Office of Data Privacy

Supporting the privacy of everyone who learns, works or plays at a CSCU institution.

What is Data Privacy

“Information privacy is the right to have some control over how your personal information is collected and used.”[1] Data and information are synonymous here.  Data Privacy focuses on the legal and ethical rights of individuals to be aware of and involved in the collection and utilization of their personal information.  At CSCU, we want to be sure that we support the privacy rights of everyone whose information is utilized by a CSCU institution whether they are students, staff, faculty or visitors.

[1] International Association of Privacy Professionals (IAPP), About the IAPP, The world’s largest global information privacy community. . Accessed 9/28/2021.


Why is Data Privacy important?

When personal data are collected unnecessarily, used or shared for unknown or undefined purposes and when individuals are not provided appropriate notification or given the ability to review and adjust incorrect personal data, then individual privacy is lost. There are risks associated with the loss of privacy. Depending on individual circumstances, individuals could experience emotional, physical and/or financial harm.

How is Data Privacy different from Information Security at CSCU?

After decisions are made about how data is to be protected, according to personal preference or the law, the CSCU Information Security Office applies appropriate security controls to protect the confidentiality, integrity and access to that data. To learn more about data security at CSCU, visit the Information Security Program Office

What is the CSCU Data Privacy Office vision?

The CSCU Data Privacy Office enables the safe use of data to support CSCU’s vision to continually increase the number of students completing personally and professionally rewarding academic programs.

  • Individual privacy is respected at all stages of the data lifecycle by upholding the Fair Information Privacy Practices (FIPPs)[2].
  • CSCU is fully transparent about the use of individual data while enabling autonomy, protecting privacy and abiding by regulatory requirements.
  • Data are categorized so that security controls can be applied, and risks of data usage are understood and managed.
  • Goals and boundaries are in alignment with the National Institute of Standards and Technology (NIST) Data Privacy Framework.

[2] Organization for Economic Co-operation and Development (OECD).  OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. Part Two. Basic Principles of National Application.  Accessed 9/28/2021. 

What are our guiding principles?

The CSCU DPO follows the Fair Information Privacy Principles (FIPPs) adopted by the Organization for Economic Co-operation and Development (OECD) as Basic Principles.  These FIPPs have roots in the US Privacy Act of 1974 and are a component of major privacy initiatives across the globe.  

  • Collection Limitation
    CSCU limits the collection of personal data to that which is obtained legally and fairly and with the knowledge or consent of the individual.
  • Data Quality
    CSCU collects data that are relevant to the purposes for which they are to be used, records data accurately, completely and keeps it up-to-date.
  • Purpose Specification
    CSCU informs individuals about the purposes for which personal data are collected at the time of data collection and limits the use of that data to the designated purposes.
  • Use Limitation
    CSCU uses individual data only for the purposes for which they have been specified with the consent of the individual or by authority of law.
  • Security Safeguards
    CSCU protects individual data from risk of loss, unauthorized access, destruction, use, modification or disclosure using reasonable security safeguards in alignment with federal standards.
  • Openness
    CSCU is open about developments, practices and policies with respect to personal data.
  • Individual Participation
    CSCU supports individual rights regarding their individual data including the ability to review and request amendment to data that is in error.
  • Accountability
    CSCU is accountable to its constituents for complying with these principles.

Privacy Policies & Notices


IR Data Privacy Refresher



Jan Kiehne

Senior Associate for Decision Support Resources, Data Privacy Officer, CIPT 

Connecticut State Colleges & Universities
61 Woodland Street
Hartford, CT 06105