Over At CampusAux: IT Privacy, Security and Accessibility On Your Campus w/Dr. Tracy Mitrano

In CampusAux by SwiftData

Dr. Tracy MitranoOn this episode of CampusAux I welcome Dr. Tracy Mitrano, former Director of IT Policy at Cornell University. Tracy is now Principal at Mitrano & Associates and the author of the “Law, Policy and IT?” blog at Inside Higher Ed.

Tracy shares a career’s worth of knowledge regarding campus IT policy, security and some pitfalls to be aware of when contracting with cloud-based service providers.

Head over to www.campusaux.com/5 to listen to the episode. Or check out the Show Notes below.


Tracy began as an English and History major as undergraduate at University of Rochester. When graduated she asked the President of the institution “rather naively” how he got that job and he said she should go to law school to become an effective academic administrator.

President Sproull also stated, “The relationship between higher education and the government is growing increasingly intertwined.”

Tracy spent time as a History Professor at a number of Colleges and Universities before attending law school, then in 2001 assumed the role of Director of IT Policy at Cornell University.

She left Cornell a few years back and now heads up Mitrano & Associates where she helps institutions around the country with discrete projects in the areas of information management, information privacy, security, compliance, risk management and accessibility.

To have knowledge in the law and be able to relate it to the technology in the way we can structure rules, laws, policies, procedures so as not to be overly broad and inhibit innovation.

For those institutions with tightened budgets and limited resources Tracy speaks to a number of resources available regarding getting their IT security policies up to snuff, including looking at:

  • Indiana University
  • Educause Groups — Risk Management, Privacy, Accessibility.
  • Internet2

Whether you buy or build software, privacy, security and accessibility should be built into it.

Pitfalls to be aware of when contracting with cloud-based service providers

The big shift between on-premise and cloud providers is contract is king—what the institution could control when it was on-premise it now has to control through a contract. So the procurement process needs to accommodate to that shift. Rather than be the old linear process that institutions are accustomed to must become a simultaneous approach among some key offices on campus.

Tracy calls these “Gears”. Picture interlocked gears that encompass legal counsel, procurement, IT management, security, technology, business negotiation. All of these offices must get together in terms of procuring a cloud solution.

Tracy calls out Box.com and Microsoft who have done an excellent job at negotiating with institutions and covering all of the legal and compliance aspects of working with higher ed.

She recommends to smaller and new cloud-based vendors to the higher ed industry to get a lawyer who understands higher education, and to also talk to some of the leaders in higher ed, for example from the NACUA (National Association of College and University Attorneys) community.


Code by Lawrence Lessig

Get in touch with Tracy at tbm3@cornell.edu or visit her at mitranoandassociates.com.

Please leave feedback, questions, comments or suggestions in the comments sections below or send to brian@campusaux.com.