The University of Connecticut relies on key partnerships with vendors to conduct business. At times, we may need to provide vendors with confidential or protected information. When this occurs, it is essential that we appropriately review vendor safeguards and business practices to help ensure information is used and protected appropriately and anticipate any potential issues.
When departments create requisitions within HuskyBuy, responses to certain questions may trigger the need for a privacy and/or security review. For example, if a department indicates that UConn will need to share personal data with a vendor to conduct business with them, UConn Privacy Officer will then launch a Privacy Impact Assessment.
Privacy and Security staff work with the vendor to complete assessments. Staff then can work to analyze responses, detect and work toward resolving any privacy or security risks.
In general, Privacy and Security can launch review assessments within a day or two. However, completion of the assessment will largely depend on the vendor’s cooperation, and any level of risk detected. It may take a couple of weeks for appropriate reviews to be completed.