All third parties that handle, collect, use, or store personal data at the P-3 or P-4 level (or process personal data at any P-level in an AI system) require a privacy assessment. Departments should complete the first three sections of the Vendor Privacy Intake Form, and third parties should complete the last section. The Department should then submit the form along with all required documents to the Campus Privacy Office. Most will also require a security review and a contract as well; please contact the Office of Information Assurance for additional information regarding a security review.