Data Privacy

One important aspect of data literacy is the careful consideration of data privacy. There are several ways to respect an individual’s data privacy, including considering applicable laws, upholding the university’s privacy principles and reaching out to university privacy professionals with any questions.   

Legal Considerations                  

While the United States does not yet have a sweeping general privacy law like the European Union’s General Data Protection Regulation (GDPR), there are privacy laws that apply to specific types of data we use every day at Ohio State.   

One example is the Family Educational Rights and Privacy Act (FERPA), which provides privacy protections for student data. Similarly, the Health Insurance Portability and Accountability Act (HIPAA) protects sensitive personal and medical information at the Wexner Medical Center.  

When thinking through how to approach any type of question related to accessing and/or protecting data, start by considering the steps you must take to make sure you are following any applicable law(s). 

Privacy Principles   

Ohio State's Privacy Program is grounded in privacy regulations and privacy-related best practices.  Being aware of and considering the university’s privacy principles is an important aspect of data literacy. The university's privacy principles are rooted in our values and reflect requirements found in most privacy-related laws.    

Ohio State's Privacy Principles  

  1. We provide notice that explains how we collect, use and share personal information. We don’t use it for other purposes.  

  1. We provide and honor choices when collecting personal information for marketing purposes.  

  1. We make it easy for individuals to access and request corrections to their personal information.  

  1. We implement new technologies using privacy-by-design.  

  1. We secure personal information and investigate reports of unauthorized or inappropriate access to personal information.  

  1. We create, educate and lead best practices and compliance across our communities.  

These privacy principles are used in many ways, including guiding decision making when facing privacy concerns that are not addressed by current laws or regulations.   

Privacy Impact Assessments  

A Privacy Impact Assessment (PIA) is a tool used to evaluate whether access, use or disclosure of specific data meets regulatory requirements and privacy standards.   

PIAs help you consider questions like what data is being collected, who will see the data, where the data will be stored, what the purpose of collecting the data is and how the data will be used. Other considerations include whether notice is given to the data subject about who will see the data, how the data will be secured and how long the data will be retained. This information would then be reviewed by Privacy Program staff from the standpoint of a risk benefit analysis so that they can ensure privacy protections are in place.   

Reach out to the Privacy team at privacy@osu.edu for more information about PIAs.  

Learn More 

The Privacy team is always happy to work with you to address any questions you may have regarding the access, use and disclosure of data. Please don’t hesitate to email the team at privacy@osu.edu. You can also find out more information about many topics related to the university and privacy by visiting the Privacy Program website.