National Data Privacy Week, held annually during the last week of January, focuses on raising awareness about the importance of data protection since it was established in 2008. The week serves as a reminder for individuals and organizations to improve practices for safeguarding personal information.
At the University of California (UC) Office of the President, Al Lavassani, systemwide chief privacy officer, is leading efforts to strengthen privacy practices and address the challenges of managing data in a complex environment, both in terms of risk factors and regulation. As an expert in security, governance, risk and compliance, Al is focused on establishing a privacy framework for the UC system.
A Vision for Privacy at UC Office of the President
Al brings years of experience in building and improving privacy programs. His primary goal is to establish a dedicated Privacy Office at UCOP to implement privacy principles and policies effectively.
“Privacy is not just about compliance. It’s about understanding where and how personal data is being used, ensuring transparency and building trust.”
Al Lavassani, Chief Privacy Officer, University of California
His work includes developing a privacy risk assessment framework to track data collection, usage, sharing, retention and deletion. The goal is to address risks systematically and create a culture of accountability in how data is managed.
Aligning privacy and security
Al emphasizes the connection between security and privacy, describing security as a foundation for effective privacy programs. He is focused on risk assessment and employee training as critical components of data protection.
“Risk assessment and education are fundamental to a strong privacy program. It’s about equipping people with the tools and knowledge to handle data responsibly.”
Al Lavassani
Improving Vendor Privacy Risk Assessment Practices
Al is also working to incorporate privacy considerations into vendor risk assessments. This includes addressing risks posed by artificial intelligence (AI) technologies and ensuring data-sharing and processing activities are clearly defined and documented.
To support these efforts, he is developing tools and processes to document privacy assessments and data processing activities.
Advancing Privacy Awareness and Training
One of the priorities is to develop privacy training materials designed to be flexible enough for use across the UC system and adaptable to different departments, conduct regular awareness campaigns, and create privacy playbooks for teams that handle sensitive data.
Next Steps and Priorities
Lavassani’s immediate objectives include:
- Establishing a Privacy Office to identify and manage privacy risk and compliance issues.
- Creating system wide privacy training materials.
- Raising awareness through a significant increase in outreach.
- Enhancing vendor risk assessments with a focus on privacy and AI.
- Improving internal and vendor reviews and risk assessment processes and tools
Through his work, Al Lavassani is helping the University of California address the increasing complexity of data privacy and security. National Data Privacy Week highlights the importance of these efforts, encouraging organizations to take actionable steps toward protecting personal data and ensuring transparency in their operations.
About the Privacy Office at UC Office of the President
For any privacy question or inquiry, contact Privacy@UCOP.edu
Related reading
University of California privacy officers and resources
Contact
Al Lavassani
Chief Privacy Officer
UC Office of the President
Author
Systemwide Human Risk and Strategy
UC Office of the President