Privacy Pros

The Privacy Program’s goal is to develop a network of Privacy Pros across the university to keep Ohio State thinking about and upholding our privacy principles. Privacy Pros are faculty or staff members who:

  • Spot and work with university teams to address privacy issues in their daily work,
  • Collaborate with others around the university to drive solutions that balance privacy and unit strategies,
  • Implement and report on their unit’s privacy practices, and
  • Have fun while making a difference protecting the privacy of everyone who learns, teaches, works, visits, heals and supports Ohio State.

 

Want to become a Privacy Pro?

To join, contact the privacy team at privacy@osu.edu. We’ll connect with you and share more info.

Will I get any training on how to be a Privacy Pro?

The privacy team will hold regular meetings to talk about privacy issues and information relevant to Privacy Pros. During those meetings, we will provide training on privacy issues and solutions that affect Ohio State as well as discuss emerging privacy issues with others on the team.

What is the different between privacy and security?

Privacy is the collection, use, and sharing of personal information. Security is typically related to the steps taken to secure the container in which personal information data sits. While the two often overlap, there are distinct differences and that is why we approach the two topics both together and separately in our privacy work.

Why are there privacy questions in the security framework?

Our goal of the Privacy Program is to embed privacy across the university in the most streamlined and effective way possible. While integrating privacy into a well-established, university-wide security program will require some work, the approach provides for long-term efficiencies and high impact for Ohio State.

 

Roles and Responsibilities

Promote Privacy in Your Unit

Privacy Pros implement privacy practices within their unit.

SMS and Texting

The SMS and Texting Governance Group helps units implement texting programs. To get started, email privacy@osu.edu and review the Texting Privacy Recommendations.

Cookies and Trackers

Some Ohio State websites use cookies and pixels that track individuals across websites. Those websites must implement the OneTrust cookie banner and link to the Ohio State privacy statement (URL should be go.osu.edu/privacy) in the footer of each webpage.

Video and Audio Recordings

Units use and implement a variety of apps and tools that have the capability of recording individuals. Follow the Guidelines for Video and Audio Sharing Tools – Classrooms and Meetings to get started on a privacy impact assessment for these tools.

Processing Personal Information of EU or EEA residents (GDPR)

The GDPR expands privacy protections for residents of the EU or EEA and imposes obligations on any organization that collects, uses, shares or otherwise processes those residents’ personal information.

 

Conduct Privacy Impact Assessments

When conducting a Privacy Impact Assessment, Privacy Pros consider:

  • The Ohio State Privacy Principles, privacy best practices and applicable regulations,
  • Privacy notices or statements provided to individuals,
  • Privacy practices of third-party solutions or providers who are part of the implementation, and
  • Other university policies or requirements.

Go to Privacy Impact Assessement Tool  |  Privacy Impact Assessment Tool Training

 

Report Privacy Control Requirements Attestation

The privacy team has published privacy control requirements as the first step in learning more about units’ privacy practices. Privacy Pros will begin by learning about the privacy control requirements and then how to assess their unit’s privacy practices. Guidance documents and templates will be posted right here to help you along your unit’s privacy journey.

View the Privacy Control Requirements Adherence Questions

Please note: For FY21 and FY22, the privacy attestation questions are in pilot. The responses to these questions will not factor into the scoring for the information security control requirements attestation (ISCR.a).