The University of Utah is stepping up its privacy game with the launch of an Information Privacy Office (IPO), broadening its privacy efforts beyond the health sector to touch every corner of campus life. According to At The U, this new office is spearheaded by Jamie Ross, the former head of privacy at U of U Health, now serving as the institution's first chief information privacy officer.
In the face of privacy laws shifting faster than the Salt Lake breeze, the university recognized the need for a centralized team, something that could throw its arms around the various privacy challenges sprouting from Utah's recent legislative efforts, such as the Utah Government Data Privacy Act (GDPA), which places a buffet of requirements on state-regulated entities, including privacy training and data breach notifications for incidents impacting more than 500 people. "The Utah legislature is really invested in the privacy of people in the state," Jamie Ross told At The U, highlighting the state's position at the forefront of US data privacy law.
The IPO isn't going it alone, though; it’s joining hands with data stewards and other campus partners to stitch privacy concerns into the university's operations seamlessly. It's a fresh take on ensuring that data use and collection aren't just about legal checkboxes but integrated contemplations that coexist with, yet differ from, the university's robust information security practices. "We are a resource for anyone who has a concern about how their data is being used, we also are proactively overseeing compliance so individual departments can get guidance when they need it," Ross elaborated, as per At The U.
For Uni of U professors, students, and staff, the IPO is a beacon, guiding the community through the murky waters of privacy policy development, compliance support, and incident response. It shines a light on the path to reducing the risks of both deliberate and accidental data mishandling by promoting practices that are as transparent as they are ethical. Ross anticipates a future where privacy risk assessments become bedrocks of university processes from inception, as the institution aims to stay ahead of the privacy curve while fulfilling its mission with integrity.
