Skip to content
Main Navigation
Campus Life

Protecting privacy

University of Utah Communications -

As privacy evolves rapidly, the University of Utah has strengthened its approach to protecting personal information by establishing the Information Privacy Office (IPO). The office leverages and builds on existing institutional expertise—including longstanding privacy practices and infrastructure developed within University of Utah Health—while creating a unified model to serve the entire university community.

“At U of U Health, we were primarily concerned with research, patient privacy and HIPAA,” said Jamie Ross, who previously led the privacy office for U of U Health and now serves as the inaugural chief information privacy officer. “But as privacy-related requirements and expectations began expanding and evolving at a rapid pace, we began fielding questions from other areas of campus. Ultimately, it became clear that the university as a whole would benefit from a centralized privacy resource.”

Responding to a changing privacy landscape

Modern privacy laws increasingly give individuals greater visibility into how their personal information is collected and used, place limits on data sharing, require routine audits and oversight and mandate clear accountability for compliance.

In 2024, the Utah legislature passed the Utah Government Data Privacy Act (GDPA), laying several requirements for all regulated governmental entities. These include creating privacy training for employees, creating notifications for data breaches that impact more than 500 people, strict guidelines around selling and sharing data and granting people access to their personal data. The IPO works to make sure the U is following all protections put in place by the GDPA.

“The Utah legislature is really invested in the privacy of people in the state,” said Ross. “With the passing of GDPA, Utah became one of the states with the most comprehensive data privacy laws in the nation.”

A coordinated, enterprise-wide approach

Effective privacy must be embedded into everyday operations, planning and decision-making—not treated as a reactive or siloed function. The IPO addresses previously fragmented privacy oversight by offering centralized guidance and support while working collaboratively with data stewards and campus partners.

While the university maintains a strong enterprise information security program, privacy and security are distinct but complementary disciplines. Privacy focuses on appropriate data collection, use, sharing and governance, while security emphasizes protecting data from unauthorized access or loss. The IPO ensures that privacy considerations are addressed alongside security efforts.

“We are a resource for anyone who has a concern about how their data is being used,” said Ross. “We also are proactively overseeing compliance so individual departments can get guidance when they need it.”

Supporting the university community

The IPO provides policy development, compliance support, education and incident response coordination. This structure enables the university to respond swiftly and thoughtfully to data-related issues while minimizing risk and disruption.

More broadly, the office supports the university’s mission by fostering trust, empowering individuals, reducing the risk of intentional and unintentional data mishandling and promoting ethical, accountable and transparent data practices.

“We are further integrating privacy risk assessments into our processes to make sure privacy considerations are built into university processes from the outset,” said Ross. “We are hoping by doing this, the university will be better positioned to comply with relevant laws and regulations.”

Looking forward

By extending the successful privacy framework developed within University of Utah Health to the entire institution, the IPO positions the University of Utah to meet current privacy expectations while remaining adaptable to future regulatory changes. This enterprise-wide approach reinforces the university’s commitment to integrity, stewardship and responsible data use—now and into the future.

“People are becoming more aware of their rights in relation to their personal data and how it’s used,” said Ross. “If anyone has questions, we want them to feel free to reach out to us, and we will do our best to help.”

All functions of the IPO can be found on this website. Here you can learn about the rights you have over your data and how to exercise them. You can also learn how to amend the data currently held by the U, or how to file a complaint if necessary.

RELATED ARTICLES

Arthur Brooks named U’s 2026 Commencement speaker

Arthur Brooks named U’s 2026 Commencement speaker

Read More
Rising together: Student leadership development

Rising together: Student leadership development

Read More
Turning passion into purpose with recreational therapy

Turning passion into purpose with recreational therapy

Read More
Legislative session brings community together to showcase value of research

Legislative session brings community together to showcase value of research

Read More
Creating an impact university

Creating an impact university

Read More
A student wears headphones and works on a laptop

The power of my perspective

Read More
Utah Museum of Fine Arts installs Robert Indiana’s iconic ‘LOVE’ sculpture

Utah Museum of Fine Arts installs Robert Indiana’s iconic ‘LOVE’ sculpture

Read More
Leading with impact: The University of Utah’s economic and societal contributions

Leading with impact: The University of Utah’s economic and societal contributions

Read More
Humans of the U: Helen Salako

Humans of the U: Helen Salako

Read More