Sign In / Sign Out
Navigation for Entire University
- ASU Home
- My ASU
- Colleges and Schools
- Map and Locations
Embed Privacy by Design in our culture
Complete privacy reviews of existing and new processes
Inventory assets in CMDB
When developing, designing, selecting, and using Goods/Services for processing PII, Supplier will, with due regard to the state of the art, incorporate and implement data privacy best practices.
Data Minimization – Collect only PII ASU truly needs
Example: collect month and year of birth instead of DOB
Example: request salutation (e.g., Ms., Mr., Mx., Dr., Esq.) instead of gender
Retain PII for the minimum amounts of time necessary
Anonymize or pseudonymize PII when possible
Communicate specifically what PII is being collected and how it will be used
Use secure systems, programs, networks and devices
Limit access to PII, both within and outside of ASU
Require third parties (vendors and contract partners) to use information security best practices
Restrict use of PII to the specific purposes for which it was collected and the data subject consented
Ensure that if a data subject exercises any rights, ASU can comply
Do not precheck “yes” or automatically opt in anyone on any PII use consents
Ensure third parties have obtained necessary consents before purchasing PII from them
Framework - NIST Privacy Framework -
Identify - Inventory and Mapping (ID.IM-P): Data processing by systems, products, or services is understood and informs the management of privacy risk.
Complete Privacy Reviews
Inventory Assets in CMDB
Govern - GOVERN-P (GV-P): Develop and implement the organizational governance structure to enable an ongoing understanding of the organization’s risk management priorities that are informed by privacy risk.
Control - CONTROL-P (CTP): Develop and implement appropriate activities to enable organizations or individuals to manage data with sufficient granularity to manage privacy risks.
Communicate - COMMUNICATE-P (CM-P): Develop and implement appropriate activities to enable organizations and individuals to have a reliable understanding and engage in a dialogue about how data are processed and associated privacy risks.
Protect - Protect (PR-P): Develop and implement appropriate data processing safeguards.
If you have any questions, please contact firstname.lastname@example.org