Duke is committed to transparent and ethical safeguarding of sensitive and/or regulated information, promoting responsible stewardship of information assets institution-wide.

With responsibility for assuring Duke University oversight of personally identifiable information (PII) lifecycle and safeguarding sensitive information assets, Duke Privacy assesses and collaborates with campus stakeholders to address institutional privacy-related risks and plays an instrumental role in facilitating compliance with applicable privacy laws and regulations.

Grounding all in the Fair Information Practices Principles(link is external) and Privacy by Design, Duke Privacy takes a strategic, collaborative, dynamic and privacy awareness-first approach to its operational role for the institution and offers: privacy impact assessments with Duke University departments and schools, vendor privacy reviews, consultations, contract reviews for engagements processing sensitive personal data, incident investigations and reporting, training and review of research studies processing sensitive personal data. Privacy serves as a subject matter resource for international and U.S. privacy regulation compliance.

Duke University Privacy Statement

Duke University is committed to fairly and appropriately managing and safeguarding the information collected, used and maintained in support of its missions and to transparency regarding our data management practices.

Duke University Privacy Statement

Privacy Contact Information

If you have questions about Duke's Privacy Policy, any privacy practices at Duke University, or would like to request a consultation regarding an incident assessment, please contact us via email:

Email to Contact Privacy

Privacy Resources/FAQs

For commonly asked privacy questions and various resources use this button to see more. If what you are looking for is not here, please reach out to our privacy team.

If you are looking for information related to HIPAA (Health Insurance Portability and Accountability Act) or Protected Health Information (PHI) privacy issues, please contact the DUHS Compliance Office at 919-668-2573 or click the button to send an email.


The General Data Protection Regulation (GDPR) is a set of rules designed to give European Union citizens more control over their personal information. GDPR is a legal framework enacted in May 2018 that sets guidelines for the collection, processing and transferring of European Citizen personal information.

GDPR Information and FAQs

GDPR Data Subject Requests Form

GDPR Data Subject Requets Form

Non-GDPR Data Subject Rights Request Form

Non-GDPR Data Subject Rights Request Form