Minimum Privacy Standards

This document sets forth minimum privacy standards for the collection, processing, transfer, deletion and other use of personal data at Stanford, including in the context of university operations, clinical research, use and deployment of facial recognition and other sensors, web and mobile device tracking, artificial intelligence, machine learning, big data and analytics, among others.

Stanford expects all partners, consultants, and vendors processing personal data collected by, for or on behalf of Stanford, to abide by these Minimum Privacy Standards.

These Minimum Privacy Standards are intended to reflect best practices, and may not be followed by Stanford in all circumstances. Further, adherence to these Minimum Privacy Standards does not relieve Stanford or its employees, partners, consultants, or vendors of further obligations that may be imposed by law, regulation, or agreement.

As privacy laws and principles evolve over time, these standards will be revised and updated accordingly. In time, these standards are intended to become requirements codified in the Stanford Administrative Guide.

Minimum Privacy Standards

Standard	What to do
Minimum Necessary	Limit the collection and use of personal data to the minimum that is directly relevant and necessary to accomplish a specified purpose.
De-Identification	De-identify datasets to the extent possible by removing personal data or by using aggregation, tokenization, or other anonymization techniques.
Responsible Use	Use personal data only for the specific purposes for which it was collected (or otherwise with the explicit consent of the individual, or as authorized by law).
Need to Know	Limit access to personal data to only those with legitimate need-to-know.
Transparency	Before collecting personal data, provide a notice that clearly and simply describes how Stanford plans to use the data, including the specific purposes for collection.
Choice and Control	To the extent practical, give individuals explicit choice and control as to how their personal data will be used and disclosed. Provide individuals with the ability to review their collected personal data and the opportunity to correct, supplement, or delete it.
Data Stewardship	Designate a data owner to be responsible for ensuring that these Minimum Privacy Standards are adopted for each personal dataset, that regulatory and contractual obligations are met, and for responding to questions and concerns regarding the dataset.
Security Controls	Ensure that Stanford's Minimum Security Standards are implemented for systems that store, process, or transmit personal data.
Third Parties	Transfer personal data only to/from third parties that meet or exceed Stanford's Minimum Privacy and Security Standards, under an agreement to that effect, and when consistent with applicable regulatory requirements. If the data are High Risk, complete the Data Risk Assessment process prior to transfer.
Geospecific Requirements	Understand geographically where personal data will be collected, stored, transferred, and made accessible throughout its lifecycle, both by Stanford and third parties. Ensure adherence to pertinent international and local data privacy laws.
Retention, Deletion, and Sanitization	Retain personal data only as long as needed or as required by law or agreement. Delete or archive personal data when no longer needed. Sanitize data storage media prior to transfer or disposal.
Incidents	Promptly report privacy incidents to the University Privacy Office.

Definitions

Personal data: Any information that relates to an identifiable, unique human being.

Who do I contact for questions?

General Questions

Unit	Website	Help
University Privacy Office	University Privacy Office	Contact the Privacy Office
Information Security Office	Information Security Office	Submit Help request

Suspected Privacy Incident

Unit	Website	Help
University Privacy Office	University Privacy Office	Submit Help ticket

Report Lost or Stolen Device

Unit	Website	Help
University Privacy Office	University Privacy Office	Submit report