Cross Data Domain
Last updated on February 26, 2024
ADA: Americans with Disabilities Act
Last updated on February 26, 2024
Americans with Disabilities Act of 1990
Title I protects the confidentiality of the medical condition or medical history of an applicant for employment or an employee.
| Enforcement Authority |
|
| Subject Matter Expert(s) |
|
| Situation | When an employee or applicant for employment requests accommodation for a disability, the nature of the disability and all associated medical records are confidential. Additionally, information related to disability that is gathered for the purpose of affirmative action reporting is also confidential. |
| Data Types | Other Confidential |
| Data Sets (and Population) | Medical Records, Disability, Affirmative Action Information (Employees, Employment Applicants) |
| Website | ADA – Americans with Disabilities Act of 1990, As Amended |
DMCA: Digital Millennium Copyright Act
Last updated on February 26, 2024
Digital Millennium Copyright Act
The DMCA allows internet service providers to shield themselves from liability for copyright infringement due to infringing activity by users of the service provider’s networks. Owners of copyright materials, including record companies, movie studios and software manufacturers, routinely monitor internet traffic and identify IP addresses that are hosting or sharing files that appear to be unauthorized copies of the owner’s works.
| Enforcement Authority | United States Copyright Office |
| Subject Matter Expert(s) | Damien Koemans |
| Data Types | Other Confidential |
| Data Sets (and Population) | Copyright Protected Information |
| Website | The Digital Millennium Copyright Act of 1998 (pdf) |
ECPA: Electronic Communications Privacy Act
Last updated on February 26, 2024
Electronic Communications Privacy Act
18 U.S. Code Chapter 121 – STORED WIRE AND ELECTRONIC COMMUNICATIONS AND TRANSACTIONAL RECORDS ACCESS and 18 U.S. Code Chapter 119 – WIRE AND ELECTRONIC COMMUNICATIONS INTERCEPTION AND INTERCEPTION OF ORAL COMMUNICATIONS are known as the Electronic Communications Privacy Act.
| Enforcement Authority | Law enforcement |
| Subject Matter Expert(s) | TBD |
| Data Types | Other Confidential |
| Data Sets (and Population) |
|
| Website |
EOAA: Equal Employment Opportunity
Last updated on February 26, 2024
Executive Order 11246 (Presidential Order) – Equal Employment Opportunity
Executive Order 11246, as amended, requires federal contractors and subcontractors to develop and maintain a federal affirmative action program to ensure equal opportunity is provided in all aspects of employment. In addition, it prohibits discrimination against job applicants or employees because of the person’s race, color, religion, national origin, sex, disability, and protected veterans. In addition, other federal and/or state laws and/or UW policies prohibit discrimination against job applicants or employees because of sexual orientation, age, gender identity or expression, citizenship, marital status, or genetic information. It is also illegal to discriminate against a person because the person complained about discrimination, filed a charge of discrimination, or participated in an employment discrimination investigation or lawsuit.
| Enforcement Authority |
|
| Subject Matter Expert(s) | TBD |
| Data Types | Other Confidential |
| Data Sets (and Population) |
|
| Website | Federal Contract Compliance – Executive Order 11246 |
EU GDPR: European Union General Data Protection Regulation
Last updated on February 26, 2024
European Union General Data Protection Regulation
Broadly applies to data about persons who reside in the European Union. GDPR limits when and how organizations worldwide can collect, store, process, and use personal data. It also provides individuals with certain rights related to their personal data, including notice or consent, rights of access, and in some cases, requests for deletion.
| Enforcement Authority | n/a |
| Subject Matter Expert(s) | TBD |
| Contact Email | uwprivacy@uw.edu |
| Situation | Any and all areas of the UW that collect or process (for example analyzing, storing, and deleting) personal data about persons who reside in the EU. Personal data is defined as any information relating to an identified or identifiable natural person who can be identified, directly or indirectly, by reference to: 1) Any identifier, such as name, ID, location data, online identifier; or 2) Factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person. |
| Data Types |
|
| Data Sets (and Population) | n/a |
| Website | EUR-Lex – Protection of Personal Data |
FCRA: Fair Credit Reporting Act
Last updated on February 26, 2024
Fair Credit Reporting Act
Regulates the collection, dissemination, and use of consumer information, including consumer credit information and public disclosures by consumer reporting agencies.
| Enforcement Authority | Federal Trade Commission |
| Subject Matter Expert(s) | Andrew S Monusko |
| Data Types | Other Confidential |
| Data Sets (and Population) | Financial Account Information, Name |
| Website | FTC – Credit Reporting |
GINA: Genetic Information Non-Discrimination Act
Last updated on February 26, 2024
Genetic Information Non-Discrimination Act of 2008
To prohibit discrimination on the basis of genetic information with respect to health insurance and employment. An individual’s genetic tests, the genetic tests of family members of such individual, and the manifestation of a disease or disorder in family members of such individual. Genetic test means an analysis of human DNA, RNA, chromosomes, proteins, or metabolites, that detects genotypes, mutations, or chromosomal changes.
| Enforcement Authority | Equal Employment Opportunity Commission |
| Subject Matter Expert(s) | TBD |
| Data Types | Other Confidential |
| Data Sets (and Population) | n/a |
| Website | EEOC – The Genetic Information Nondiscrimination Act of 2008 |
GLBA: Gramm-Leach-Bliley Act
Last updated on February 26, 2024
Gramm-Leach-Bliley Financial Services Modernization Act
Mandated the Financial Privacy Rule requiring financial institutions to provide each consumer with a privacy notice at the time the consumer relationship is established and annually thereafter.
| Enforcement Authority |
|
| Subject Matter Expert(s) | Andrew S Monusko |
| Data Types | Other Confidential |
| Data Sets (and Population) |
|
| Website | FTC – Gramm-Leach-Bliley Act |
Library User Identity
Last updated on February 26, 2024
WAC 478-168-190 Disclosure of library user identity
Unless otherwise required by law, all library records that contain information about individual users of library services are confidential.
| Enforcement Authority | n/a |
| Subject Matter Expert(s) | Kirsten J. Spillum |
| Data Types | Other Confidential |
| Data Sets (and Population) | Name, Library Records |
| Website | WSL – WAC 478-168-190 |
Medical Benefits
Last updated on February 26, 2024
The Privacy Act of 1974 – 552a. Records Maintained on Individuals
The Privacy Act of 1974 5 U.S.C. – 552a
| Enforcement Authority | n/a |
| Subject Matter Expert(s) | TBD |
| Data Types | Other Confidential |
| Data Sets (and Population) | n/a |
| Website | DOJ – Privacy Act of 1974 |
Notice of Security Breaches
Last updated on February 26, 2024
RCW 42.56.590 Personal Information – Notice of Security Breaches
Requires any agency to notify WA residents if their specific personal information was reasonably believed to have been acquired by an unauthorized person and the information was not secured.
| Enforcement Authority | Washington State Attorney General |
| Subject Matter Expert(s) | TBD |
| Data Types | Other Confidential |
| Data Sets (and Population) |
|
| Website | WSL – RCW 42.56.590 |
Personal Identifiers - SSN
Last updated on February 26, 2024
RCW 28B.10.042 Personal identifiers – Use of social security numbers prohibited
Institutions of higher education shall not use the social security number of any student, staff, or faculty for identification except for the purposes of employment, financial aid, research, assessment, accountability, transcripts, or as otherwise required by state or federal law.
| Enforcement Authority | Washington State Attorney General |
| Subject Matter Expert(s) |
|
| Data Types | Other Confidential |
| Data Sets (and Population) |
|
| Website | WSL – RCW 28B10.042 |
Red Flag Rules
Last updated on February 26, 2024
Red Flag Rules
Requires the establishment of a written Identity Theft Prevention Program to protect existing consumers, reduce risk from identity fraud, and minimize potential damage from fraudulent new accounts with the least possible impact on business operations.
| Enforcement Authority | Federal Trade Commission |
| Subject Matter Expert(s) |
|
| Data Types | Other Confidential |
| Data Sets (and Population) |
|
| Website | FTC – Red Flag Rules |