Document Status:  first draft

Application Guidelines for Handling Sensitive Personal Data Obtained via UW Directory Services

Abstract:  Clients of the directory have a responsibility to treat data they have access to with appropriate care.  Guidelines are provided to assist in making judgments in common scenarios.

Overall guidance from UW Privacy Policy and forthcoming UW Data Security Policy. 

Applications must be aware of the sensitivity concerns about all attributes.  In particular some attributes contain personal information that has been indicated by the relevant persons as "not to be published".  Such information is made available to applications for use within their business function.   While "published" is not a well-defined concept, nor necessarily consistent from one user or affiliation or business purpose to another, the general idea is to avoid exposure to people who don't have a business need for the info, are not aware of its sensitivity status, or are not likely to respect it.

Search screens ...

Reports ...

Using opaque identifiers ...

Deciding when to involve the user or deny service ... Add Comment