Do you know how to apply privacy principles at work? While Wisconsin doesn’t have a comprehensive state privacy law, data privacy is still important to our institution, our employees, and our students. We don’t need a law to practice privacy principles in meaningful ways! Here are 7 privacy principles (based on the EU’s General Data Privacy Regulation), and ways that you can implement them.
Lawfulness, fairness and transparency
Be informed! UW Madison collects personal data in ways that are lawful, fair, and transparent. We follow data protection laws, use data in ways that are reasonable and expected, and provide a clear Privacy Notice.
Purpose limitation
Ask why! We want people to know and understand why we have their data and how we use it. If you are thinking about using already existing data for a new project, ask why that data was collected. Is the way that you want to use it consistent with why we have it in the first place?
Data minimization
Plan for privacy! Use thoughtful process and operational controls to minimize the data you collect as a part of any work project, whether institutional or research.
- Process: Plan to explicitly define the purpose of any new data collection project, and scope the data you collect directly to the purpose. Only collect data that is relevant and limited to your purpose.
Operational: Plan to know and utilize approved tools for the storage and sharing of data. Use tools approved by the university to be sure they are privacy and security conscious.
Accuracy
Check that your data is correct! Review and manage your personal identity information by going to UW–Madison Profile. You can see how your name appears in various campus systems as well as verify that your addresses, phone numbers, emails, and birthdate are presented correctly. If you find a discrepancy, related resources are available for making quick corrections. You can also find details on how to to set your pronouns, photos, and name pronunciation to ensure you’re represented exactly how you’d like.
Storage limitation
Make a records management plan! Learn about the retention schedules that govern the records you create and have a discussion with your work unit about the importance of following them. When records are at retention, identify ones that have current value and delete the rest. Contact the Records Management Program for more information.
Integrity and confidentiality
Learn about appropriate institutional data access! UW–Madison has a data governance structure that supports high standards in data quality, stewardship, and privacy. This maintains data integrity and confidentiality while allowing appropriate access to facilitate use of data, and the ability to improve with the lessons data can teach. Have 10 minutes? Take the “Data@UW” online training to learn more about institutional data domains and how we control access to our UW–Madison data.
Accountability
Learn! We have training, guidance, and policy on these privacy topics and more (see below!). The more you know, the more you can do to protect yourself and others.
- Data@UW: Responsible Use – DAPIR and OHR training to learn how we control access to our data
- FERPA Training – Office of the Registrar offers a canvas course on handling student records
- Introduction to Research Data Management – University Libraries support research data literacy with tools and training
- Cybersecurity Awareness – Office of Cybersecurity provides annual required training
Want extra credit? Check out these privacy prompts to bring to your next unit meeting!