Data Agreements

Drexel's Privacy Program Services (PPS) department reviews, approves and signs data agreements involving sharing Drexel Institutional data with external entities.

Drexel's Chief Privacy Officer is the designated signatory on data agreements involving the processing (including creation, use, control, or sharing) of Drexel institutional data by external entities as well as all Business Associate Agreements (BAAs).

Drexel institutional data may be protected by a number of laws, regulations, and policies and procedures including but not limited to: the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Family Educational Rights and Privacy Act (FERPA), EU General Data Protection Regulation (GDPR) Confidentiality of Substance Use Disorder Patient Records (42 CFR Part 2), Gramm Leach Bliley Act (GLBA), and Fair and Accurate Credit Transaction act of 2003 (FACTA), depending on the data source, data subjects, and purpose of the data processing.

An authorized signature is required on agreements involving the processing of data to ensure that the appropriate laws, regulations, policies, procedures and requirements necessary to protect Drexel's institutional data have been addressed within the data sharing agreement.

Frequently Asked Questions

Data Agreement Types

Contact Us

Privacy Program Services
privacy@drexel.edu