Fundamentals of GW's Privacy Program

GW established a Privacy Program that is based on a set of core privacy principles, addressing the collection, processing, transfer, deletion and other use of personal data, by the university, during the course of its operations.

Privacy Principles

Transparency/Notice

GW is transparent about our privacy policies and our practices with respect to personally identifiable information (PII). We provide clear and accessible notice regarding our collection, use, maintenance, and disclosure of personal information.

GW's Statement of Privacy Practices

Consent

Under applicable laws and to the extent practicable, GW’s may seek individual consent for the collection, use, maintenance, or disclosure of PII.

GW Personal Information and Privacy Policy

Minimum Necessary

Limiting the collection and use of personal data to the minimum that is directly relevant and necessary to accomplish a specified purpose.

GW Personal Information and Privacy Policy

Responsible Use

Use personal data only for the specific purposes for which it was collected (or otherwise with the explicit consent of the individual, or as authorized by law).

Need to Know

Limit access to personal data to only those with legitimate need-to-know.

GW Data Protection Guide

Security Controls

GW implemented administrative, technical, and physical safeguards to protect PII commensurate with the risk and magnitude of the harm that would result from its unauthorized access, use, modification, loss, destruction, dissemination, or disclosure.

Data Classification and Protection

Data Governance

GW established clear lines of responsibility with respect to givernance of the personal data processed by the university.

Data Governance Roles and Responsibilities

Third Parties

Personal Data can be shared with third parties only under university approved contractual agreements.

Data Sharing - Privacy Requirements

Choice and Control

GW has established procedures to provide individuals with appropriate access to their PII, and opportunity to correct or amend PII, as well as mechanisms to receive and address individuals’ privacy-related complaints and inquiries.

Exercise Your Privacy Rights

Incident Reporting

Promptly report any actual or suspected privacy incidents to the GW Privacy Office.

Report a Data Incident

Accountability and Enforcement

GW schools and departments are accountable for complying with GW privacy policies and privacy laws and regulations applicable to their collection and use of PII.