CINXE.COM

<!DOCTYPE html>   <html lang="en" dir="ltr" prefix="content: http://purl.org/rss/1.0/modules/content/ dc: http://purl.org/dc/terms/ foaf: http://xmlns.com/foaf/0.1/ og: http://ogp.me/ns# rdfs: http://www.w3.org/2000/01/rdf-schema# sioc: http://rdfs.org/sioc/ns# sioct: http://rdfs.org/sioc/types# skos: http://www.w3.org/2004/02/skos/core# xsd: http://www.w3.org/2001/XMLSchema#">  <head> <meta http-equiv="X-UA-Compatible" content="IE=edge">  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta name="Generator" content="Drupal 7 (http://drupal.org)" /> <link rel="canonical" href="/resources/privacy-balancing-assessments" /> <link rel="shortlink" href="/node/24" /> <link rel="shortcut icon" href="https://privacy.yale.edu/sites/all/themes/yalenew_base/images/favicon.ico" type="image/vnd.microsoft.icon" /> <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=10, minimum-scale=1, user-scalable=yes" /> <title>Privacy Balancing Assessments | University Privacy Office </title>  <link rel="shortcut icon" sizes="16x16 24x24 32x32 48x48 64x64" href="https://privacy.yale.edu/sites/all/themes/yalenew_base/images/favicon.ico" type="image/vnd.microsoft.icon"> <link rel="icon" sizes="228x228" href="/sites/all/themes/yalenew_base/images/touch-icon-228.png"> <link rel="apple-touch-icon-precomposed" sizes="228x228" href="/sites/all/themes/yalenew_base/images/touch-icon-228.png"> <link type="text/css" rel="stylesheet" href="https://privacy.yale.edu/sites/default/files/css/css_xE-rWrJf-fncB6ztZfd2huxqgxu4WO-qwma6Xer30m4.css" media="all" /> <link type="text/css" rel="stylesheet" href="https://privacy.yale.edu/sites/default/files/css/css_Pom4wGAzS3jaM9pQc-jho03hH8io-PfDtvNGOLlhxME.css" media="all" /> <link type="text/css" rel="stylesheet" href="https://privacy.yale.edu/sites/default/files/css/css_8gPpL832lFv1SpBPuNiMMo16aM72v9d5__21_YnVjXI.css" media="all" /> <link type="text/css" rel="stylesheet" href="//maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css" media="all" /> <link type="text/css" rel="stylesheet" href="https://privacy.yale.edu/sites/default/files/css/css_4p66Ha43jfR6LpgBV-7xw6q2NxPB3zxKg9igJIUIBwY.css" media="all" />   <link type="text/css" rel="stylesheet" href="https://privacy.yale.edu/sites/default/files/css/css_059BxwQdO3W6gC_prw0ohrQj1fWv8MiFJkqt4YP0qJk.css" media="all" />  <script type="text/javascript" src="https://privacy.yale.edu/sites/all/libraries/respondjs/respond.min.js?s9hdfl"></script> <script type="text/javascript"> <![CDATA[//><!]]> </script> <script type="text/javascript" src="//ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js"></script> <script type="text/javascript"> <![CDATA[//><!]]> </script> <script type="text/javascript" src="https://privacy.yale.edu/sites/default/files/js/js_Hfha9RCTNm8mqMDLXriIsKGMaghzs4ZaqJPLj2esi7s.js"></script> <script type="text/javascript" src="https://privacy.yale.edu/sites/default/files/js/js_onbE0n0cQY6KTDQtHO_E27UBymFC-RuqypZZ6Zxez-o.js"></script> <script type="text/javascript" src="https://privacy.yale.edu/sites/default/files/js/js_DTAfYFrWdyPCGwWtVg2VmSbP1KqFAlfZyeAcFZTbiNY.js"></script> <script type="text/javascript" src="https://www.googletagmanager.com/gtag/js?id=UA-218200359-2"></script> <script type="text/javascript"> <![CDATA[//><!]]> </script> <script type="text/javascript" src="https://privacy.yale.edu/sites/default/files/js/js_UNPtX_ZGxcpSkJyp8ls50mHCG5a_tcqRFqN4KjkfLso.js"></script> <script type="text/javascript"> <![CDATA[//><!]]> </script> </head> <body class="html not-front not-logged-in page-node page-node- page-node-24 node-type-page yalenew-standard context-resources one-sidebar sidebar-first"> <aside role='complementary' id="skip-link" aria-label="Skip to main content"> <a href="#main-content" class="element-invisible element-focusable">Skip to main content</a> </aside> <div class="region region-page-top" id="region-page-top"> <div class="region-inner region-page-top-inner"> </div> </div> <div class="page clearfix" id="page"> <header id="section-header" class="section section-header" role="banner"> <div id="zone-topper-wrapper" class="zone-wrapper zone-topper-wrapper clearfix yalenew-standard-topper"> <div id="zone-topper" class="zone zone-topper clearfix container-12"> <div class="grid-3 region region-topper-first" id="region-topper-first"> <div class="region-inner region-topper-first-inner"> <div class="topper-logo"><a href="http://www.yale.edu" class="y-icons y-yale y-univ"><span class="element-invisible">Yale University</span></a> </div> <div id="moved-main-nav-wrapper"> <button aria-expanded="false" id="nav-ready" class="nav-ready"><span class="element-invisible">Open Main Navigation</span></button> <div id="moved-main-nav" class="moved-main-nav" data-set="append-main-nav"></div> <button aria-expanded="true" id="nav-close" class="nav-close nav-hidden"><span class="element-invisible">Close Main Navigation</span></button> </div> </div> </div> <div class="grid-9 region region-topper-second" id="region-topper-second"> <div class="region-inner region-topper-second-inner"> <div class="block block-search block-form block-search-form odd block-without-title" id="block-search-form"> <div class="block-inner clearfix"> <div class="content clearfix"> <form class="search-form" role="search" aria-label="Site Search" action="/resources/privacy-balancing-assessments" method="post" id="search-block-form" accept-charset="UTF-8"><div><div class="container-inline"> <div class="form-item form-type-textfield form-item-search-block-form"> <label for="edit-search-block-form--2"><i class="fa fa-search"></i> </label> <input title="Enter the terms you wish to search for." class="custom-search-box form-text" placeholder="Search this site" type="text" id="edit-search-block-form--2" name="search_block_form" value="" size="15" maxlength="128" /> </div> <div class="form-actions form-wrapper" id="edit-actions"><input style="display:none;" type="submit" id="edit-submit" name="op" value="" class="form-submit" /></div><input type="hidden" name="form_build_id" value="form-cempk-T2qFAMov55wlGso22vcLPu_SlCOILX4HMBvko" /> <input type="hidden" name="form_id" value="search_block_form" /> </div> </div></form> </div> </div> </div> </div> </div> </div> </div><div id="zone-branding-wrapper" class="zone-wrapper zone-branding-wrapper clearfix"> <div id="zone-branding" class="zone zone-branding clearfix container-12"> <div class="grid-10 region region-branding" id="region-branding"> <div class="region-inner region-branding-inner"> <div class="branding-data clearfix"> <h2 class="site-name"><a href="/" title="Home">University Privacy Office </a></h2> </div> </div> </div> </div> </div></header> <main id="section-content" class="section section-content" role="main"> <div id="section-content-inner"> <div id="zone-menu-wrapper" class="zone-wrapper zone-menu-wrapper clearfix"> <div id="zone-menu" class="zone zone-menu clearfix yale-standard-menu container-12"> <div id="original-main-nav-wrapper"> <div id="original-main-nav" data-set="append-main-nav"> <div id="main-nav"> <div class="grid-12 region region-menu" id="region-menu"> <div class="region-inner region-menu-inner"> <nav id="main-menu-navigation" role="navigation" aria-label="Main Menu" class="navigation"> <div class="block block-system block-menu block-main-menu block-system-main-menu odd block-without-title" id="block-system-main-menu"> <div class="block-inner clearfix"> <div class="content clearfix"> <ul class="menu"><li class="first leaf menu-home"><a href="/">Home</a></li> <li class="expanded active-trail menu-resources"><a href="/resources" class="active-trail">Resources</a></li> <li class="last leaf menu-protecting-your-privacy"><a href="/protecting-your-privacy">Protecting Your Privacy</a></li> </ul> </div> </div> </div> </nav> </div> </div> </div> </div> </div> </div> </div> <div id="zone-content-wrapper" class="zone-wrapper zone-content-wrapper clearfix"> <div id="zone-content" class="zone zone-content clearfix container-12"> <div id="breadcrumb" class="grid-12"><nav class="breadcrumb" role="navigation" aria-label="You are here"><a href="/">Home</a><span class="tic"> > </span><a href="/resources">Resources</a><span class="tic"> > </span>Privacy Balancing Assessments</nav></div> <div id="moved-sidenav-wrapper" class="moved-sidenav-wrapper grid-12"> <div id="moved-sidenav" class="moved-sidenav" data-set="append-sidenav"></div> </div> <div class="grid-9 push-3 region region-content" id="region-content"> <div class="region-inner region-content-inner"> <a id="main-content" tabindex="-1"></a> <h1 class="title" id="page-title">Privacy Balancing Assessments </h1> <div class="block block-system block-main block-system-main odd block-without-title" id="block-system-main"> <div class="block-inner clearfix"> <div class="content clearfix"> <article about="/resources/privacy-balancing-assessments" typeof="foaf:Document" class="node node-page node-published node-not-promoted node-not-sticky author-2 odd clearfix" id="node-page-24">  <span property="dc:title" content="Privacy Balancing Assessments" class="rdf-meta element-hidden"></span><span property="sioc:num_replies" content="0" datatype="xsd:integer" class="rdf-meta element-hidden"></span> <div class="content clearfix"> <div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"><p><strong>Introduction<a href="#_ftn1" name="_ftnref1" title="" id="_ftnref1"><strong>[1]</strong></a></strong></p> <p>Yale has launched procedures for reviewing requests for the collection and secondary use of personally identifiable information (PII) held by the University. In particular, this document describes the factors to be considered in assessing whether a detriment to privacy is warranted in light of the anticipated benefit of the proposed use.</p> <p>The University must balance its respect for individual privacy with its legal, policy, and administrative obligations and its academic interests. As used here, privacy includes (i) an individual’s ability to conduct activities unobserved and without fear of surveillance and (ii) the appropriate protection, use, and disclosure of information about individuals. Unconstrained use of University data poses risks of data uses in violation of University policy as well as regulatory and data subject expectations.</p> <p>This document proposes a Privacy Balancing Process that will examine proposals for collecting and using data to ensure they align with University privacy principles and sound practices of higher education, including the Fair Information Practice Principles (FIPPs). Yale’s collection and use of data is largely guided by sound moral and ethical principles. This process is being established so that Yale uses a documented, repeatable process to evaluate proposals for the secondary use of data.</p> <p><strong>Privacy Balancing Process</strong></p> <p>The table below defines the factors to be considered in determining whether the benefits of a proposed data collection or use outweigh the potential detriment to privacy.</p> <table border="0" cellpadding="0" cellspacing="0" style="width:624px" width="624"> <tbody> <tr> <td> <p><strong>Factor</strong></p> </td> <td> <p><strong>Definition</strong></p> </td> <td> <p><strong>Privacy Objective</strong></p> </td> </tr> <tr> <td> <p>Utility </p> </td> <td> <p>The purposes and benefits of the data collection or use.</p> </td> <td> <p>The proposed activity should be sufficiently likely to achieve its stated benefits. </p> </td> </tr> <tr> <td> <p>Alternatives</p> </td> <td> <p>Other means to achieve the purposes and benefits of the activity. </p> </td> <td> <p>The proposed activity should be the alternative that imposes the least burden on privacy interests.</p> </td> </tr> <tr> <td> <p>Data Minimization</p> </td> <td> <p>Data to be collected or used is limited to that which is directly relevant and necessary to accomplish the activity.</p> </td> <td> <p>The data collected or used should be constrained to the minimum necessary to achieving the documented goal.</p> </td> </tr> <tr> <td> <p>Access and Disclosure</p> </td> <td> <p>The means by which the data will be examined (e.g., automated or manual) and the number of people who will have access to the data, including practices undertaken to minimize further disclosure or unrelated uses.</p> </td> <td> <p>The data should be available to the fewest number of people necessary to achieve the purpose of the activity.</p> </td> </tr> <tr> <td> <p>Retention Period</p> </td> <td> <p>The length of time the data will be retained.</p> </td> <td> <p>Data should be retained for the minimum time necessary to achieve the purpose of the activity.</p> </td> </tr> <tr> <td> <p>Security</p> </td> <td> <p>Protection of the data from improper use, access, disclosure, or alteration.</p> </td> <td> <p>Data should be physically and electronically secured, both while in use and in storage.</p> </td> </tr> <tr> <td style="height:74px"> <p>Transparency & Accountability</p> </td> <td style="height:74px"> <p>Publication of data collection and use practices, preservation of records of data collection and use, and monitoring of compliance with published practices.</p> </td> <td style="height:74px"> <p>Subjects of data collection and use should be informed of data collection and use practices, and supervisors should have the records and tools necessary to monitor compliance.</p> </td> </tr> <tr> <td style="height:74px"> <p>Compliance</p> </td> <td style="height:74px"> <p>Use of data in accordance with applicable legal, regulatory, policy, contractual, and ethical requirements.</p> </td> <td style="height:74px"> <p>Data should be used in accordance with applicable requirements.</p> </td> </tr> </tbody> </table> <p><strong>Practices not subject to privacy balancing</strong></p> <p>Most existing data uses will not require review through the Privacy Balancing process because they involve widely accepted activities and are considered to be standard practices necessary to meet the operational needs of an academic institution. To be considered an accepted practice, meaningful notice of these standard practices is either provided to the data subjects or the activity is commonly expected, such as security cameras in public locations. University officials authorized to grant access to University information (see Yale Policy 1601 Information Access and Security) are considered to be the Data Stewards of their respective institutional data and should develop written documentation of what constitutes accepted practices for the data under the Stewards’ purview and submit the documentation to the Privacy Office (<a href="https://yalesurvey.ca1.qualtrics.com/jfe/form/SV_cOUmSWWIHybgRfw">submit online here</a>). Where appropriate, the data uses should be included in the university privacy statement or a unit-specific notice. Only data uses not included in the accepted practices document would need further review as described here.</p> <p>The following are some examples of monitoring practices and data uses that do not require further review through the Privacy Balancing Process. Note that this is not intended to be an all-encompassing list but serves to provide examples of standard practices which wouldn’t require further review.</p> <p>· Monitoring of web sites and traffic to determine website engagement and anonymous web browsing metrics. (For more info see <a href="https://privacy.yale.edu/resources/privacy-statement">Yale Privacy Notice</a> section g2)</p> <p>· Tracking signed-out library resources for purposes of managing library resources.</p> <p>· Email traffic patterns, such as flow to and from servers and packet size leaving the University network, used to identify malicious activity. </p> <p>· Security cameras in public locations for promoting campus safety.</p> <p>· Caching of student financial information for the purpose of providing financial aid, creating billing statements, direct deposit, etc.</p> <p>· Review of systems and system logs as necessary to enforce university policies and applicable legal requirements when authorized by the Office of the General Counsel.</p> <p>· Review of de-identified data where there is no reasonable means to identify an individual or group, and the monitoring unit and anyone to whom the data may be shared attests that data will not be re-identified and will not be joined with identified data.</p> <p>· Use of data consistent with the data subject’s explicit, freely-given consent for the data collection or use.</p> <p>· Data collection or use approved by an Institutional Review Board authorized by the Yale Human Research Protections Program in accordance with Yale human research protection policies.</p> <p><strong>Governance & Approvals</strong></p> <p>Data Stewards and their data managers are responsible for review of proposed data requests to determine if the request is within the scope of documented accepted uses or widely accepted data practices relevant to the data under their purview. Proposed data uses outside the bounds of documented accepted uses should be reviewed with respect to the Privacy Balancing Factors by the Data Steward and where appropriate, escalated to the Privacy Officer or the Privacy Advisory Council. Review mechanisms include expedited approval by the University Privacy Officer or may be escalated for full review by the Data Governance Executive Council or the <a href="https://privacy.yale.edu/resources/privacy-advisory-council">Privacy Advisory Council (PAC)</a> who may approve or deny the request. </p> <p>Expedited Review:</p> <p>Expedited review process are appropriate for data collection and use involving low risk activities including:</p> <p>· Internal use of aggregate data where the identities are adequately obscured;</p> <p>· Security monitoring of high-risk data (see <a href="https://cybersecurity.yale.edu/data-classification">https://cybersecurity.yale.edu/data-classification</a>) including monitoring data traffic to or from high risk systems with the goal of ensuring the enhanced protections needed for high risk data held on University systems or networks.</p> <p>· Time-sensitive requests such as public health and campus safety emergencies, or cybersecurity incidents which will be exacerbated by delay. These requests may be provisionally approved pending a full review by the Privacy Advisory Council or Data Governance Executive Council.</p> <p>Full Review:</p> <p>Data requests not eligible for expedited review are those outside the normal expectations of the data subjects and merit review by a broadly-constituted institutional authority such as the Privacy Advisory Council or Data Governance Executive Council. Where appropriate, such review will include consultation with individuals or organizations representative of the anticipated data subjects such as students, faculty or staff. In cases with broad impact, the reviewing Council may require that the proposed data use be circulated to the Yale community for comment. Outcomes of review will be provided to the data requestor, including any limitations on the proposal or the rationale for denial as appropriate.</p> <p>Appeal Process:</p> <p>Requestors may resubmit a request provided that the resubmission is responsive to the vetting committee’s initial concerns. In the event there is a vehement disagreement on the vetting decision the issue may be escalated to the Audit, Risk, and Compliance Committee for adjudication</p> <div>Version March 2023 <hr /> <div> <p><a href="#_ftnref1" name="_ftn1" title="" id="_ftn1">[1]</a> This process is built off the pioneering work of The University of California Privacy and Information Security Initiative Steering Committee described in their 2013 report at <a href="https://www.ucop.edu/privacy-initiative/uc-privacy-and-information-security-steering-committee-final-report.pdf">https://www.ucop.edu/privacy-initiative/uc-privacy-and-information-security-steering-committee-final-report.pdf</a></p> </div> </div> </div></div></div> </div> <div class="clearfix"> <nav class="links node-links clearfix"></nav> </div> </article> </div> </div> </div> </div> </div> <div class="grid-3 pull-9 region region-sidebar-first sidebar yale-standard-sidebar" id="region-sidebar-first"> <div class="region-inner region-sidebar-first-inner"> <div class="original-sidenav" data-set="append-sidenav"> <div id="additional-nav" class="addnav-ready"> <span class="additional-nav-button"><a id="additional-nav-button" role="button" aria-expanded="false" tabindex="0"><span class="ready">Additional Navigation</span><span class="close">Close</span></a></span> <nav class="block block-menu-block block-1 block-menu-block-1 odd block-without-title" id="block-menu-block-1" role="navigation"> <div class="block-inner clearfix"> <div class="content clearfix"> <div class="menu-block-wrapper menu-block-1 menu-name-main-menu parent-mlid-0 menu-level-2"> <ul class="menu"><li class="first leaf menu-mlid-1069 menu-covid-19"><a href="/resources/covid-19">COVID 19</a></li> <li class="leaf menu-mlid-953 menu-data-stewardship"><a href="/stewardship">Data Stewardship</a></li> <li class="leaf menu-mlid-1087 menu-privacy-advisory-council"><a href="/resources/privacy-advisory-council">Privacy Advisory Council</a></li> <li class="leaf active-trail active menu-mlid-1258 menu-privacy-balancing-assessments"><a href="/resources/privacy-balancing-assessments" class="active-trail active-trail active">Privacy Balancing Assessments</a></li> <li class="leaf menu-mlid-1071 menu-privacy-statement"><a href="/resources/privacy-statement">Privacy Statement</a></li> <li class="last leaf menu-mlid-1070 menu-sharing-data"><a href="/resources/sharing-data">Sharing Data</a></li> </ul></div> </div> </div> </nav> </div> </div> </div> </div> </div> </div> </div> </main> <footer id="section-footer" class="section section-footer" role="contentinfo"> <div id="zone-footer-wrapper" class="zone-wrapper zone-footer-wrapper clearfix"> <div id="zone-footer" class="zone zone-footer clearfix container-12"> <div class="grid-2 region region-footer-first" id="region-footer-first"> <div class="region-inner region-footer-first-inner"> <div class="footer-logo"><a href="http://www.yale.edu" class="y-icons y-yale y-mark"><span class="element-invisible">Yale</span></a></div> </div> </div> <div class="grid-6 region region-footer-second" id="region-footer-second"> <div class="region-inner region-footer-second-inner"> <p class="copyright spacer"> <a href="https://usability.yale.edu/web-accessibility/accessibility-yale">Accessibility at Yale</a> · <a href="http://www.yale.edu/privacy-policy">Privacy policy</a> <br> Copyright © 2024 Yale University · All rights reserved </p> </div> </div> <div class="grid-4 region region-footer-third" id="region-footer-third"> <div class="region-inner region-footer-third-inner"> <div class="block block-menu sharing block-menu-social-buttons block-menu-menu-social-buttons odd block-without-title" id="block-menu-menu-social-buttons"> <div class="block-inner clearfix"> <div class="content clearfix"> <ul class="menu"><li class="first leaf menu-facebook"><a href="https://www.facebook.com/YaleUniversity" class="fa fa-facebook-square"><span>Facebook</span></a></li> <li class="leaf menu-twitter"><a href="http://www.twitter.com/yale" class="fa fa-twitter"><span>Twitter</span></a></li> <li class="leaf menu-itunes"><a href="http://itunes.yale.edu" class="fa fa-apple"><span>iTunes</span></a></li> <li class="leaf menu-youtube"><a href="http://www.youtube.com/yale" class="fa fa-youtube-play"><span>YouTube</span></a></li> <li class="leaf menu-sina-weibo"><a href="http://weibo.com/yaleuniversity" class="fa fa-weibo"><span>Sina Weibo</span></a></li> <li class="last leaf menu-tumblr"><a href="http://yaleuniversity.tumblr.com" class="fa fa-tumblr-square"><span>Tumblr</span></a></li> </ul> </div> </div> </div> </div> </div> </div> </div></footer> </div> <div class="region region-page-bottom" id="region-page-bottom"> <div class="region-inner region-page-bottom-inner"> </div> </div> <script type="text/javascript"> <![CDATA[//><!]]> </script> <script type="text/javascript" src="https://privacy.yale.edu/sites/default/files/js/js_JMVekk522eOkII71K9F5yD4Su-iRqPdTR_-LxjPAtMk.js"></script> </body> </html>