Privacy Principles

Privacy Principles at WSU

While these university‑wide privacy principles are aspirational, they reflect widely recognized best practices found in privacy regulations around the world, some of which may apply to Wichita State University (WSU). Together, these principles guide the ethical and responsible use of personally identifiable information (PII) at WSU.

Adhering to these principles reinforces WSU’s core values of integrity, collaboration, innovation, academic excellence, and community. They support the University’s mission while helping protect the individuals we serve—and the broader public—from potential harm associated with privacy incidents.

WSU applies these principles whenever possible, while recognizing that certain legitimate business needs, along with legal, regulatory, and reporting requirements, may require the collection, use, and retention of PII for appropriate purposes.

Data owners and stewards are expected to thoughtfully manage personal information entrusted to WSU, including information used and stored in the systems we operate and develop. These principles provide a common framework to inform decision‑making and guide daily actions, helping bring privacy into practice across the full scope of WSU activities. Privacy considerations should always be balanced with other institutional requirements and goals.

Please note that these privacy principles do not create any contractual or other legal obligation on WSU’s part, or any contractual or other legal right or expectation in or for any individual person. They are guidelines to help us achieve ethical management of PII.

Support Individual Autonomy Over Personally Identifiable Information (PII)

Support an individual's autonomy over their PII.

Be transparent with how PII is collected and used.
Obtain consent whenever possible through providing informed choice or option when it comes to collection and sharing of PII.
Respond to requests from individuals surrounding their PII.

Engage in Responsible Stewardship Around PII

Maintain responsible stewardship around PII.

Collect, access, and use only the minimum necessary amount of PII.
Only use PII for the purpose it was initially collected under, unless covered by a lawful basis or new consent has been obtained.
Limit access to and share PII with only those individuals who are performing a legitimate institutional purpose, when there is a contractual or regulatory requirement, or if consent allows.
Limit unnecessary storage of PII by setting and following appropriate retention timelines.
De-identify, aggregate, or redact data containing PII when deletion is not feasible and whenever possible before long term storage.
Implement appropriate security controls as required by WSU policies or contractual requirements, to support confidentiality, integrity, and accuracy of PII.

Assess and Minimize Privacy Harms to Individuals

Assess and minimize privacy harms to individuals. The privacy office can support entities in:

Assessing privacy impacts to the individual surrounding collection, use, and sharing of PII.
Implementing appropriate mitigations to reduce impacts to the individual.
Balancing beneficence to the individual with the needs of the institution.