Updated: Sept. 19, 2022 at 4:10 p.m.
Officials announced that GW will adopt a new set of data privacy “core principles” after officials tracked community members’ whereabouts without their knowledge last fall.
Provost Chris Bracey said officials are implementing three new principles to be in line with “applicable” data laws and regulations, to make decisions around data and privacy principles transparently and clearly communicate new rules on how to use community members’ personal information. The new principles come from GW’s data privacy task force which made a series of recommendations for data privacy on campus over the summer after officials used the Wi-Fi system to track community members without their consent.
“The recommendations from this group — the data privacy task force — were submitted over the summer to the administration for the administration’s consideration,” Bracey said in a Faculty Senate meeting Friday. “I’m grateful for the work that the task force has done here and the collaborative effort that was undertaken to identify core principles and additional actions as we continue to work to develop a data governance policy.”
Bracey said officials have agreed to adopt three of the task force’s principles and relocate GW’s information technology division and the Office of Ethics, Compliance and Risk. Officials have reshuffled much of the University’s administration, placing GWIT back under the Office of the Provost, slotting communications and marketing under the presidential purview and putting human resources under the Chief Administrative Officer.
“In addition, since the data privacy task force was formed, the University has implemented several structural changes that better align the IT infrastructure and office with the academic mission of the University,” Bracey said in an email to community members Friday.
GW’s privacy policy states that any party acting on behalf of the University and processing data from the GW community must make a privacy notice to online users explaining how the information will be used.
Bracey said officials are considering several additional policies, including establishing a new data governance plan with the Faculty Senate’s input, allowing Student Association leaders to take part in data sharing policy decisions, amending the University’s privacy notice and implementing a new review and approval process for potential future data analytics projects similar to the one conducted last fall.
In interim University President Mark Wrighton’s original email to community members notifying them about the data tracking project last February, he said officials “de-identified” the data, meaning staff could track information like gender, but not community members’ names. He said in February while some officials may have had the ability to view individualized information, officials did not review individual information in the collected data, and any remaining data from the Wi-Fi tracking and collection would be destroyed.
Last February, officials came under harsh criticism from faculty senators for lacking the appropriate infrastructure to monitor data collection on campus and failing to stop the data tracking program. At the time of the tracking last fall, both GWIT and the Office of Ethics, Compliance and Risk fell under the purview of former Chief Financial Officer and Executive Vice President Mark Diaz.
“Through the careful implementation of these measures, we expect to create a more collaborative and more transparent environment that allows the University to realize the benefits of data analytics while protecting the privacy interest of our community members,” Bracey said at the meeting Friday.
This post has been updated to correct the following:
The Hatchet incorrectly reported that Bracey said the new principles were in line with the “appropriate” data laws and regulations. Bracey said the new principles were in line with the “applicable” data laws and regulations. The Hatchet incorrectly reported that the Communications and Marketing was under the chief financial officer. The office was under the Office of the President. The Hatchet incorrectly reported that Human Resource Management & Development was placed under the Office of the President. The office was placed under the chief administrative officer. The Hatchet also incorrectly reported that officials will review the data principles. Officials will provide updates regarding the principles. We regret these errors. This post has also been updated to clarify that the University is implementing new “core principles” of data privacy.