Data Privacy at Penn State For Holly Swires, chief privacy officer and assistant chief information security officer at Penn State, her interest in information security and privacy came later in her career. Swires initially earned a bachelor’s degree in criminal justice from the University in 2005, during which time she gained experience as a victims’ advocate for individuals who had experienced sexual assault and domestic violence. After graduation, she became a group therapist providing mental health services to adults through a partial hospitalization program. While she enjoyed working with people and the impact she was able to make in her previous roles, she found herself drawn to regulatory compliance and researching laws and regulations. That led her to a position as an integrated security specialist at the University’s Applied Research Laboratory, where she developed and implemented policies and procedures pertaining to security and overall compliance to meet research-related contract requirements. “That was my first exposure to security,” said Swires. She later started a position at Penn State as the privacy coordinator working for the CPO, and eventually ended up stepping into that privacy officer role. Then, in 2015, an executive decision was made to separate information security from the University’s central IT department. Swires was asked to serve as the interim assis-
Sharing Expertise Stay involved » ist.psu.edu/alumni
tant CISO and help restructure and lead the Office of Information Security (OIS). After two years, the Privacy Office transitioned into OIS, and Swires was formally
appointed as chief privacy officer in 2017, with a dual role as the assistant CISO. In her dual roles, Swires’ responsibilities include creating a culture of privacy and leading Penn State in achieving and continuously promoting compliance with varying regulations and internal policies pertaining to privacy, information security, and other related programs. “Some of these programs include PCI-
DSS, GLBA, HIPAA, GDPR, risk assessments, third-party risk management, and research consulting and engagements pertaining to regulated data,” she said. “My primary focus is the development and implementation of University-wide privacy program.” To further her knowledge, she enrolled in a master of professional studies in enterprise architecture and business transformation program, offered by the College of IST through Penn State World Campus, earning her degree in December. “Understanding my passion for privacy and information security compliance, this program made a lot of sense for me because it focused on strategy and business components that are very pertinent to a role like mine,” she said. With a variety of data privacy laws and regulations continuing to surface within the U.S. and internationally, this understanding will ultimately benefit Penn State, where Swires said building a forward-thinking and futuristic privacy program is crucial. “It would be very challenging for my team and I to build a new program or update it every time a new law or regulation comes into play for Penn State,” she said. “The importance is really building something that is sustainable for an environment that is constantly evolving and will continue to for some time.”
A shoutout to the more than 30 IST alumni who participated in the college's recent Alumni Professional Development Panel, hosted by the college’s honor society Gamma Tau Phi. Alumni working in government and industry, including Microsoft, IBM, Facebook, TikTok, J&J, GM, and Universal Parks and Resorts shared their experiences with students on a number of professional development topics.
Winter 2022 33