Duke is committed to transparent and ethical safeguarding of sensitive and/or regulated information, promoting responsible stewardship of information assets institution-wide.
With responsibility for assuring Duke University oversight of personally identifiable information (PII) lifecycle and safeguarding sensitive information assets, Duke Privacy assesses and collaborates with campus stakeholders to address institutional privacy-related risks and plays an instrumental role in facilitating compliance with applicable privacy laws and regulations.
Grounding all in the Fair Information Practices Principles(link is external) and Privacy by Design, Duke Privacy takes a strategic, collaborative, dynamic and privacy awareness-first approach to its operational role for the institution and offers: privacy impact assessments with Duke University departments and schools, vendor privacy reviews, consultations, contract reviews for engagements processing sensitive personal data, incident investigations and reporting, training and review of research studies processing sensitive personal data. Privacy serves as a subject matter resource for international and U.S. privacy regulation compliance.
Privacy Contact Information
If you have questions about Duke's Privacy Policy, any privacy practices at Duke University, or would like to request a consultation regarding an incident assessment, please contact us via email:
If you are looking for information related to HIPAA (Health Insurance Portability and Accountability Act) or Protected Health Information (PHI) privacy issues, please contact the DUHS Compliance Office at 919-668-2573 or click the button to send an email.
GDPR
The General Data Protection Regulation (GDPR) is a set of rules designed to give European Union citizens more control over their personal information. GDPR is a legal framework enacted in May 2018 that sets guidelines for the collection, processing and transferring of European Citizen personal information.