Privacy by Design

 ASU Focus Areas

  • Embed Privacy by Design in our culture
  • Complete privacy reviews of existing and new processes
  • Inventory assets in CMDB

Suggested privacy management flowchart


Effective Practices

When developing, designing, selecting, and using Goods/Services for processing PII, Supplier will, with due regard to the state of the art, incorporate and implement data privacy best practices.

  • Data Minimization – Collect only Personally Identifiable Information (PII) ASU truly needs
    • Example: collect month and year of birth instead of DOB
    • Example: request salutation (e.g., Ms., Mr., Mx., Dr., Esq.) instead of gender
  • Retain PII for the minimum amounts of time necessary
  • Anonymize or pseudonymize PII when possible
  • Communicate specifically what PII is being collected and how it will be used
  • Use secure systems, programs, networks and devices
  • Limit access to PII, both within and outside of ASU
  • Require third parties (vendors and contract partners) to use information security best practices
  • Restrict use of PII to the specific purposes for which it was collected and the data subject consented
  • Ensure that if a data subject exercises any rights, ASU can comply
  • Do not precheck “yes” or automatically opt in anyone on any PII use consents
  • Ensure third parties have obtained necessary consents before purchasing PII from them