University Privacy Office serves as an advocate for the responsible use of personal data

Protecting the privacy of personal information is a vital shared responsibility throughout Stanford. As potential threats to personal privacy increase, ranging from a growing barrage of attempted email scammers to challenges raised by evolving technologies such as artificial intelligence and machine learning, the staff of the University Privacy Office helps protect the campus community’s precious data.

Stanford Report recently sat down with Manjit Gill, a senior privacy officer, to learn more about the office and the ethical principles that guide its work.

 

Why does privacy matter and how does it fit in with the mission of the University Privacy Office?

Respect for privacy is critical for maintaining the trust and confidence of our Stanford community. When people share their personal information, they expect that it will be protected and used only for specific, limited purposes. When this expectation isn’t met, people feel a loss of control over their data – and their confidence in the organization can waver.

Our mission is to help Stanford meet these expectations and responsibilities to individuals and, more broadly, to advocate for fair, transparent, ethical and innovative uses of data. Given the many changes in the privacy landscape in recent years, it’s more important than ever that the university not simply meet our baseline regulatory obligations, but also think critically about how to specifically prioritize protecting privacy as a fundamental human right.

 

What steps has the University Privacy Office taken recently to help protect privacy at Stanford?

We recently developed the Stanford Minimum Privacy Standards – or MinPriv, for short. These are a set of fundamental standards for how all personal data at Stanford should be treated. All of us in the Stanford community share a responsibility in protecting personal information that we access in our daily lives; and MinPriv is a simple way for all faculty, staff and students to align with our expectations and follow privacy best practices.

As new privacy risks arise with evolving technologies like artificial intelligence, machine learning and facial recognition, we need simple “rules of the road” like MinPriv that everyone can easily understand and use to handle data responsibly. The University Privacy Office also provides guidance on novel uses of data and other topics significantly affecting the university community.

 

How has the University Privacy Office been involved in the university’s response to COVID?

Our office was completely consumed by COVID activities for much of last year, in part because there is an inherent tension between the need to communicate specifically about who has been exposed or tested positive to COVID and the need to maintain the privacy and confidentiality of an individual’s health information.

As a result, we spent a great deal of time addressing questions about when Stanford can and cannot disclose personal information related to COVID, and what permissions the university would need to obtain in advance. For example, these questions came up in the context of programs Stanford created to support the safe return of our community to campus, such as Health Check, which is a tool for students, postdocs and employees to self-report their health status, as well as in the context of COVID-19 testing for our community.

It has also been very satisfying to support critical COVID-related research projects. Our office, in close collaboration with the Information Security Office, conducted numerous Data Risk Assessments on COVID projects, where we reviewed the privacy and security risks raised by proposed research activities, and made practical recommendations on how best to mitigate those risks.

 

How does the University Privacy Office support IDEAL, the campus initiative to create an inclusive, accessible, diverse and equitable university for the entire Stanford community?

Our office is a strong advocate of inclusion, diversity, equity and access. We are increasingly seeing requests from groups across campus to collect and use diversity data to better understand where Stanford is doing well and where we can improve. Hopefully, readers saw a request in January from the Office of the Provost to update their race and ethnicity information in Axess. We worked with the Office of General Counsel, University Human Resources and other units to update the consent form related to how Stanford collects and uses race and ethnicity data. The information collected will be used to support and improve the IDEAL dashboard to promote diversity at Stanford.

 

From a privacy perspective, what two considerations would you want all Stanford faculty, staff and students to think about as they go about their daily lives?

First, be thoughtful in how and when you share your data. Many of us have grown accustomed to providing personal information online, especially now as more of our daily interactions are virtual. We’ve also seen an increase in unsolicited messages and emails asking for personal information, including phishing scams that appear to be from banks or restaurants asking people to validate their information or provide credit card numbers. Before providing any personal data, it’s always prudent to pause and think about what information you’re disclosing, whom you’re providing it to, why it’s needed and how this data could be used.

Second, while most of us try to be mindful of our own privacy, we also need to be mindful of the privacy interests of others. When entrusted with other people’s personal information, be it for business activities, clinical care, research or even our own social media postings, each of us has a responsibility to be an ethical steward of that data.