paper, we propose an all-encompassing privacy framework for cloud computing: the Comprehensive Criteria for Privacy Protections (C2P2) framework. The C2P2 framework was developed through qualitative analysis and evaluation of ten major existing privacy-related documents. She will present an initial and novel synthesis of the C2P2 framework, for which we found 107 unique privacy criteria across thirteen categories. This is the first assessment of its kind for the current privacy-related frameworks and serves as the first step towards establishing a comprehensive set of privacy protection criteria in cloud computing. We believe this framework provides an essential roadmap towards an inclusive privacy standard that information researchers and professionals can use to build controls and certifications. 



 

Presenter Biographies

Joe Barnes, B.A., MBA

Barnes is the Chief Digital Risk Officer (CDRO) for the University of Illinois System. As CDRO, he is responsible for establishing and maintaining the University of Illinois System's digital risk management program. Digital Risk is comprised of the challenges related to continuous change and increasing complexity in the U of I System's operations, technology, and threat environments as they relate to cybersecurity, privacy, compliance, business continuity, and risk management. Barnes has more than 20 years of experience in information technology, in both the public and private sectors; for the past 15 years, his work has focused on privacy, information security, and risk. He is a Certified Information Systems Security Professional. He holds a Bachelor of Arts degree from the University of Illinois Urbana-Champaign and a Master of Business Administration degree from Texas A&M University–Corpus Christi. 

Masooda Bashir, Ph.D 

Bashir is an Associate Professor at the School of Information Sciences and the Director Social Sciences in Engineering Research at the University of Illinois at Urbana Champaign. Her research interests are at the interface of information technology, human psychology, and society; especially how privacy, security, and trust intersect from a psychological point of view with information systems. Bashir's interdisciplinary educational background, industry experience, research accomplishments, and leadership roles in directing several educational and research programs provides her the broader and human centered perspective that is at the core of her research agenda when it comes to Information Privacy/Security.  

Daisy Bennett, B.A., MPP, CIPP/EU, CIPP/US, CIPM

Bennet serves as Privacy Officer for Instructure, Inc. She is passionate about privacy, education, and technology. With 16 years of experience, she has had the opportunity to help organizations to achieve meaningful and effective privacy programs. As a privacy professional she strives to bridge the gap between compliance, customer, and business needs to develop strong, transparent privacy practices. Daisy is a Certified Information Privacy Professional (CIPP-US & CIPP-E), and a Certified Information Privacy Manager (CIPM) through the International Association of Privacy Professionals. Daisy also holds a B.A. in History from the University of California Davis, a M.P.P. from the University of Utah, and a J.D. from the SJ Quinney College of Law (University of Utah).

Amy Hariharan Dang, B.S.

Dang is currently a Principal Product Manager at Microsoft, on the Privacy Management product team, working to empower every person and every organization on the planet to be a privacy hero! Amy holds a degree in computer engineering from UIC and has enjoyed 2 decades of continuous learning and growth in the information technology space. Many of her past 10 years at Microsoft were spent helping customers evolve zero trust approaches and protect, detect, and respond to threats as a principal cybersecurity consultant.

Jonathan Fox, Ph.D.

Fox is director of privacy by design for Cisco and a member of Cisco’s chief privacy office. He is coauthor of The Privacy Engineer’s Manifesto: Getting from Policy to Code to QA to Value (ApressOpen, 2014). With more than 20 years of privacy experience, Fox’s principal areas of focus have been product development, government relations, mergers and acquisitions, and training. He is a CIPP/US and CIPM, and was a Certified Information Security manager (CISM). Prior to joining Cisco, He was senior privacy engineer at Intel. His previous roles include director of data privacy, McAfee; director of privacy, eBay; deputy chief privacy officer for Sun Microsystems; and editor-in-chief of sun.com. He frequently speaks at industry events and is a member of the IEEE P7002 Personal Data Privacy Working Group and Chair of the U.S. Technical Advisory Group for ISO/PC 317 Consumer protection: privacy by design for consumer goods and services.

Chuck Geigner, B.S.

Chuck Geigner is Interim Chief Privacy and Security Officer for the University of Illinois at Urbana-Champaign. He is a U.S. Navy veteran with 30 years professional experience contributing towards his sensibility, skill, and strategy. In that time he dedicated over 17 years to enabling higher education and over 15 years focusing purely on developing privacy and cybersecurity programs. Geigner graduated summa cum laude in 1997 with a B.S. in Industrial Technology from Illinois State University. When off the clock, he enjoys relaxing with his family, cooking, working on his project car, and fiddling around with electronics. One day that car will run, honest.

Amy Hovious, MLIS

Amy is part of the Innovation and Research IT leadership team at Technology Services. She has been on campus for over 15 years in various technology-related roles. She focuses on finding ways to best support our researchers, instructors, students and staff with their technology needs. 

Chris Larrison, MSW, Ph.D.

Larrison is Associate Professor in the University of Illinois at Urbana-Champaign, School of Social Work. His research and teaching focus on the social determinants of and services for serious mental illness. His work has been shaped by a transdisciplinary approach to research and collecting primary data in community-based settings from people receiving and providing services. He is skilled in utilizing mixed qualitative and quantitative methods. 

Michelle Lore, B.A., B.S., M.S

Lore has been the REDCap Application Specialist on campus since April 2019. Prior to this position, she worked in the Office for the Protection of Research Subjects. Her academic background is in sociology and gender studies.

Phil Reiter, B.S., M.S.

Reiter is the Associate Director, Privacy for the University of Illinois at Urbana Champaign. His office serves the Urbana, Springfield, and System offices in support of data privacy engagements, consulting, and analysis. Phil has more than 20 years of experience in information technology and cyber security and data privacy, specializing in support of higher education, research, and has a focus on creating a culture of data awareness and privacy for the institutions he supports. He also leads data management and governance efforts for the Urbana campus. 

Madelyn Sanfillippo, Ph.D.

Sanfilippo is an assistant professor in the School of Information Sciences at the University of Illinois at Urbana-Champaign. Her research empirically explores governance of sociotechnical systems, as well as outcomes, inequality, and consequences within these systems. Using mixed-methods, including computational social science approaches and institutional analysis, she addresses research questions about: participation in and legitimacy of sociotechnical governance; social justice issues associated with sociotechnical governance; privacy in sociotechnical systems; and differences between policies or regulations and sociotechnical practice. Her work practically supports decision-making in, management of, and participation in a diverse public sphere. 

William Sullivan, Ph.D.

William Sullivan works to create healthier, more sustainable communities. He is a Professor of Landscape Architecture and the Director of the Smart, Health Community initiative at the University of Illinois. Sullivan and his colleagues have developed Rokwire, an open-source platform for mobile apps that supports smart, healthy places. The goal of this work is to enhance human capabilities: to create healthier, safer, more equitable, sustainable places; enable better decision-making; and fuel innovation for all members of our community.

Planning Committee

Thank you to the following University of Illinois staff and faculty who planned this year's conference.

  • Anita Balgopal
  • Sheena Bishop
  • Mike Bohlmann
  • Sandy Bone
  • Isaac Galvan
  • Lisa Janicke Hichcliffe
  • Dana Mancuso
  • Cindy McKendall
  • Phil Reiter
  • Sandra Thompson