This document sets forth minimum privacy standards for the collection, processing, transfer, deletion and other use of personal data at Stanford, including in the context of university operations, clinical research, use and deployment of facial recognition and other sensors, web and mobile device tracking, artificial intelligence, machine learning, big data and analytics, among others.
Stanford expects all partners, consultants, and vendors processing personal data collected by, for or on behalf of Stanford, to abide by these Minimum Privacy Standards.
These Minimum Privacy Standards are intended to reflect best practices, and may not be followed by Stanford in all circumstances. Further, adherence to these Minimum Privacy Standards does not relieve Stanford or its employees, partners, consultants, or vendors of further obligations that may be imposed by law, regulation, or agreement.
As privacy laws and principles evolve over time, these standards will be revised and updated accordingly. In time, these standards are intended to become requirements codified in the Stanford Administrative Guide.
Minimum Privacy Standards
|Standard||What to do|
|Minimum Necessary||Limit the collection and use of personal data to the minimum that is directly relevant and necessary to accomplish a specified purpose.|
|De-Identification||De-identify datasets to the extent possible by removing personal data or by using aggregation, tokenization, or other anonymization techniques.|
|Responsible Use||Use personal data only for the specific purposes for which it was collected (or otherwise with the explicit consent of the individual, or as authorized by law).|
|Need to Know||Limit access to personal data to only those with legitimate need-to-know.|
|Transparency||Before collecting personal data, provide a notice that clearly and simply describes how Stanford plans to use the data, including the specific purposes for collection.|
|Choice and Control||To the extent practical, give individuals explicit choice and control as to how their personal data will be used and disclosed. Provide individuals with the ability to review their collected personal data and the opportunity to correct, supplement, or delete it.|
|Data Stewardship||Designate a data owner to be responsible for ensuring that these Minimum Privacy Standards are adopted for each personal dataset, that regulatory and contractual obligations are met, and for responding to questions and concerns regarding the dataset.|
|Security Controls||Ensure that Stanford's Minimum Security Standards are implemented for systems that store, process, or transmit personal data.|
|Third Parties||Transfer personal data only to/from third parties that meet or exceed Stanford's Minimum Privacy and Security Standards, under an agreement to that effect, and when consistent with applicable regulatory requirements. If the data are High Risk, complete the Data Risk Assessment process prior to transfer.|
|Geospecific Requirements||Understand geographically where personal data will be collected, stored, transferred, and made accessible throughout its lifecycle, both by Stanford and third parties. Ensure adherence to pertinent international and local data privacy laws.|
|Retention, Deletion, and Sanitization||Retain personal data only as long as needed or as required by law or agreement. Delete or archive personal data when no longer needed. Sanitize data storage media prior to transfer or disposal.|
|Incidents||Promptly report privacy incidents to the University Privacy Office.|
- Personal data
- Any information that relates to an identifiable, unique human being.
Who do I contact for questions?
|University Privacy Office||University Privacy Office||Contact the Privacy Office|
|Information Security Office||Information Security Office||Submit Help request|
Suspected Privacy Incident
|University Privacy Office||University Privacy Office||Submit Help ticket|
Report Lost or Stolen Device
|University Privacy Office||University Privacy Office||Submit report|