UW Privacy Office

Privacy Assessments

ON THIS PAGE:

Overview

A privacy assessment is a questionnaire that helps units analyze and manage impacts and risk of harm to individuals. Drawing from industry best practices and informed by the interoperability of international and domestic laws and regulations, a privacy assessment empowers units to make informed decisions about their business processes and/or systems in the interest of the people UW serves.

Benefits

A privacy assessment helps all areas of the University:

  • Assess and make informed decisions about the impacts and risk of harm to individuals.
  • Identify and implement solutions to collect, use, and maintain data appropriately.
  • Uphold UW’s values and Privacy Principles and meet legal and ethical responsibilities related to personal data.

When a privacy assessment is required

UW Units will be required to complete a privacy assessment in the TrustArc Privacy Management Platform for high-risk data processing activities. After you have inventoried your third party, system, and business process records, TrustArc will create a risk profile that will indicate when an assessment is needed. Please visit our high-risk data processing resource to learn more about these categories. The high-risk data processing categories are summarized below and are described in more detail on the high-risk data processing page.

  • Automated decision-making.
  • Evaluation or scoring.
  • Systematic monitoring.
  • Sensitive or personal data.
  • Large scale data.
  • Matched or combined datasets.
  • Data concerning vulnerable subjects.
  • Innovative or new technology.
  • Interference with rights.
  • Risks to fundamental rights or freedoms of individuals.
  • Other high risks.

Step 1: Determine the need for an assessment

Starting in Autumn 2022, please use TrustArc as your tool for inventorying your unit’s third-party relationships, systems, and business processes and determining high-risk data processing status. You will be able to save your work in progress and return to complete the record if needed.

Please prepare accordingly by attending a TrustArc training and support session.

Request access

Visit the TrustArc Privacy Management Platform page to submit your access request. If you already have access to the Data Inventory Hub but did not indicate that you are responsible for privacy assessments, please submit a new request to modify your current access.

Learn about privacy assessments, data inventory, and TrustArc

Review the following resources to learn essential, high-level background information:

Please contact uwprivacy@uw.edu for alternative training options while closed captioning and transcripts are in development.

TrustArc Entity

Note: Within the TrustArc system, the UW is the primary entity. In certain situations, when navigating the UW’s instance of TrustArc, you may be able to view or access corresponding records. Please adhere to the UW’s Access and Use Agreement for UW Data and Information Systems.

Create data inventory records in TrustArc

In order to complete a privacy assessment you will need to create third party, system, and/or business process records in the TrustArc Privacy Management System Data Inventory first. After your record(s) is/are entered, TrustArc will create a risk profile, which the Privacy Office will review to determine if an assessment is needed.

Step 2: Initiate assessment sent to you from the Privacy Office

If an assessment is required for the system or business process, you will receive an email from the Privacy Office via TrustArc inviting you to complete an assessment. Click “Begin Assessment” to get started.

Step 3: Complete assessment

Follow the prompts provided in TrustArc to complete the assessment. The questionnaire includes a series of short-answer and multiple-choice questions, with opportunities to include supporting documents.

Within the assessment you may add individuals at UW as respondents to help you complete all or a portion of the assessment if needed. These individuals will not need to submit an access request to the Privacy Office for direct access to TrustArc.

After you submit the assessment a UW Privacy Office analyst will review it.

Step 4: Provide additional information and/or address privacy concerns (if necessary)

The Privacy Office via TrustArc may request additional information or that steps be taken to address risks, impacts, or concerns. Once these have been resolved, send the assessment back for review and approval.

After your privacy assessment is approved

After the privacy assessment is approved, you may need to implement other privacy practices in order to enhance the way that privacy is incorporated into the design of the data processing activities.