Kent Wada, UCLA's Chief Privacy Officer, Represents Privacy and Information Security Initiative Working Group

Tue, 13 Aug 2013 at 11:09

In June 2010, President Mark Yudof convened the UC Privacy and Information Security Steering Committee. He charged the committee with reviewing existing privacy and information security policies; developing a new overarching policy framework to address privacy and information security in the modern legal, technology, and social context; and providing updated guidance to assist the University community in meeting legal obligations to safeguard "protected" data while at the same time abiding by deeply held principles of privacy.

President Yudof tasked a Steering Committee made up of 28 members (including faculty, students, and administrators representing campuses and UCOP) to consider what is appropriate for UC in today’s world, and recommend:

  • An overarching privacy framework
  • Governance, implementation and accountability structures
  • Formal ongoing process to address technical and societal changes impacting privacy and information security
  • Specific actions to implement the framework

A Working Group, chaired by UCLA's Chief Privacy Officer Kent Wada, was formed to develop concepts and recommendations to the Steering Committee. The group consisted of 16 faculty and staff members representing key areas.

In February, the Privacy and Information Security Steering Committee provided President Yudof with recommendations about how the University should address related near-term policy issues and longer-term governance issues. Listed below are some of the recommendations listed in the final report:

  1. The report speaks to the University’s adoption of Statement of Privacy Values, Privacy Principles, and Privacy Balancing Test. These are the most basic conceptual building blocks underlying the University’s ability to fluently manage privacy issues. It is requested that the President initiate the action needed to have these items adopted by the University (similar to the Statement of Ethical Values and Standards of Ethical Conduct).
  2. The report speaks to a requirement for each campus to designate a privacy official – an operational point person to make privacy “visible,” to begin incorporating the Privacy Statement, Principles, and Balancing Test into the fabric of campus life; and to coordinate with peers systemwide. This designation does not require the creation of a new position, though the simple act of highlighting privacy likely will quickly reveal an unmet need. It is requested that the President initiate the action needed to have each Chancellor designate a privacy official for his or her campus.
  3. The report describes a model for governance through campus privacy and information security boards. However, allowing the University to gain experience with the implementation of the recommendations above will inform campus planning for achieving the goals articulated in the Steering Committee’s report – campuses will need flexibility, appropriately leveraging what they already have in place. It is requested that this overarching need be identified in communicating to the Chancellors as a longer-term goal.

The report has received presidential endorsement and the recommendations will be taken forward. To read more about the Privacy and Information Security Initiative, please visit the UCOP site