The University Data Stewardship Council encourages a culture of stewardship, responsibility, and information sharing among those entrusted with administrative data and information. The principle of good stewardship is particularly important on the issue of data privacy.
Data stewards have an obligation to protect the confidentiality of personally identifiable information (PII). PII is any information about an individual maintained by the University, including “(1) any information that can be used to distinguish or trace an individual’s identity, such as name, social security number, date and place of birth, mother’s maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information” (GAO Report 08-536, http://www.gao.gov/new.items/d08536.pdf).
Policies and Laws
The University’s policy surrounding the use of non-public, personal information is HR Policy 601 (http://humanresources.uchicago.edu/fpg/policies/600/p601.shtml). Laws and regulations governing data privacy include:
- Illinois Personal Information Protection Act
- Family Educational Rights and Privacy Act (FERPA)
- Health Insurance Portability and Accountability Act (HIPAA)
- EU General Data Protection Regulation (GDPR) (effective May 25, 2018)
This list is not exhaustive; there may be additional data privacy laws and regulations depending on the specific circumstance.
- EDUCAUSE – https://library.educause.edu/topics/policy-and-law/privacy
- Electronic Frontier Foundation – https://www.eff.org/
- GDPR Explained – https://er.educause.edu/articles/2017/8/the-general-data-protection-regulation-explained
- Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) – https://csrc.nist.gov/publications/detail/sp/800-122/final
- University Data Usage Guide – http://dataguide.uchicago.edu/