The University recognizes that individuals whose data may be collected or processed by the University have legitimate interests that their data be handled ethically and that their privacy be considered.
Privacy Governance Committee
In support of efforts towards ethical uses of University and personal data, the Privacy Governance Committee is charged with assessing the privacy implications of proposed institutional data collection and processing activities that represent new or unexpected uses of personal information or that involve particularly sensitive data. Faculty, staff, and students are part of our privacy governance process to ensure the diverse perspectives of University constituencies are taken into account.
Proposed data collection and processing projects are submitted to the committee for review before implementation. After a thorough assessment, the Privacy Governance Committee makes recommendations for approval/ no approval to senior leadership. Generally, the Committee's recommendations include that projects implement appropriate specific safeguards and privacy protections.
To learn more about this committee, you can read this UAnnounce memo.
If you are interested in submitting a proposal for review to the Privacy Governance Committee, you can email the Privacy Program.
COVID-19 Data Governance Committee
In October 2020, the COVID-19 Data Governance Committee was formed to provide an expedient approval process that applies privacy and data governance principles to determine appropriate future uses of COVID-19 institutional data. A need for the committee was identified to limit the use of sensitive and restricted data collected as part of COVID-19 mitigation and public health surveillance efforts to approved use and users. This is needed to meet regulatory requirements and also to comply with notices, consents, and authorizations that have made the collection and use of the data possible. To submit a referral, please complete the form below and email it to HIPAAPrivacy@email.arizona.edu.
Privacy Governance and Campus Re-Entry during the COVID-19 Pandemic
The Privacy Governance Committee has reviewed a number of campus re-entry projects. Subject matter experts and stakeholders from across the University participated in multiple committee meetings to assess the privacy implications of re-entry activities. This happened in coordination with the Information Security Office, Information System Owners, Data Custodians/Stewards, and other Compliance Partners. Re-entry activities that involved Human Subject Research are addressed by Institutional Review Board processes.
University Personnel submitting re-entry activities for review are asked to provide information about collection, storage, intended uses, and timetables for destruction of personal information. During each committee meeting, committee members apply the University Privacy Statement, Privacy Governance Committee Privacy Principles, and other appropriate University compliance guidance, along with all applicable laws and regulations, to perform in-depth assessments.
Ultimately, the outcomes of this process include improved plans to safeguard collection and use of personal information and call for transparency about data use.