Duke Privacy conducts University privacy incident assessments and investigates impermissible disclosures of sensitive, restricted and regulated information as defined by Duke’s Data Classification Standard and applicable laws and regulations, including but not limited to, the Family Education Rights and Privacy Act of 1974 (FERPA), the North Carolina Identity Theft Protection Act of 2005 and Duke policy. Privacy ensures timely compliance with federal and state breach investigation and reporting requirements.

Every privacy incident assessment involves:

  • A thorough investigation of the alleged violation and of the information allegedly disclosed
  • An evaluation of the use and adequacy of the privacy and information technology (IT) security controls implemented for safeguarding the information at issue
  • Cooperation with and recommendations to Duke Human Resources and/or management
  • Training and guidance to educate and/or reinforce best practices for safeguarding information assets to ensure compliance with federal and state laws and regulation and Duke policies