Overview
The University of California Campus Privacy Officers (CPOs) group worked tirelessly with a diverse group of collaborators to reshape privacy across the entire UC system. Because of these efforts, the culture of privacy has shifted, and the community is much better protected and prepared than it was three years ago.
The Challenge
Starting in 2022, the UC Campus Privacy Officers pooled their expertise and resources to spearhead a cross-functional initiative to standardize privacy principles and reshape privacy operations across the UC to the extent possible. This effort comes at a time when digital environments are evolving rapidly, including the swift implementation of AI systems across campuses, and the need for advancing meaningful privacy principles is greater than ever. This small group of dedicated and thoughtful officers has already accomplished massive strides in reshaping privacy and data protection across the entire UC system.
Although the UC Privacy and Information Security Initiative (PISI) report recommended the creation of privacy programs and appointment of campus privacy officials back in 2013, there was no cohesive, comprehensive privacy program for the non-healthcare portion of UC’s mission for many years. For the most part, each Location’s CPO worked in a silo and did not have the benefit of pooled resources to advance significant privacy initiatives systemwide.
In 2020, as a result of the COVID pandemic, campus CPOs began meeting on a weekly basis to address shared issues and find solutions that helped beyond their own locations. What began as an ad hoc, informal meeting became the brain trust to advance privacy as a core value of the University of California in a systematic, organized, and thoughtful way. During the last three years, the group has accomplished significant advances in privacy in the technology, legal, and operational settings.
The Approach
The activities so far have been as broadly focused as high-level strategic planning or programmatic development to as granular and grassroots as answering individual questions from the community. With the ultimate goal of ensuring the protection of personal and institutional data, they have navigated constrained budgets and limited resources in order to accomplish:
- Technical Advancements: Working together, they have advanced privacy-by-design and privacy-by-default principles in IT initiatives systemwide. Despite limited funding for advanced tools, their work has prioritized safeguarding individuals and reducing risks associated with data processing in UC systems.
- Stakeholder Engagement: The creation of a broad privacy program that touches every aspect of UC’s work involves coordinating with university leadership, legal teams, IT departments, researchers, faculty, students, business units, external collaborators, and others. They have gone beyond regulatory requirements, embedding meaningful safeguards that enhance individual rights and promote a culture of people-first thinking and risk assessment by engaging a broad coalition of UC departments.
- UC-Specific Adaptability: Operating within the unique decentralized structure of the UC system, CPOs have designed innovative, scalable solutions that maintain policy cohesion while addressing campus-specific needs. Their initiatives include developing privacy principles, expanding awareness through targeted training, and refining vendor review processes to improve compliance and risk management—all with minimal dedicated resources.
The Impact
The efforts of UC privacy officers have led to measurable improvements in data privacy and security, demonstrating their commitment to advancing the UC mission while protecting the community. Their achievements include:
- Individuals, Systems, and Processes Transformed: Their (ongoing) work to establish and continuously improve a comprehensive privacy program has strengthened data protection for over 280,000 students, 227,000 faculty and staff, alumni, and countless research participants, fundamentally reshaping how sensitive data is handled across the UC system and significantly reducing privacy risks. Collectively, they have consulted on over a thousand projects, programs, vendor reviews, and incident responses per year, increasing efficiency each year. They have raised the profile of privacy across all locations and assisted the community with their personal data concerns.
- Depth of Change: By promoting transparent data practices, they have increased trust among students, faculty, and external partners while minimizing compliance risks. Their collaboration and coordination amongst themselves have led to systemwide improvements in privacy, data governance, and AI implementations.
- Sustained Progress: Through the establishment of robust privacy governance structures, ongoing training programs, and enhanced cross-campus collaboration, privacy officers have built a sustainable model that will support the UC system for years to come. They have ingrained a proactive, human-centered risk management culture, ensuring that privacy protections evolve alongside emerging threats.
- Innovation and Recognition: UC privacy officers have pioneered forward-thinking privacy solutions, from broad governance to just-in-time trainings, setting new benchmarks in higher education privacy. Their innovations have been adopted by peer institutions and recognized as best practices within the academic sector.
- Thought Leadership: Playing a pivotal role in shaping privacy discourse, UC privacy officers:
- Have actively contributed to national and international forums, influencing policy development and sharing best practices (e.g., AI Assistant guidance, Doxxing guidance, and Guidelines for External Sharing of Student Data shared with Educause).
- Serve on nationwide panels articulating privacy principles for the entire higher ed industry (e.g., 2024 Privacy and Cybersecurity Horizon Report) based on their expertise and assessment of emerging issues, fostered as part of their small group.
- Are leaders defining new standards for protecting individuals’ privacy in academic and research environments. They are regularly asked to speak at conferences, including Educause, International Association of Privacy Professionals, National Association of College and University Attorneys (NACUA), and Higher Education Congress.
- Also contribute to publications such as those for Educause, Chronicles of Higher Ed, and Privacy Rights Clearinghouse.
Why It Matters
The work of UC privacy officers embodies the essence of a collaboration with significant institutional impact. Their contributions align seamlessly with the Yvonne Tevis UC Collaboration Award, as they have:
- Revolutionized Privacy in IT Environments: Strengthened cybersecurity and privacy safeguards to protect UC’s digital infrastructure with comprehensive, thoughtful privacy programs, prioritizing the reduction of risks to individuals whose personal information is entrusted to the university. They have advanced privacy-by-design, and by default, principles in technology initiatives.
- Driven Technological Innovation: Designed and implemented progressive privacy solutions that ensure compliance and data protection while fostering research and education, reinforcing the idea that privacy protections benefit individuals, society, and the institution.
- Elevated Operational Excellence: Streamlined data privacy policies and processes to enhance efficiency and compliance, maximizing impact despite financial constraints. These improvements have directly resulted in stronger protections for individuals by mitigating risks related to data sharing, vendor engagements, and internal data access.
- Strengthened Systemwide Collaboration: Established a unified privacy approach that promotes cooperation and knowledge-sharing across UC campuses, amplifying the impact of their work across the university system and enhancing protections for diverse communities.
Through their dedication, ingenuity, and unwavering commitment to privacy, the UC Campus Privacy Officers’ group has fundamentally reshaped data protection within the university.
What’s Next
Today, the group operates as a team, with various tiger teams and task forces, assisting each other to boost their individual impact so that the benefits of their expertise do not remain isolated to one campus.
Meet the Award-Winning Team
Team Name: UC Privacy Officers Group
Award Category: Yvonne Tevis UC Collaboration Award
Locations: Systemwide
2025 Gold UC Collaboration Award Winners:
| Privacy Website (if applicable) | Team Member | Title | Staff |
| UC Berkeley | Lisa Ho | Chief Privacy Officer | Staff |
| (Formerly, in relevant role) UC Berkeley; current UC Office of the President | Scott Seaborn | (Former, relevant role) Chief Privacy Officer | Staff |
| UC Davis | Zainab Shakoor | Senior Campus Counsel; Privacy Officer | Staff |
| UC Irvine | Thea Bullock | Director of Public Records; Privacy Officer | Staff |
| UC Irvine | Carolyn Cosentino Ponoroff | Assistant Campus Privacy Officer | Staff |
| UC Los Angeles | Kent Wada | Chief Privacy Officer (retired) | Staff (retired) |
| UC Los Angeles | Mark Krause | Chief Compliance and Audit Officer | Staff |
| UC Merced | Eric Kalmin | Director, Records Management and Information Practices | Staff |
| (Formerly, in relevant role) UC Riverside; current, UC Office of the President | Ian Harazduk | (Former, relevant role) Compliance Analyst & Privacy Officer | Staff |
| UC Riverside | William (Bill) Kidder | Privacy Officer | Staff |
| UC San Diego | Pegah K. Parsi | Chief Privacy Officer | Staff |
| UC San Francisco | Caitlyn Finley Folta | Privacy and Data Security Compliance Officer | Staff |
| UC Santa Barbara | Becky Steiger | Policy Coordinator, Campus Privacy Officer, and ADA Compliance Officer | Staff |
| UC Santa Cruz | Tyler Burke | Privacy and Information Practices Director | Staff |
| UC Agriculture and Natural Resources | Robin Sanchez | Director, Policies, Compliance and Programmatic Agreements | Staff |
| UC Lawrence Berkeley National Laboratory | Ahmad Sultan | Cybersecurity Program Manager and Privacy Officer | Staff |
| UC Office of the President | Jennifer Lofthus | General Compliance Manager | Staff |
| UC Office of the President | Noelle Vidal | (Former, relevant role) Privacy Officer | Staff |
| UC Office of the President | Al Lavassani | UC Office of the President and Systemwide Privacy Officer | Staff |
| UC Education Abroad Program | John Simone | Data Privacy and Compliance Officer | Staff |
Read More
Read the team’s complete UC Tech Awards application
Learn more about the UC Tech Awards Program
Contact
Chief Privacy Officer, Campus Privacy Office
UC San Diego
[Cover image and event photo of William (Bill) Kidder courtesy of Andrew Castro]
