Frequently Asked Questions

When someone mentions the word “privacy” several types of privacy usually immediately come to mind. For instance, bodily privacy focuses on the physical self and the right to control invasive procedures, like drug testing, genetic testing, or body searches. Communications privacy is involved when we talk about activities such as phone tapping and mail interception. Encroachments on personal space invoke territorial privacy where our personal boundaries might include our car, home, or personal locker. In each of these types of privacy the objective is to control what and how we present details about ourselves to the world.

Information or data privacy is empowering individuals to choose what happens to their personal data. This is sometimes referred to as “information self-determination”. Organizations implement data privacy by informing individuals about the organization’s data handling practices; providing opportunities for the individual to choose how personal information will be collected, used, and shared, and abiding by the individual’s requests.

Information security (InfoSec) and privacy are complementary but separate disciplines.

InfoSec focuses on electronic data and generally refers to protecting that data from unauthorized access, use and disclosure. Privacy involves individuals’ rights to control how their data is collected and used. Privacy encompasses the analysis of policy and business processes to ensure the legal and ethical obligations of an organization are upheld when the organization collects, stores, uses and/or discloses sensitive information. This includes informing the public of the organization’s information practices; providing information on opportunities to choose whether personal information will be shared and of options to restrict access to sensitive information; and assessing risks associated with the unauthorized access to, or loss of, sensitive information. For privacy, information in all formats and forms is within scope.

To build a culture of privacy, we must weave privacy principles into how we manage data in our day-to-day business processes. Examples of privacy in action include

We can’t protect the data entrusted to us if we don’t know what we have, so the first step toward data protection is to inventory and classify your Department’s data. Contact the Privacy Program to collaborate on the best approach for your area. We’ll develop a strategy together.

The University Data Classification Policy establishes and describes categories of data based on the level of sensitivity. The University has adopted four data classification categories: Restricted, Confidential, Internal Use and Public. Contact the Privacy Program to further discuss the types of data you handle.

There is no one-size-fits-all for privacy. Expectations of privacy vary from person to person, change over time, and can be contextual. The number of state and federal privacy laws continues to increase each year, and technological advances and adaptation move faster than society’s ability to understand its full implications. Privacy principles guide behavior and decision making as we navigate this constantly changing environment.

Let’s talk about your data! Request a privacy consult.

Report data and information security incidents to CCIT. Refer to the CCIT Information Security Incident Reporting Procedures for additional reporting guidance.