WRAL Local Tech Wire’s first Exchange event for 2009 is Thursday and will explore HIPAA, PCI regulations and SAS 70. Susan Kellogg of Kenan-Flagler Business School, will moderate an expert panel on the impacts compliance issues are having on today’s business environment and in education.

Click the for event and registration information.

Susan Kellogg is chief information officer and associate dean of information technology at The University of North Carolina’s Kenan-Flagler Business School in Chapel Hill.

She works collaboratively with university leaders to determine the technology strategies that support research and teaching and is responsible for all aspects of technology at the business school, including educational media, student systems, collaboration, information management, networks, staff/student desktop support and industry-standard levels of service.

Kellogg is a technology strategist with more than 20 years’ experience across all areas of technology.

Local Tech Wire spoke with her this week about some of the technology challenges companies are facing when it comes to compliance issues.

Have you seen some similarities with protecting patient records, which warranted HIPAA compliance, and storing student information?

HIPPA and the Federal Education Rights and Privacy Act (FERPA) have similar results, but the intents behind them are very different. Both are laws. Both protect the personal information of an individual from unauthorized disclosure. Both view the information as belonging to the person, not to the institution that creates and stores it. However, FERPA was put in place primarily to ensure that students have access to their records. FERPA also covers strict rules on disclosure of student information, but the primary goal was to give the students (and their parents) access to information that was not necessarily available to them before.

How has this impacted your IT systems at Kenan-Flagler Business School?
We have to be very careful in how we handle student information in our day-to-day work. For instance, we commonly video-tape our students saying their name to help people learn who they are and how to pronounce their names correctly. This information used to be widely available to anyone attending or working at UNC Business, as it helped greatly for personal networking particularly for the students. Now, it is shared only with faculty and staff who need this information to interact with the student. Because we have so many people who deal with student data, training is the key. UNC has created an online training course for FERPA and included requirements for completion of a FERPA test in order to gain access to student information systems. The FERPA regulations give us a way to think through the life-cycle of a student’s information and make sure we are securing it at every step. We consider this to be a good thing.

Why is it important for a business executive to be educated on compliance?
Compliance has moved us from best practices to must-comply practices. Good executives always pay attention to the security of information. Compliance concerns are not going away. Compliance can be expensive; understanding and leveraging compliance for the benefit of the business is the key to mitigating cost and maximizing benefits. To do this, you must be educated on compliance, and it needs to be integrated into the way you do business.

How have compliance regulations changed the way that business is conducted online?
Honestly, online business is still a bit like the Wild West – you have your good guys and you have your bad guys, and it isn’t always easy to tell the difference. I would say yes, compliance regulations have changed the way business is conducted online, but there is much work to be done. We have very few standards that give a clear signal to users that a site is safe and properly safeguarding identity information. Without regulation of how to accept information – and to store it securely – we all lose. Take last week’s Heartland Payment Systems data breach for instance. They process payments for more than 250,000 businesses. With compromised transactions being quoted in the tens of millions, the question is how many losses will it take for the government to enact stronger laws governing these businesses?

On the panel


Kellogg will moderate the expert panel at the Exchange event. Other keynote panelists include Tony Verdone, vice president of development and operations at MediClick; Don Clow, CTO at Hosted Solutions; and Harry Reynolds, vice president and information compliance officer at BlueCross BlueShield of North Carolina.

The RTP event is sponsored by Hosted Solutions, InCentric Solutions, Kenan-Flagler Business School, Scale Finance, North Carolina Technology Association (NCTA), Council for Entrepreneurial Development (CED), and BIG Council.

Due to overwhelming response to this initial event, we have added a second date in Charlotte on Feb. 18.

Once again, the event will run 11:30 a.m. to 1:30 p.m., at Byron’s South End, and will feature an expert panel discussion moderated by Dan Manley, senior manager at KPMG Information Technology Advisory Services. Additional panelists include Patty Brandow, senior director of internal control compliance at Time Warner Cable; Keith Haskett, vice president of operations with ATTUS Technologies, Inc.; and Gideon Rasmussen, vice president of merchant PCI compliance at Bank of America.

The Charlotte event is sponsored by CED, Hosted Solutions, InCentric Solutions, Kenan-Flagler Business School, and NCTA.

The cost for each event is $20.