Update on Work of Data Privacy Task Force and Next Steps


September 9, 2022

To the George Washington University Community:

In February, President Wrighton sent a message to the community regarding a data analytics pilot project that occurred on campus during the Fall 2021 semester. In light of privacy considerations raised as a result of this project, the President charged me with convening a policy committee comprising students, faculty, and staff, to develop core principles and make recommendations regarding data policies and protocols at the university. The recommendations from this group, the Data Privacy Task Force, were submitted in late June for the administration’s consideration.

I am grateful for the work of the Task Force and the collaborative effort undertaken to identify core principles and additional actions as we continue work to develop a Data Governance Policy.

Earlier today, I provided the following update to the Faculty Senate regarding the university’s response to the Task Force’s recommendations:

First, the university will adopt the Task Force’s recommended three core principles regarding the use of university data for analytical purposes. These principles are:

  • GW should protect individuals’ privacy consistent in a manner with the institution’s legitimate use of personal information and data, and comply with applicable laws;
  • Programs analyzing university data should be discussed in an open and transparent way so as to ensure that any costs to privacy are evaluated alongside the benefits of the use of personal data; and
  • GW should clearly, transparently, and regularly communicate about the ways in which it uses personal information.

In addition, since the Data Privacy Task Force was formed, the university has implemented several structural changes that better align the IT infrastructure and office with the academic mission of the university. These changes include establishing a new vice provost for libraries and academic technologies role to oversee the IT enterprise; relocating IT to the Office of the Provost; relocating the Office of Ethics, Compliance and Risk to the Office of the President; and relocating the Data Governance Team to the Office of the Provost.

The university is considering several additional steps to advance the goals of the core principles. These include but are not limited to:

  • Establishing, in consultation with the Faculty Senate, a new Data Governance Policy to provide guidance on data analytics projects that use university data;
  • Constructing a new review process for university data analytics projects that includes approval and sign-off by university leadership;
  • Inviting Student Association participation in data governance through established channels; and
  • Refining the university’s Privacy Notice to include data analytics projects in order to improve communication and transparency.

Through the careful implementation of these measures, we expect to create a more collaborative and more transparent environment that allows the university to realize the benefits of data analytics while protecting the privacy interests of our community members. We will continue to provide the community with additional updates on our efforts.

Sincerely,

Christopher Alan Bracey
Provost and Executive Vice President for Academic Affairs
Professor of Law