UA's Commitment to Data Privacy

The University recognizes that individuals whose data may be collected or processed by the University have legitimate interests that their data be handled ethically and that their privacy be considered.

Privacy Principles

The enactment of these Privacy Principles demonstrates privacy as an important value at the University of Arizona (“University”).  The University recognizes that data use can be personally beneficial to students, employees, and the University community, and that these benefits must be balanced with individuals’ data privacy rights and expectations. 

These principles represent the University’s commitment to be a privacy leader in the era of big data and information-sharing consistent with the overall teaching, research, and public service missions of the University. The principles outlined below will help guide the University as it looks to fulfill its goals.

1. Privacy by Design

2. Transparency and Notice

3. Choice

4. Ethical use

5. Responsibility

6. Accountability

7. Future Thinking

Click on the pdf below for a complete description of these Privacy Principles.  

Privacy Governance Committee

In support of efforts towards ethical uses of University and personal data, the Privacy Governance Committee is charged with assessing the privacy implications of proposed institutional data collection and processing activities that represent new or unexpected uses of personal information or that involve particularly sensitive data. Faculty, staff, and students are part of our privacy governance process to ensure the diverse perspectives of University constituencies are taken into account.

Proposed data collection and processing projects are submitted to the committee for review before implementation. After a thorough assessment, the Privacy Governance Committee makes recommendations for approval/ no approval to senior leadership. Generally, the Committee's recommendations include that projects implement appropriate specific safeguards and privacy protections.

To learn more about this committee, you can read this UAnnounce memo

If you are interested in submitting a proposal for review to the Privacy Governance Committee, you can email the Privacy Program.

Privacy Governance Committee Master Roster

 

COVID-19 Data Governance Committee

In October 2020, the COVID-19 Data Governance Committee was formed to provide an expedient approval process that applies privacy and data governance principles to determine appropriate future uses of COVID-19 institutional data. A need for the committee was identified to limit the use of sensitive and regulated data collected as part of COVID-19 mitigation and public health surveillance efforts to approved use and users. This is needed to meet regulatory requirements and also to comply with notices, consents, and authorizations that have made the collection and use of the data possible.  To submit a referral, please complete the form below and email it to the Privacy Program

Privacy Governance and Campus Re-Entry during the COVID-19 Pandemic

The Privacy Governance Committee has reviewed a number of campus re-entry projects. Subject matter experts and stakeholders from across the University participated in multiple committee meetings to assess the privacy implications of re-entry activities. This happened in coordination with the Information Security Office, Information System Owners, Data Custodians/Stewards, and other Compliance Partners. Re-entry activities that involved Human Subject Research are addressed by Institutional Review Board processes.

University Personnel submitting re-entry activities for review are asked to provide information about collection, storage, intended uses, and timetables for destruction of personal information. During each committee meeting, committee members apply the University Privacy Statement, Privacy Governance Committee Privacy Principles, and other appropriate University compliance guidance, along with all applicable laws and regulations, to perform in-depth assessments.

Ultimately, the outcomes of this process include improved plans to safeguard collection and use of personal information and call for transparency about data use.