Privacy Governance Process

The University recognizes that individuals whose data may be collected or processed by the University have legitimate interests that their data be handled ethically and that their privacy be considered. In support of efforts towards ethical uses of University and personal data, the Privacy Governance Committee is charged with assessing the privacy implications of proposed institutional data collection and processing activities that represent new or unexpected uses of personal information or that involve particularly sensitive data. Faculty, staff, and students are part of our privacy governance process to ensure the diverse perspectives of University constituencies are taken into account. The roster of the Privacy Governance Committee can be found here:

 

Proposed data collection and processing projects are submitted to the committee for review before implementation. After a thorough assessment, the Privacy Governance Committee makes recommendations for approval/ no approval to senior leadership. Generally, the Committee's recommendations include that projects implement appropriate specific safeguards and privacy protections.

If you are interested in learning more about the Privacy Governance Process  or submitting a proposal for review to the Privacy Governance Committee, contact privacy@arizona.edu.

 

Privacy Governance and Campus Re-Entry during the COVID-19 Pandemic

The Privacy Governance Committee reviewed a number of campus re-entry projects. Subject matter experts and stakeholders across the University participated in multiple Privacy Governance Committee reviews to assess the privacy implications of re-entry activities. This happened in coordination with the Information Security Office, Information System Owners, Data Custodians/Stewards, and other Compliance Partners. Re-entry activities that involved Human Subject Research are addressed by Institutional Review Board processes.

University Personnel submitting re-entry activities for review are asked to provide information about collection, storage, intended uses and timetables for destruction of personal information. During each committee meeting, committee members apply the University Privacy Statement, Privacy Governance Committee Committee Privacy Principles, and other appropriate University compliance guidance, along with all applicable laws and regulations, to perform in-depth assessments.

Ultimately, the outcomes of this process include improved plans to safeguard collection and use of personal information and call for transparency about data use.