Office of Data Privacy

When personal data are collected unnecessarily, used or shared for unknown or undefined purposes and when individuals are not provided appropriate notification or given the ability to review and adjust incorrect personal data, then individual privacy is lost. There are risks associated with the loss of privacy. Depending on individual circumstances, individuals could experience emotional, physical and/or financial harm.

After decisions are made about how data is to be protected, according to personal preference or the law, the CSCU Information Security Office applies appropriate security controls to protect the confidentiality, integrity and access to that data. To learn more about data security at CSCU, visit the Information Security Program Office

The CSCU Data Privacy Office enables the safe use of data to support CSCU’s vision to continually increase the number of students completing personally and professionally rewarding academic programs.

• Individual privacy is respected at all stages of the data lifecycle by upholding the Fair Information Privacy Practices (FIPPs)[2].
• CSCU is fully transparent about the use of individual data while enabling autonomy, protecting privacy and abiding by regulatory requirements.
• Data are categorized so that security controls can be applied, and risks of data usage are understood and managed.
• Goals and boundaries are in alignment with the National Institute of Standards and Technology (NIST) Data Privacy Framework.

[2] Organization for Economic Co-operation and Development (OECD).  OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. Part Two. Basic Principles of National Application.  Accessed 9/28/2021. 

The CSCU DPO follows the Fair Information Privacy Principles (FIPPs) adopted by the Organization for Economic Co-operation and Development (OECD) as Basic Principles.  These FIPPs have roots in the US Privacy Act of 1974 and are a component of major privacy initiatives across the globe.  

• Collection Limitation
  CSCU limits the collection of personal data to that which is obtained legally and fairly and with the knowledge or consent of the individual.
• Data Quality
  CSCU collects data that are relevant to the purposes for which they are to be used, records data accurately, completely and keeps it up-to-date.
• Purpose Specification
  CSCU informs individuals about the purposes for which personal data are collected at the time of data collection and limits the use of that data to the designated purposes.
• Use Limitation
  CSCU uses individual data only for the purposes for which they have been specified with the consent of the individual or by authority of law.
• Security Safeguards
  CSCU protects individual data from risk of loss, unauthorized access, destruction, use, modification or disclosure using reasonable security safeguards in alignment with federal standards.
• Openness
  CSCU is open about developments, practices and policies with respect to personal data.
• Individual Participation
  CSCU supports individual rights regarding their individual data including the ability to review and request amendment to data that is in error.
• Accountability
  CSCU is accountable to its constituents for complying with these principles.