The Council advises the Audit, Risk, and Compliance Committee (ARCC) on approaches to promote data privacy across the University and to promote compliance with relevant federal, state, and international privacy regulations including but not limited to HIPAA, FERPA, ADA, and GDPR. The Council’s purview includes activities associated with protection of personally identifiable information (PII) including:
1) Approval of privacy policies,
2) Advising on existing and proposed revisions to:
(a) procedures and controls to protect PII,
(b) strategies for compliance with relevant statutes, regulations, and guidance,
(c) Compliance monitoring and risk mitigation strategies,
3) Development of University responses to emergent enforcement and regulatory activities.
4) Dissemination and promulgation of privacy best practice
Members:
Regular members of this multidisciplinary Council represent stewards of university personally identifiable information and leadership of impacted areas including:
- Chief Information Officer
- Controller
- Enterprise Risk Management
- Human Resources
- Information Security
- Internal Audit
- Office of Research Administration/HRPP
- Office of the General Counsel
- University Compliance
- University Privacy Officer, chair
- University Registrar
- Yale Health
- Yale School of Medicine
- Development Office
- University Library
- Student Financial Aid/Admissions
Ad hoc guests including administrative leaders, students, and faculty may be invited as appropriate to meet the needs of the Council and may be invited to comment on proposed policies and practices where appropriate.