Data Privacy Day

Data Privacy Day is January 28

Data Privacy Day occurs annually on January 28.. It began in the U.S. and Canada in 2008 as an extension of the Data Protection Day celebration in Europe. Many organizations host Data Privacy Day events in-house at their facilities and some broadcast live events or record events for later viewing.


Illini Union Southeast Vestibule 9am-1pm
Ikenberry Commons 10am-2pm

The University of Illinois is increasing resources in support of its Data Privacy Program. Expect to see more information about data privacy in months and years to come.



Take the Data Privacy Day Survey!

The Data Privacy Day survey will take 5-10 minutes to complete. We will not collect user information only the results of questions which will be aggregated only for use by the Data Privacy Office. Thank You for your participation!


Links to free Data Privacy Day events and data privacy resources from fellow higher education institutions and industry that address current topics surrounding data protection

Quick-links to relevant University of Illinois privacy policies

Quick-links to relevant University of Illinois data privacy regulation-related resources

Personal (and Identifying) Information:

Student (and Academic) Information:   

Health (and Medical) Information:         

Financial (and Consumer) Information

Other Applicable Laws:                              

Data Privacy is a Process!

The Data Privacy Life Cycle is a simple process flow (represented here as a diagram) to show the vital points where privacy decisions need to be considered. This is often used by organizations, but consumers also can use this to help understand privacy policies and questions they may have about use and maintenance of their personal information. It is vital to pose the following questions at every decision point in the data privacy life cycle: Who? What? When? Where? Why? How?

The diagram of the Data Privacy Life Cycle

Collection –This is the point at which the data is collected from the data subject (e.g., consumer). A privacy policy should state why specific data is being collected and for what purpose.

Use – Also called Processing, this stage is what the data controller does with the data within their own organization once collected. The purpose of using the data should be in keeping with the privacy policy’s purpose statement.

Disclosure – Also called Sharing, this the stage when the data is provided to another organization outside the purpose of its internal business processes. It can include trading data or selling of data for monetization purposes. Sharing of data should only take place with established business partners under the law and the partners should be specified in the privacy policy.

Retention – Sometimes called Storage or Archiving, is where personal data is stored for a time during or after its intended use, per business or legal requirements. This can include archiving where data is stored digitally--sometimes offline--for a time before it is determined that it is no longer wanted or needed. Archived data often contains aggregated personal data and should be protected very securely.

Destruction – Also called Disposition, is where the data is destroyed because it reached the end of the data life cycle. Sometimes hardware holding the data still may be usable, so the hardware may be set aside (dispositioned) to be used again but without granting the new user access to the old user’s data. Some new laws such as GDPR grant users the ability to request destruction of their personal data by organizations that may have it.

What additional steps can I take?

At Illinois, we want to help students, faculty and staff make wise choices about their personal data and provide applicable knowledge in order to protect such data. Below are some tips, tricks and hacks one can take to safeguard themselves when using popular technologies.

Review your location data.

  • If appropriate delete your historical data. Review which apps can access your phone’s GPS features and consider whether you want to provide this history of your daily movement to them.
  • Cell phones are great at providing directions and recommendations for restaurants nearby. To do this they use GPS and poll your phone every few minutes. Most cell phone makers and cellular providers keep a record of this data. Individual mobile apps and even games, if GPS permissions are given, can also track this data. In many cases there is no limit to how long this data can be stored or shared.  


See Your Google Maps Timeline
Check Your Location Settings (Android)


See Your Frequent Locations
Check Your Location Settings (iPhone)

Rethink the messages and content you share publicly. Understand that not all “deleted” messages are deleted.

  • Any social media post that is public is often indexed by third parties including researchers, media, and government entities. Even after deleting content the content can be retained. Other social media companies claiming “private messaging” are sometimes found not to be private or anonymous. Before sending that private message check your platform and consider whether you really want to send it.

Snapchat Doesn't Delete Your Pictures
Snapchat May Keep Your Photos For 30 Days

Review apps that offer ‘secure’ messaging to see if their platform has been endorsed by a trusted third party:

Protect Your Digital Privacy
Use Secured, Encrypted Messaging Apps

Cover your webcam and double check which software and apps have access to your microphone.

Many security professionals cover their cameras and safeguard access to their microphones. There are numerous exploits that allow hackers to turn those devices on--often with no indicators.

Protect Yourself From Hackers
Why The FBI Director Puts Tape Over His Webcam