Sarah Morrow


A Privacy advocate, Sarah has several years of industry and regulatory compliance experience, 5 years specifically in Higher Education as Chief Privacy Officer for The Pennsylvania State University. Additionally, she spent 2 years as a privacy consultant for the Smithsonian Institution and then for State Farm Family of Companies and then as as UNM's HSC Privacy Officer.  Sarah currently works for the state of Texas as Chief Privacy Officer of Health & Human Services Commission, has a Bachelor of Arts in Art History from Mills College, a Paralegal Certification from the University of San Diego, School of Law, and a MBA-ISM (Information Security Management). She maintains designations as a CIPP (Certified Information Privacy Professional) and GISP (GIAC Information Security Professional). After twenty+ years, Sarah retired from her first career as a professional equestrian and entered the world of regulatory compliance through the mortgage banking industry. She was the first Chair of the of the International Association of Privacy Professional's (IAPP) Foundation Certification Exam Development Board and a former member of the Education Advisory Board, Sarah is a co-Founder of and was co-Chair of the Higher Education - Chief Privacy Officers (HE-CPO) group sponsored by EDUCAUSE, was co-Chair of the IAPP's Philadelphia Area Knowledge Net, was co-Founder and Chair of Columbia Area Knowledge Net; is a member of DHS's Data Privacy and Integrity Advisory Committee (DPIAC). She presented to audiences of the IAPP's Global Privacy Summit (March 2010), IAPP Knowledge Net (regional meeting), Internet 2's In Common CAMP (June 2010& 2011) and at EDUCAUSE (Annual conference Fall 2011). Most recently, she presented at IAPP's Global Privacy Summit in March of 2012 and at the EDUCAUSE Security Conference in May of 2012 participating in two sessions. in 2014, Sarah delivered Ethics training for MCLE credit at the IAPP Summitt.

EDUCAUSE Publications

  • The Higher Education CPO Primer, Part 1: A Welcome Kit for Chief Privacy Officers in Higher Education
    • Briefs, Case Studies, Papers, Reports

    The Higher Education Chief Privacy Officers Working Group has created this resource to serve as a welcome kit for CPOs in higher education. The CPO Primer (part one) is intended to provide an overview and introductory body of knowledge to help new CPOs (or those new to higher education) better understand their job and the challenges unique to colleges and universities. The main audience for this document is a CPO or person with primary institutional responsibility for privacy.

EDUCAUSE Presentations

EDUCAUSE Involvement

  • Data Privacy Month Task Force
    • Member: 2012 - 2013
  • HEISC Governance, Risk, and Compliance Working Group
    • Member: 2012
  • Higher Education Chief Privacy Officers
    • Chair: 2011 - 2013
    • Member: 2011 - 2016