7 ways to practice data privacy

Do you know how to apply privacy principles at work? While Wisconsin doesn’t have a comprehensive state privacy law, data privacy is still important to our institution, our employees, and our students. We don’t need a law to practice privacy principles in meaningful ways! Here are 7 generally accepted privacy principles (based on the EU’s General Data Privacy Regulation), and ways that you can implement them.

Lawfulness, Fairness, and Transparency

Read up on the Wisconsin Public Records Law! The law provides transparent access to many government records to shed light on the workings of government. UW–‍Madison is subject to the public records law. You can find lots of information online to help navigate the law as a state employee. Check out the Public Records website, or contact the public records custodian to set up a training for your unit!

Purpose Limitation

Ask why! We want people to know and understand why we have their data and how we use it. If you are thinking about using already existing data for a new project, ask why that data was collected. Is the way that you want to use it consistent with why we have it in the first place?

Data Minimization

Review your analytics! If you have a webpage, you’re probably running analytics. Web analytics collect and report data about site visitors and what they looked at. GA4 (Google analytics) is widely used on UW–‍Madison’s campus and is currently built into the WiscWeb theme. While GA4’s privacy measures improve upon past instances, the platform continues to send potentially identifiable user data to Google when leveraged to its full capacity. Remember, If you use third-party analytics, you share data about site visitors and what they looked at on your site with a third party.

For privacy’s sake, stop collecting site visitor data you aren’t using. Think about your use case and don’t collect what you don’t need: if you aren’t using the reports from analytics, turn the data collection off.

If you have questions about web analytics, the UW–‍Madison Google Analytics Practitioners Group is a good place to start (even if you aren’t using Google!). If you are subject to a regulatory framework and aren’t sure of the specific implications of using analytics, contact the Office of Compliance.

Accuracy

Make sure the data UW–‍Madison has about you is correct! Review and update all your personal information by going to my.wisc.edu and navigating to the “UW–‍Madison Profile” tile. Click on “Manage personal information” and instantly update your name in use, and get information about how to update your pronouns or add a name recording to your email signature.

Storage Limitation

Make a records management plan! Learn about the retention schedules that govern the records you create and have a discussion with your work unit about the importance of following them. When records are at retention, identify ones that have current value and delete the rest. Contact the Records Management Program for more information.

Integrity and Confidentiality

Learn about appropriate institutional data access! UW–‍Madison has a data governance structure that supports high standards in data quality, stewardship, and privacy. This maintains data integrity and confidentiality while allowing appropriate access to facilitate use of data, and the ability to improve with the lessons data can teach. Have 10 minutes? Take the “Data@UW” online training to learn more about institutional data domains and how we control access to our UW–‍Madison data.

Accountability

Learn! We have training, guidance, and policy on these privacy topics and more (see below!). The more you know, the more you can do to protect yourself and others.

Want extra credit? Check out these privacy prompts to bring to your next unit meeting!