The Magic of Harmonious Central and Local Privacy Management

The privacy acronyms are flying at you. You have complex decentralized governance and threat actors from all over the world trying to access your data! How do you create a harmonious privacy management system? The University of Toronto keeps privacy peace among 40 disparate academic and administrative divisions across three campuses with 95,000 students and 23,000 thousand staff and faculty. We do this with a central privacy office that coordinates among Freedom of Information Liaisons, or FOILs, who are senior officials from each division and also with central information security, data governance, legal counsel, research, Office of the President, Governing Council and other central offices and authorities. In this way, the university achieves institutional-level control and standards where appropriate, and also a reasonable level of local participation and a local expert check on required privacy actions. The solutions that this model creates are privacy protective, legally compliant, and strongly informed by divisional needs, while preserving the central oversight of the university FIPP Office and the likewise central institutional responsibility for compliance. This model is flexible enough to accommodate academic freedom for faculty and specific local projects and practices within an overarching set of central standards. It is also ideally structured to accommodate future requirements, challenges, and directions while preserving institutional harmony.