PDAT-03

Do you combine institutional data (including "de-identified," "anonymized," or otherwise masked data) with personal data from any other sources?

Explanation

This question is asking whether your organization combines institutional data (data from colleges or universities) with personal data from other sources. This is a critical privacy question because combining datasets can lead to re-identification of individuals, even when the original institutional data was supposedly anonymized or de-identified. Why it's being asked: 1. Data combination increases privacy risks - When multiple datasets are combined, it becomes easier to identify individuals through correlation of attributes across datasets. 2. Regulatory compliance - Many regulations (GDPR, FERPA, etc.) have specific requirements about combining data sources, especially when it involves sensitive information. 3. Scope of data usage - The institution wants to understand if their data might be enriched with other sources in ways they didn't anticipate. The guidance clarifies that institutional data includes financial information, student records, faculty/staff/alumni data, research data, and government reporting data from educational institutions. How to best answer: - Be transparent about any data combination practices - If you do combine data, explain the purpose, safeguards, and compliance measures - Specify what types of institutional data are combined with what types of personal data - Clarify if the combination is temporary (for processing) or permanent - Mention any anonymization techniques used before or after combination - If you don't combine data, simply state that clearly

Guidance

Institutional data is created, collected, maintained, transmitted, or stored by or for a college or university to conduct operations. Many institutions have their own specific definitions. Institutional data would include data such as financial information, student education records, faculty/staff/alumni data, research data, and data collected for government reporting purposes.

Example Responses

Example Response 1

No, we do not combine institutional data with personal data from other sources Our data processing architecture maintains strict separation between institutional data and any other data sources Institutional data is processed in isolated environments with access controls that prevent merging with external datasets All our data handling procedures explicitly prohibit such combinations to maintain privacy and comply with regulations like FERPA and GDPR.

Example Response 2

Yes, we do combine institutional data with external data sources, but only after implementing robust privacy protections Specifically, we combine de-identified student performance metrics with publicly available labor market data to provide career outcome analytics Before any combination occurs, we apply k-anonymity techniques ensuring no individual can be re-identified This process is governed by our Data Combination Policy which requires: (1) Privacy Impact Assessment, (2) Legal review for regulatory compliance, (3) Removal of all direct identifiers, (4) Implementation of technical safeguards against re-identification, and (5) Contractual restrictions preventing downstream re-identification attempts.

Example Response 3

We currently combine institutional financial data with third-party demographic data to enhance our analytics offerings While we apply basic hashing to institutional identifiers, we recognize this doesn't meet current best practices for true anonymization before combination We're in the process of implementing more robust privacy protections including differential privacy techniques and improved data governance controls, but these won't be fully operational until next quarter In the interim, we've limited access to combined datasets to only essential personnel who have completed advanced privacy training.

Context

Tab: Privacy
Category: Privacy of Sensitive Data