Data privacy issues are intrinsic to the institutional data we collect about people: the students, faculty members, community citizens, parents, contractors, website visitors, and anyone who interacts with the university. Data handling practices shall be transparent and regulated in order for the institution to stay accountable for the legal, ethical, and secure handling of personal data.
Personal data is any information which can be used to distinguish or trace the identity of an individual alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual. This includes protected health information such as a patient’s medical record or payment history (SYS 1040a).
At the University of Wisconsin-Madison all individuals have a responsibility to protect the privacy of our institutional data as required, and to manage it appropriately throughout the whole data lifecycle (UW-523). The Data Governance Council provides a forum for experts and campus representatives to pursue strategies to balance institutional data availability with privacy, compliance, and security.
Campus data privacy resources
Personal data privacy rights
The University of Wisconsin System Administrative Privacy Procedure 1040.A describes the appropriate standards for the handling, protection, and privacy of personal data throughout the University of Wisconsin.
- Notice of Collection – The purpose for which personal data is collected must be specified at, or prior to, the time of collection (also known as the Right to be informed).
- Use of Personal Data – Limits the use of personal data to the purposes for which it was collected. Only those with a legitimate business need to accomplish the institution’s mission are authorized to access, use, transmit, handle, retain, or receive.
- Disclosure – Personal data will only be released to third parties under certain conditions including:
- Legal requirement, such as subpoena, warrant, open records request, or court order.
- Emergencies to protect the health, safety, or property of any person.
- Protection of interests, such as in cases such as employee violations or threats of injury to people or property.
- Storage and Retention – Personal data is only stored and retained when it is required to reasonably serve the institution’s academic, research, administrative functions, or other legally permitted purposes.
Types of privacy
As defined by the University of California Privacy and Information Security Initiative:
- Autonomy privacy: An individual’s ability to conduct activities without concern of or actual observation.
- Information privacy: The appropriate protection, use, and dissemination of information about individuals.
- Information security: The protection of information resources from unauthorized access, which could compromise their confidentiality, integrity, and availability.
Contact
If you have any questions about UW Madison practices around the use of personal information, contact gdpr-program@wisc.edu.