Charter of the Privacy and Security Council for University Research

Purpose

In supporting its research mission, the University of Chicago is obliged to accept and manage increasing levels of liability associated with research and technical services that entail processing datasets of private personal information obtained under contract from third parties. In addition, contracts with federal agencies increasingly include substantial “flow down” security and privacy obligations, and some data collected by University researchers is subject to a similar level of security and privacy protection. A variety of responses to these needs have given rise to a “secure research computing strategy” for the institution.

Responsibilities

The Privacy and Security Council for University Research (Council) steers the secure research computing strategy:

  • Review and approval of research data security and privacy policies.
  • Monitor the impact of these policies.
  • Review and endorse associated funding and other requests necessary to ensure the success of the strategy.
  • Ensure its consistent implementation within Divisions, Schools, and Institutes.

Membership

Members consist of

  • the Dean of each Division, School, and Institute, as these concerns have no intrinsic disciplinary constraint;
  • the Chief Financial Officer, to ensure consistent execution within supporting administrative units;
  • a representative from the Office of Legal Counsel for their subject matter expertise;
  • the Vice Provost for Research, whom the Council advises and who chairs the Council.

The Council is staffed by the Secure Data Enclave Management, consisting of the Director of the Research Computing Center and the Chief Technology Officer in IT Services.

Meetings

Expected quarterly with the possibility of being an agenda item at Deans Council meetings as circumstances warrant.

Authority and Relationship with Other Governance Bodies

Established governance for University-wide IT Security policies entails endorsement of proposed policies by the Board of Computing Activities and Services (a statutory faculty board) and formal adoption by the Provost’s IT Committee. As the Council’s interests overlap to some degree with the Provost’s IT Committee, the latter delegates its authority to the Council in matters that primarily concern secure research computing.

A Secure Research Computing Oversight Committee (OC) will often be the source of draft policies, other proposals, and information to be brought to the Council for consideration. The OC will only bring policy proposals to the Council that are endorsed by the Board of Computing Activities and Services.