UW Privacy Office

Glossary of Privacy Terms

This glossary defines various privacy terms that appear on the UW Privacy Office’s website and in its published materials. The UW Privacy Office may periodically update this glossary. Accordingly, you are encouraged to visit this page from time to time for updates.

 
Business Associate Agreement or BAA: per UW Medicine Compliance, an agreement used with Business Associates (as defined by HIPAA) that includes terms and conditions that are intended to protect patients’ Protected Health Information.

 
Contractor: a third-party that enters into a PDPA to provide goods or services to UW that involve Data Processing on UW’s behalf. 

 
Controller: the person or entity that determines the purpose and means for Data Processing.

 

Data Breach: any technical or physical incident or set of circumstances that leads to the unauthorized, accidental or unlawful access to, or destruction, loss, alteration, or disclosure of, Personal Data.

 
Data Processing: any operation(s) performed on Personal Data, whether or not by automated means, such as collection, recording, organization, storage, adaptation, alteration, retrieval, consultation, access, use, disclosure by transmission, dissemination, combination, restriction or destruction.

  
Data Subject Request: a request to exercise rights available under any applicable law with respect to Personal Data.

 
EU GDPR: the European Union General Data Protection Regulation.

 
Personal Data: any records or information relating to an identified or identifiable natural person, such as name, identification number, location data, online identifiers, or factor(s) specific to physical, physiological, genetic, mental, economic, cultural, or social identity or characteristics, or is identified as personally identifiable data (or a similar term) by any applicable law.

 

 Personal Data Processing Agreement or PDPA: A Data Processing agreement used with Contractors that includes terms and conditions that are intended to protect personal data.

 

Privacy Agreements: UW-approved agreements that govern personal data protection such as the Access and Use Agreement, PDPA, and BAA.

 

Privacy Impact Assessment for PDPA Modifications: a template provided by the UW Privacy Office to help departments and units make informed decisions about a Contractor’s proposed modifications to the PDPA by documenting and assessing if and how the modifications (a) impact individuals’ privacy, and/or (b) introduce risk for UW.

 

Processor: the person or entity that performs Data Processing on behalf of the Controller.

 

Special Categories of Personal Data: any records or information relating to minors, older adults or seniors, criminal offenses, citizenship and/or immigration status, race or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data used to identify a natural person, health, sex life, or sexual orientation. Please note that Special Categories of Personal Data, as defined by EU GDPR, are narrower than the UW’s definition that appears in this Glossary.

 

Research: Per the UW Office of Research, an activity that meets either definition below:

First Definition: Research is a systematic investigation, including research development, testing, and/or evaluation, designed to develop or contribute to generalizable knowledge.

Second Definition: The activity is research if both of the following conditions are met:

*The intent of the activity is to develop information about a drug, medical device (including diagnostic tests), or biologic substance for submission to the federal Food and Drug Administration (FDA), and

*The activity involves the prospective physical use of drug, medical device (including diagnostic tests), or biologic substance, in a way that is not completely up to the discretion of a clinical practitioner.

University Personal Data or UPD: a term that appears in the PDPA and refers to any Personal Data that:

  1. Is created, received, or maintained by UW and transmitted to, accessed by, or otherwise made available to a Contractor in connection with the Contractor’s provision of goods or services to UW;
  2. Is created or compiled by the Contractor in providing goods or services to UW; or
  3. Is appended to, aggregated with, or associated with any University Personal Data originating from UW that was transmitted to or accessed by a Contractor in connection with the Contractor’s provision of goods or services to UW.