UW Privacy Office

Principles

UW Privacy Principles

For a World of Good

The definition and perception of privacy is not the same for different geographic regions, cultures, generations, or individuals – what one person, organization, or governing body is comfortable sharing may make others uncomfortable. Our boundless efforts in teaching, research, and service compel us to think about how our interactions and use of information, whether parsed or combined, impact individuals’ privacy.

  • Geography – addresses, surveillance, personal locations or space, geo-spatial data, etc.
  • Identity – biometrics, financial accounts, social security numbers, etc.
  • Health – protected health information, genetics, health accommodations, physiology, etc.
  • Behavior or Actions – political views, religious beliefs, interests, affiliations, status, etc.
  • Technology – Internet of Things (IoT), artificial intelligence, online identifiers, unmanned aerial systems or drones, etc.
  • Demography – economic, social, cultural, citizenship, ethnicity, ancestry, etc.
  • Communications – voice, electronic, print, etc.
  • Images – photos, videos, scans, etc.


Privacy Principles

Due Care

Understand how UW’s global presence relates to geographical privacy requirements for protecting individuals’ privacy.

‘Due care’ refers to the effort made by a reasonable party to avoid harm to another, under any given circumstance. The due care concept, while simple, is critically important to ensuring the careful stewardship of the information.

Limited Data

Collect and use only what data are needed to provide the product or service, and de-identify whenever possible or appropriate.

‘Limited Data’ means thinking carefully about what data are required to fulfill a specific operation, project, or system and collecting only the necessary data elements. This includes review of the intended uses and doing our best to forecast and manage the unintended uses of information.

Protection

Respect and protect the data we collect using multi-layered controls and practices.

‘Protection’ means thinking about layered and compensating controls to safeguard the identifiable information. This includes collaborating with and advising colleagues on ways to balance privacy risk; considering de-identification, anonymization, obfuscation; implementing technical controls such as encryption and role-based access controls; and securing the physical location and storage of information.

Transparency

Use and share information only as we say will. Provide education about data collection and use, publication, and public records disclosure and exemptions.

‘Transparency’ means many things and can be difficult to succinctly define. Nonetheless, it embodies the ideas that the UW will endeavor to overtly state what data is collected, how it is used, and how it is shared.

User Choice

Provide user control or “choice” over the data collected about them whenever possible. Enable ability to correct data, do not impede on users’ rights to use encryption or anonymization services.

‘User Choice’ means providing users control and choice, whenever required or possible, about the collection and use of their identifiable information. The choices available are often extremely dependent upon the circumstance under which data is collected. We will always endeavor to make your choices clear and manageable, and to provide information about when a choice is possible using either Opt-Out or Opt-In principles.