POL-U5315.02 Affording Individual Privacy Rights

Following the effective date of this policy, the University will establish and maintain a centralized University Privacy program (“Program”) with a framework designed to proactively protect privacy and manage associated risks.

A designated Privacy Committee composed of University privacy compliance owners and strategic compliance partners will establish the Program through written principles, policy, standards, procedures, and training that consider business and operational needs with meaningful privacy protections when collecting, accessing, using, monitoring, disclosing, and disposing of protected information in a manner consistent with applicable laws and regulations and ethical duties.

The Program must be written, made public, and include at a minimum:

1. A Privacy Committee roster and charter,
2. A reporting structure for effective leadership oversight,
3. A defined program framework and principles, and
4. An action plan that reflects the federally required elements of an effective compliance program and regulatory requirements (see University Compliance Program), and
5. Contact information for individuals to exercise their privacy rights.

The University Compliance Officer is responsible for facilitating the development and publication of the Program and reporting on progress to executive leadership.

The goal of the Privacy Program is to implement policy, processes, controls, and training to ensure that individuals’ privacy rights are met. The goal of the Information Security Program to implement controls to ensure the confidentiality, integrity, and availability of information maintained by Western. The two programs will work collaboratively to meet legal and ethical requirements and the goals of each program. See Policy U3000.07 Securing Information Systems.

Delegated privacy compliance owners (see University Compliance Matrix – “Information” category) are responsible for overseeing compliance in their respective privacy areas. See also University Compliance Program Roles and Responsibilities.

The Program will ensure the coordination of the various privacy areas in the development policies, procedures, controls, and training to more effectively and efficiently communicate expectations to employees regarding their responsibilities for privacy compliance.

All University employees must maintain the highest level of integrity and responsibility in collecting, accessing, safeguarding, using, disclosing, and disposing of protected information to which they may intentionally or incidentally gain access. All employees must strictly adhere to the University Confidentiality Agreement, which is to be signed upon hire, and thereafter as required by written standards.

Employees must comply with all policies, standards, and procedures and promptly report known or suspected violations in accordance with reporting procedures. All reports of potential violations are to be taken seriously and responded to promptly by supervisors and management to determine appropriate and effective corrective action.

Supervisors at all levels are responsible for enforcing all policies, standards, and procedures related to privacy.

Protected information maintained by or accessible to the University or a third party will be made available to certain employees and external parties but only to those with position and/or legitimate or contracted business needs that warrant access.

Western reserves the right to protect the University and individuals’ information by certain activities as permitted or required by law, state or University policy or standards, and/or legal agreements (including University Residences agreements).

The University may access and/or disclose an individual’s information without their consent as permitted or required by law, University policy, or other legal agreements.

All responses to public record requests are reviewed to ensure compliance with disclosure laws prior to being released by the University Public Records Officer.