Generally Accepted Privacy Principles

Local, national, and international organizations have established laws, regulations, and guidelines to protect individual’s privacy, which includes the following Generally Accepted Privacy Principles:

1. Management – The University must have Privacy policies and procedures that are defined and documented.  An individual or an area must take responsibility and be accountable for the implementation and enforcement of these policies and procedures.
2. Notice – The University should provide notice about its privacy policies and procedures.  In addition, the University should identify the purposes for which personal information is collected, used, retained, and disclosed.
3. Choice and consent – The University should explain the use of data to individuals and obtain consent (where appropriate).
4. Collection – Information should only be collected and used in accordance with the University notice.  Specific notices that speak to specific procedures should be developed as needed.
5. Use, retention, and disposal – The University should limit the use of personal information to the uses described in the notice and to the used included in the consent.  The University should retain personal information for only as long as necessary to fulfill states purposes or as required by law or regulations.  Such information should be disposed of thereafter.
6. Access – The University should provide individuals with access to their personal information for review and updating.
7. Disclosure to third parties – The University discloses personal information to third parties in accordance with relevant rules and regulations, in accordance with the purposes identified in the notice, and with implicit or explicit consent for the individual.
8. Security for privacy – The University protects personal information from unauthorized access, both physical and electronic, by considering intentional and unintentional disclosures.
9. Quality – The University maintains accurate, complete, and relevant personal information according to the purposes identified in the notice.
10. Monitoring and enforcement – The University monitors compliance with its privacy policies and procedures and has procedures in place to address any complaints, violations, or disputes related to privacy.