Skip to Navigation | Skip to Content

Data Protection Risk Analysis

NYU and its constituent parts collect, process and store a substantial amount of financial, academic, research and personal information. NYU is strongly committed to ensuring that this data is protected from compromising events that could place the University or its students, faculty and administrators at risk. In furtherance of this commitment, in January 2007, NYU convened the Data Protection Risk Analysis Task Force (DPRA Task Force) and charged it with reviewing and improving the security of data collected, handled and stored by NYU.

The DPRA Task Force was specifically charged with the following objectives:

  • Development of a data classification system;
  • Surveying academic departments and administrative units to learn more about the sensitive data collected, handled and stored;
  • Development and dissemination of Best Practice guidelines and tools; and
  • Implementation of a University-wide education and awareness program to encourage and foster best practices.

The DPRA Task Force is in the process of meeting its objectives. To date, it has developed a Data Classification system and a compendium of Best Practices on data protection. In addition, the DPRA Task Force is currently surveying data protection practices and procedures in selected NYU departments throughout the University. Once the DPRA Task Force completes its survey, it will utilize the results to tailor the content of the University’s current training program to facilitate best practices. In addition, should the DPRA Task Force uncover any practices that might potentially compromise data, it will take remedial action to enhance the security of the data in question.

Operational Risk and Compliance has spearheaded the DPRA Task Force, in collaboration with representatives from the following departments: Information Technology Services, Office of Compliance, Office of the Executive Vice President, Office of the Provost, Public Safety, Internal Audit and NYU Medical Center’s Information Technology Services.

Questions regarding NYU’s Data Protection initiative may be directed to Jane Woodcock, Director of Operational Risk Analysis and Compliance, by email or by calling (212) 998-1437, or Jane Del Favero, Director of Network Security, Information Technology Services, by email or by calling (212) 998-3053. Additional information regarding data security at NYU can be found at Information Technology Services' Computer and Network Security page.