UW Privacy Office

Cross Data Domain

ADA: Americans with Disabilities Act

Americans with Disabilities Act of 1990

Title I protects the confidentiality of the medical condition or medical history of an applicant for employment or an employee.

Enforcement Authority
  • Department of Justice
  • Department of Labor
  • U.S. Equal Employment Opportunity Commission
  • Department of Education Office for Civil Rights
Subject Matter Expert(s)
  • Erin F Rice
  • Jill B Lee
Situation When an employee or applicant for employment requests accommodation for a disability, the nature of the disability and all associated medical records are confidential. Additionally, information related to disability that is gathered for the purpose of affirmative action reporting is also confidential.
Data Types Other Confidential
Data Sets (and Population) Medical Records, Disability, Affirmative Action Information (Employees, Employment Applicants)
Website ADA – Americans with Disabilities Act of 1990, As Amended

DMCA: Digital Millennium Copyright Act

Digital Millennium Copyright Act

The DMCA allows internet service providers to shield themselves from liability for copyright infringement due to infringing activity by users of the service provider’s networks. Owners of copyright materials, including record companies, movie studios and software manufacturers, routinely monitor internet traffic and identify IP addresses that are hosting or sharing files that appear to be unauthorized copies of the owner’s works.

Enforcement Authority United States Copyright Office
Subject Matter Expert(s) Helen B Garrett
Data Types Other Confidential
Data Sets (and Population) Copyright Protected Information
Website The Digital Millennium Copyright Act of 1998 (pdf)

ECPA: Electronic Communications Privacy Act

Electronic Communications Privacy Act

18 U.S. Code Chapter 121 – STORED WIRE AND ELECTRONIC COMMUNICATIONS AND TRANSACTIONAL RECORDS ACCESS and 18 U.S. Code Chapter 119 – WIRE AND ELECTRONIC COMMUNICATIONS INTERCEPTION AND INTERCEPTION OF ORAL COMMUNICATIONS are known as the Electronic Communications Privacy Act.

Enforcement Authority Law enforcement
Subject Matter Expert(s) TBD
Data Types Other Confidential
Data Sets (and Population)
  • Voice Mail
  • E-Mail
  • Telephone Records
Website

EOAA: Equal Employment Opportunity

Executive Order 11246 (Presidential Order) – Equal Employment Opportunity

Executive Order 11246, as amended, requires federal contractors and subcontractors to develop and maintain a federal affirmative action program to ensure equal opportunity is provided in all aspects of employment. In addition, it prohibits discrimination against job applicants or employees because of the person’s race, color, religion, national origin, sex, disability, and protected veterans. In addition, other federal and/or state laws and/or UW policies prohibit discrimination against job applicants or employees because of sexual orientation, age, gender identity or expression, citizenship, marital status, or genetic information. It is also illegal to discriminate against a person because the person complained about discrimination, filed a charge of discrimination, or participated in an employment discrimination investigation or lawsuit.

Enforcement Authority
  • U.S. Department of Labor
  • Office of Federal Contract Compliance Programs
Subject Matter Expert(s) TBD
Data Types Other Confidential
Data Sets (and Population)
  • Name, Discrimination Information (Employees, Employment Applicants)
  • Race, Name (Employees, Employment Applicants)
  • Name, Age (Employees, Employment Applicants)
  • Sex, Name (Employees, Employment Applicants)
  • Name, Sexual Orientation (Employees, Employment Applicants)
  • Genetic Information, Name (Employees, Employment Applicants)
  • Disability, Name (Employees, Employment Applicants)
  • Name, Ethnicity (Employees, Employment Applicants)
  • Name, Veteran Status (Employees, Employment Applicants)
  • Name, Marital Status (Employees, Employment Applicants)
  • Religion, Name (Employees, Employment Applicants)
Website Federal Contract Compliance – Executive Order 11246

EU GDPR: European Union General Data Protection Regulation

European Union General Data Protection Regulation

Broadly applies to data about persons who reside in the European Union. GDPR limits when and how organizations worldwide can collect, store, process, and use personal data. It also provides individuals with certain rights related to their personal data, including notice or consent, rights of access, and in some cases, requests for deletion.

Enforcement Authority n/a
Subject Matter Expert(s) Ann Nagel
Contact Email uwprivacy@uw.edu
Situation Any and all areas of the UW that collect or process (for example analyzing, storing, and deleting) personal data about persons who reside in the EU. Personal data is defined as any information relating to an identified or identifiable natural person who can be identified, directly or indirectly, by reference to: 1) Any identifier, such as name, ID, location data, online identifier; or 2) Factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.
Data Types
  • Research – Human Subjects
  • Credit Card
  • Healthcare
  • Student/Family Financial Aid
  • Children
  • Other Confidential
  • Student Academic
  • Research – Classified, Proprietary, and Restricted
Data Sets (and Population) n/a
Website EUR-Lex – Protection of Personal Data

FCRA: Fair Credit Reporting Act

Fair Credit Reporting Act

Regulates the collection, dissemination, and use of consumer information, including consumer credit information and public disclosures by consumer reporting agencies.

Enforcement Authority Federal Trade Commission
Subject Matter Expert(s) Andrew S Monusko
Data Types Other Confidential
Data Sets (and Population) Financial Account Information, Name
Website FTC – Credit Reporting

GINA: Genetic Information Non-Discrimination Act

Genetic Information Non-Discrimination Act of 2008

To prohibit discrimination on the basis of genetic information with respect to health insurance and employment. An individual’s genetic tests, the genetic tests of family members of such individual, and the manifestation of a disease or disorder in family members of such individual. Genetic test means an analysis of human DNA, RNA, chromosomes, proteins, or metabolites, that detects genotypes, mutations, or chromosomal changes.

Enforcement Authority Equal Employment Opportunity Commission
Subject Matter Expert(s) TBD
Data Types Other Confidential
Data Sets (and Population) n/a
Website EEOC – The Genetic Information Nondiscrimination Act of 2008

GLBA: Gramm-Leach-Bliley Act

Gramm-Leach-Bliley Financial Services Modernization Act

Mandated the Financial Privacy Rule requiring financial institutions to provide each consumer with a privacy notice at the time the consumer relationship is established and annually thereafter.

Enforcement Authority
  • Federal Trade Commission
  • Bureau of Consumer Protection
Subject Matter Expert(s) Andrew S Monusko
Data Types Other Confidential
Data Sets (and Population)
  • Name, Financial Account Information (Business Partners)
  • Financial Account Information, Name
Website FTC – Gramm-Leach-Bliley Act

Library User Identity

WAC 478-168-190 Disclosure of library user identity

Unless otherwise required by law, all library records that contain information about individual users of library services are confidential.

Enforcement Authority n/a
Subject Matter Expert(s) Kirsten J. Spillum
Data Types Other Confidential
Data Sets (and Population) Name, Library Records
Website WSL – WAC 478-168-190

Medical Benefits

The Privacy Act of 1974 – 552a. Records Maintained on Individuals

The Privacy Act of 1974 5 U.S.C. – 552a

Enforcement Authority n/a
Subject Matter Expert(s) TBD
Data Types Other Confidential
Data Sets (and Population) n/a
Website DOJ – Privacy Act of 1974

Notice of Security Breaches

RCW 42.56.590 Personal Information – Notice of Security Breaches

Requires any agency to notify WA residents if their specific personal information was reasonably believed to have been acquired by an unauthorized person and the information was not secured.

Enforcement Authority Washington State Attorney General
Subject Matter Expert(s) Ann Nagel
Data Types Other Confidential
Data Sets (and Population)
  • Financial Account Information,Name, Security Code
  • Name, Credit Card Number, Authentication Credentials
  • Name, Security Code, Credit Card Number
  • Driver’s License Number, Name
  • Name, Authentication Credentials, Financial Account Information
  • Social Security Number, Name
Website WSL – RCW 42.56.590

Personal Identifiers - SSN

RCW 28B.10.042 Personal identifiers – Use of social security numbers prohibited

Institutions of higher education shall not use the social security number of any student, staff, or faculty for identification except for the purposes of employment, financial aid, research, assessment, accountability, transcripts, or as otherwise required by state or federal law.

Enforcement Authority Washington State Attorney General
Subject Matter Expert(s)
  • Kay Lewis
  • Helen B Garrett
  • Rachel Gatlin
Data Types Other Confidential
Data Sets (and Population)
  • Name, Social Security Number, Financial Account Information (Employees, Students)
  • Social Security Number, Name (Employees, Students)
Website WSL – RCW 28B10.042

Red Flag Rules

Red Flag Rules

Requires the establishment of a written Identity Theft Prevention Program to protect existing consumers, reduce risk from identity fraud, and minimize potential damage from fraudulent new accounts with the least possible impact on business operations.

Enforcement Authority Federal Trade Commission
Subject Matter Expert(s)
  • Andrew S Monusko
  • Jane Yung
Data Types Other Confidential
Data Sets (and Population)
  • Financial Account Information, Name
  • Financial Account Information, Name (Patients)
Website FTC – Red Flag Rules