Electronic Privacy and Disclaimer Notice

Title: Electronic Privacy and Disclaimer Notice
Policy Owner: University Information Technology Services
Applies to: Faculty, Staff, Students
Campus Applicability:  Storrs and Regionals
Effective Date: June 14, 2007
For More Information, Contact University Information Technology Services
Contact Information: (860) 486-4357
Official Website: http://uits.uconn.edu/

 

Background and reason for the policy: The University of Connecticut maintains the University of Connecticut website (http://www.uconn.edu/) as a service to its students, employees and external constituencies.

It is the policy of the University of Connecticut to respect and protect the privacy of its website users consistent with Federal and State laws such as:

  • Family Rights and Privacy Act (FERPA),
  • the Health Insurance Portability and Accountability Act (HIPAA),
  • the Electronic Communications Privacy Act (ECPA),
  • the Gramm-Leach-Bliley Act (GLB),
  • the Children’s Online Privacy Protection Act (COPPA),
  • the Connecticut Freedom of Information Action (FOIA), and
  • the Connecticut Personal Data Act.

Purpose of Policy: The purpose of this policy is to ensure that all official University of Connecticut websites include an electronic privacy statement about the information that is collected by their website (both automatically and voluntarily) and how that information is used.

Expected Institutional Outcome: It is expected that this policy will result in better protection of visitor’s privacy by clarifying the University’s commitment to privacy and to address concerns about the types of information gathered during the course of visiting any official website, and how the University uses that information.

Applicability of Policy: This policy applies to all information collected by or submitted to official websites of the University of Connecticut and to all visitors to these websites.

Definitions:

Official University Websites: Websites that are sponsored by the University of Connecticut, whether they are stored on the University’s central server, on a University distributed server, or on a hosted or managed web server provided by a third party.

Official University Webpages: Official University of Connecticut webpages are those that have been created by the University, its campuses, colleges, schools, departments or other administrative unit, for University business. Official University webpages clearly convey a relationship to the entire University and support and advance the University’s mission.

Statement of Policy:

All official University of Connecticut websites will be required to adhere to the terms and conditions employed at the University of Connecticut as outlined in this policy and inform visitors of how information at that site is managed through the posting of an electronic privacy and disclaimer statement. Individual web sites may either link to the University’s Electronic Privacy and Disclaimer Notice (University’s Notice) or develop specific notices about the collection and use of any information associated with their pages consistent with the University’s policies.

Terms and Conditions Governing Official University of Connecticut websites:

1.      Use of Social Security Number: As indicated by the Social Security Number policy, the University of Connecticut considers the social security number as registered confidential and legally protected data. Collection, storage and use of the social security number will be in accordance with the Social Security Number policy.

2.      Public and Non-Public Information: The University of Connecticut designates certain information pertaining to students as public or “Directory Information.”  The specific data that is classified as “Directory Information” can be obtained from the Registrar’s Office FERPA web page (http://ferpa.uconn.edu/). Except when requested in writing by the individual, “Directory Information” may be distributed electronically and/or made available on the web without providing any security protection for the information. Non-public information (or when requested by the individual, public information) must not be made available via the web, nor stored for internal use via the web, nor transmitted electronically, even to those who are entitled to the information, without utilizing adequate security measures.

3.      Use of Cookies: Cookies are small pieces of data passed from a web site to your hard drive usually to enable some online services to work more efficiently or to make the use of services more convenient. The University of Connecticut generally will not use cookies to track and/or retain personally-identifiable information without proper notification. However, the University reserves the right to associate personally- identifiable information with cookies. Such information will not be disclosed to outside parties unless legally required to do so in connection with legal proceedings or law enforcement investigations.

4.      Use of Email: In spite of the good intentions of the University to respect the privacy of individuals, it should be understood that it is impossible to assure the privacy of email. Not only may email be sent to someone other than the intended recipient (either through mis-addressing or forwarding), but email sent as plain text may also be intercepted as it travels over the network. In addition, as part of the University’s backup and archival practices, email may continue to exist in spite of the owner’s belief that the message had been deleted.

5.    Use of Forms: The University of Connecticut respects your privacy and does not condone providing any of your personal information to third parties without your permission, unless compelled by law or court order to do so, or to sell any personal information to third parties for purposes of marketing, advertising, or promotion.

6.    Collection and Use of Information: In the course of visiting a web site, the University of Connecticut permits the following information to be collected, stored and used:

a.       Automatic Information Collected

i.      Routing information such as IP address. Routing information is used to route the requested web page to your computer for viewing.

ii.      Essential technical information including, but not limited to: page accessed; time and date accessed; operating system used; type of browser used; information about the web site from which you accessed a University of Connecticut web site and connection statistics (e.g. ports, number of bytes, number of packets, time of 1st and last packet, etc.). Essential technical information is used for such purposes as helping to respond to your request in an appropriate format and helping to plan website improvements.

This information is not to be reported or used in any manner that would reveal personally identifying information or to be released to any outside (third) parties unless legally required. However, it should be noted that when required by law, this information, along with other information that might be available, may enable us to identify an individual involved in a specific transmission.

b.      Personal Information Voluntarily Provided by the Individual

In the course of visiting a web site (e.g. sending an email message, filling in an on-line form, etc.), individuals may choose to provide additional personally- identifying information such as name, address, email address, social security number, password, bank account information, credit card information, or any combination of data that can be used to identify an individual. Optional information, including any email communications, is retained in accordance with the University’s records retention schedules and may be subject to public inspection and copying if not protected by federal or state law.

7.      Links: The provision of links from official University of Connecticut web sites to other sites does not imply endorsement of the information or services offered by these linked sites nor does the University’s privacy policies apply to these other sites. Individuals who choose to link to any third party site should review the privacy practices of that site before providing any personally identifiable information to that site.

8.      Limits to Privacy: The use of University resources, including computing and networking equipment and services, purchased with University funds, are intended for University business. While it is not the intention of the University to actively monitor communications or files stored or transmitted on University systems or devices, individuals must understand that under certain circumstances they may not have a right to privacy to such information. Such circumstances include but are not limited to: compliance with legal requirements or process; investigation of suspected violations of law, regulation or University policy; maintaining the integrity of the University’s computing systems.

9. Freedom of Information Requests: Under the “Connecticut Freedom of Information Act,” except as otherwise provided by federal law or state statute, all records maintained or kept on file by or at the University of Connecticut are considered public records and are subject to inspection by members of the public.  As a member of the University community, your email and any information collected in the course of visiting a web site are considered public records and may be subject to Freedom of Information disclosure. In some cases, email messages about students may fall under the FERPA definition of  “education records” and therefore may be subject to the provisions of FERPA regarding the release of the information and the student’s right to inspect and review the information.

10.  Disclosure of Personal Data to Third Parties: In some cases the University may share personal data with third parties with whom we have a business arrangement. In all cases, the department entering into the agreement will ensure that the third party has formally agreed to protect the security of that data in compliance with the University’s Third-party Access to Information Technology Resources policy.

Responsibilities:

The Chief Information Officer has overall responsibility for this policy.

Questions concerning this policy may be directed to the IT Security Officer or to the University Privacy Officer.

The Chief Information Officer will review this policy on a bi-annual basis and respond to formal complaints resulting from the implementation of this policy.
Violations of this policy will result in appropriate disciplinary measures in accordance with University Laws and Bylaws, General Rules of Conduct for All University Employees, applicable collective bargaining agreements, and the University of Connecticut Student Conduct Code.