UW Privacy Office

Learn About Data

Last updated on July 25, 2023

ON THIS PAGE:


Overview

In order to protect individuals’ privacy, UW personnel and units must first understand what personal data is, the various classifications, and the various categories of high-risk data processing. It is also necessary to understand the data classification process for new types of data. With this knowledge, UW personnel will be better prepared to assess and manage risk – and effectively minimize the risk of harm.

Learn about personal data

Please visit the following resources to learn about personal data:

  • Personal Data, Data Classifications, and Data Structures – Provides an overview of personal data. From there, you can read about data classifications, data taxonomies, and high-risk data processing categories.
  • Glossary of Privacy Terms – Provides definitions about the common terms used on the UW Privacy Office website and resources.
  • Education – Our professional development curriculum offers training on foundational and specialized privacy-related topics, all of which relate to personal data.

Data classification process

The UW Privacy Office oversees and manages the data classification structure and process to support UW units in meeting their ethical and legal responsibilities. These data categories and the data classification process are intended to help UW units clarify and prioritize the minimum privacy and information security protections.

Based on APS 2.2, UW units are required to classify personal data as confidential, special categories, restricted, or public information when needed to convey the level of risk and corresponding data protection that must be applied to the data. When a data classification isn’t apparent, escalate the need for a data classification for a specific data element to the University Privacy Office. UW units that are utilizing personal data in their data processing activities may need to inventory the related third-party relationship, system, and/or business process, as well as complete a privacy impact assessment or implement additional controls for protecting the data.

Data classification request process

Upon receiving a request to classify data, the Privacy Office will:

  1. Review the purpose and intended use of data with UW colleague who is requesting clarification.
  2. Consult with subject matter experts and Attorney General’s Office (as needed) to assess the regulatory and contractual requirements associated with the data.
  3. Consider whether the data element may present a risk of harm to individuals if disclosed to unintended audiences or unauthorized individuals or whether individuals may have a reasonable expectation of privacy.
  4. Evaluate if the combination or removal of data elements from a data set may change the data classification.
  5. Consult with the Privacy Steering Committee (as needed).
  6. Determine data classification.
  7. Inform UW colleague, who is requesting clarification, about the outcome and data classification. For more information, contact uwprivacy@uw.edu.