Data Privacy Consultative Committee
Purpose
The Data Privacy Consultative Committee (DPCC), comprising faculty, staff and student representation, will conduct quarterly evaluations of university data projects, make recommendations around project compliance with GW policies, and review any data projects administrators flag as breaching GW’s business practices and policies.
What requires a data privacy evaluation?
Data projects that fall into any of the following areas should be considered for a data privacy evaluation:
- Systematic and extensive profiling: This includes but is not limited to any form of automated processing of personal data that is used to evaluate certain personal aspects relating to a natural person, such as their economic situation, health, personal preferences, interests, behavior, location, or movements.
- Processing that involves the use of new technologies or techniques: This includes but is not limited to processing activities that use emerging technologies or innovative techniques, such as artificial intelligence (AI), machine learning (ML), facial recognition, or geolocation tracking.
- Large-scale processing of sensitive personal data: This includes but is not limited to processing of data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, genetic data, biometric data, health data, or data concerning sex life or sexual orientation.
- Unintended consequences: This includes but is not limited to the potential to assess collected data at a level granular enough that individuals can be identified or reconstructed with reasonably high probability, even though formal identifiers like names, IP addresses or log information have been removed.
If warranted, a review of research involving human subjects should precede the Data Privacy Evaluation. Although the two reviews have some overlap, they also complement each other and are focused on different aspects.
Guiding Principles
- GW should protect individuals’ privacy consistent in a manner with the institution’s legitimate use of personal information and data, and comply with applicable laws
- Programs analyzing university data should be discussed in an open and transparent way so as to ensure that any costs to privacy are evaluated alongside the benefits of the use of personal data
- GW should clearly, transparently, and regularly communicate about the ways in which it uses personal information
Committee Members
Ronald Layne, Associate Vice President, Business Intelligence & Data Management (Chair)
Stephanie Baldwin, Associate General Counsel
Cristina Grigore, Privacy Director
Joe Knop, Director, Institutional Research and Planning
Collins Munyendo, Graduate Student, SEAS
Daniel Solove, Eugene L. and Barbara A. Bernard Professor of Intellectual Property and Technology Law
Marinella Temprosa, Associate Research Professor, Biostatistics and Bioinformatics
Philip Wirtz, Professor, Decision Sciences & Psychology
Eric Yang, Director, Institutional Analytics