The Privacy Program provides services in 4 distinct concentrations
-
Central privacy coordination and support services
-
Data and privacy governance
-
Third party vendor management
-
Sectoral and jurisdictional privacy regulatory applications
To request any of these services, please email privacy@email.arizona.edu
| SERVICE | SERVICE DESCRIPTION |
| Document Development & Drafting | In conjunction with stakeholders, draft privacy statements, data sharing agreements, and data protection assessments. |
| Education | Design and provide educational programming, tools, and resources to increase awareness and understanding of privacy regulations. |
| Incident Response Consultation | Coordinate with privacy programs and the Security Operations Center to triage security incidents, to ensure thorough investigations and mitigation plans are executed, and appropriate notices are deployed upon data breach determinations. |
| Privacy Consultations |
(1) Deliver privacy-related guidance in a digestible format to stakeholders related to applicable privacy regulatory requirements in response to research, new product concepts, specific inquiries, etc. (2) Work with stakeholders to analyze business processes, document data flows, and/or advise on potential privacy compliance gaps. (3) Consult with other UA privacy programs (HIPAA, PCI, FERPA, COPPA) to issue spot and collaboratively problem solve. |
| SERVICE | SERVICE DESCRIPTION |
| COVID-19 Data Governance Committee | An expedient approval process that applies privacy and data governance principles to determine legal and ethical uses of COVID-19 institutional data. |
| Data Governance | In conjunction with UA’s Chief Data Officer and Data Stewards, UA’s Privacy Statement, Privacy Principles, policies, and notices given to individuals at the time of data collection are applied to manage the availability, usability, accessibility, and integrity of personally identifiable information. |
| Privacy Governance Committee | A process to assess the privacy and ethical implications of the collection and processing activities of institutional data and personally identifiable information that represent novel and innovative uses of the data, especially those that involve sensitive data. The resulting document is a Data Protection Impact Assessment. |
| SERVICE | SERVICE DESCRIPTION |
| Contract Reviews | Review of privacy terms and conditions including: redlining and editing, providing recommendations, and in some cases, assisting with negotiating contract language with vendors. |
| UA’s Information Security & Privacy Addendum | Customization of addendum and appendices to strengthen the UA’s security and privacy posture. |
| SERVICE | SERVICE DESSCRIPTION |
| Data Subject Rights Requests | Respond to and manage data subject rights requests (i.e., the right to: access, to be forgotten, data deletion, processing restrictions, data portability, data correction, etc.). |
| Monitoring, interpretation, and application of privacy laws and regulations and policies | Strategies and initiatives to adapt to evolving regulatory, legal, industry, and technology changes impacting UA's compliance with sectoral and jurisdictional privacy laws and regulations. |
| Privacy Complaints | Triage and manage complaints related to concerns about individuals’ privacy. |