/
DA University Privacy Template

DA University Privacy Template

Owned by Ann Henson
Feb 20, 2024
13 min read

 

<University Name> Privacy Policy

 

 

PRIVACY POLICY OVERVIEW

As <University Name> continues to strive to meet the needs of its stakeholders, an effective take on data privacy is necessary. We aim to help you understand what personal data we collect, how we use it, and what control you have over it. This notice will define the following:

 

  1. What personal data is collected by <University Name>.

  2. How personal data is collected, used, shared, stored, and otherwise processed.

  3. The security procedures implemented to protect your data.

  4. Your choices and rights regarding the use of your data.

  5. How you can contact us for issues such as to correct inaccuracies of your data or to request the removal of your personal data.

 

<University Name> adheres to the governing data privacy/data protection regulations and frameworks of the following entities:

  • CCPA

  • FERPA

  • HIPAA

  • {{other_regs}}

 

A <University Name> Privacy Governance Team will serve as the single point of contact for all privacy matters including but not limited to policy, use cases, vendor assessment, and the collection and processing of personal data. Any changes to the privacy policy must be evaluated and approved by the Privacy Governance Team

 

The following categorized pages provide more specific information around data collection and use. The documents do not provide an exhaustive list of these specifics but a clear picture of their scope and use. Any use cases that fall out of this defined scope must be approved by the <University Name> Privacy Governance Team.

 

To that regard, here are the policies behind the <University Name>’s overall commitment to carry out responsible stewardship and appropriate use of Student data

✘We will not collect, maintain, use or share Student PII beyond what is needed for authorized or approved educational/institutional purposes.

✘ We will not sell or rent Student PII.

✘ We will not use or disclose student information collected through an educational/institutional service (whether personal information or otherwise) for behavioral targeting of advertisements or marketing to students.

✘ We will not build a personal profile of a student other than for supporting educational purposes

✘ We will not knowingly retain Student PII beyond the time period required to support educational purposes or maintain minimum academic records

✔We will collect, use, share, and retain Student PII only for purposes for which we were authorized by the educational institution

✔(statement about transparency and communication of what, how and purpose of data collection)

✔We will maintain a comprehensive security program that is reasonably designed to protect the security, confidentiality, and integrity of Student PII against risks – such as unauthorized access or use, or unintended or inappropriate disclosure – through the use of administrative, technological, and physical safeguards appropriate to the sensitivity of the information.

✔We will require that our vendors, with whom Student PII is shared in order to deliver the educational service, are obligated to follow these same commitments for the given Student PII.

✔A Privacy Governance Team will review or approve any exception or additional use case of data in order to protect your data from use that does not comply with the student success, legal requirements, or the mission of the university

 

If there are any questions please contact the Privacy Governance Team at [privacy_governance@school.edu]

 

ACADEMIC DATA

At <University Name> the Information and Technology Services supports a number of systems and services to support the core mission of the university. These include:

<Add list>

 

Academic Data We Collect

Student Profile (name, email, profile picture, preferred name, pronouns)

Course roster, name and schedule

Assignment submissions (including interactions between faculty and classmates)

Instructional Tool interactions (such as date/time of access, duration)

Logging Information (date/time of login, duration, browser and operating system used)

 

How We Use Academic Data

Learning Process (share participation and performance information to instructors and students to support and improve the learning experience)

Learning Analytics (improve student outcomes, engage in timely, relevant interventions, personalize mentoring and advising)

Research (support learning research, curricular design, institutional reporting)

Service and Support (monitor system performance to ensure stability and positive user experience)

Other: Any use case outside of the above criteria requires approval of the Privacy Governance Team.

 

How We Collect Academic Data:

Directly (surveys, quizzes, etc)

Automatically (data generated and stored when interacting with web-based applications)

 

How We Share Academic Data

  • The university does not sell or rent your academic information.

  • Information may be shared with service providers that support or provide instructional services. Service providers must meet our data security requirements and use the data only for providing services to the University.

  • Personal information may be shared when required by law, or to protect the safety, property or rights of the university, its community members and guests. These requests require approval of the Privacy Governance Team.

 

TRANSACTIONAL LOG DATA

There are many enterprise systems that are used to enable technology and service across campus. Some of these include the Identity Access Management Service, Enterprise Wireless Management, Student Portals, as well as various 3rd party services that are used to connect or enable connections to these systems. A wireless infrastructure is managed by the <University Name> Information and Technology Services in order to provide WiFi network connectivity for faculty, students, staff and guests when on campus. This system manages connection activity of its access points and wireless devices (ie laptops, phone, tablets, etc) that connect to the system.

 

Data We Collect through the Enterprise Wireless Management System

User and Device Information (uniquename and device identifier - MAC address, IP address)

Access Point

Timestamp - the time of an event

Other Logging Information (such as authentication, failed authentication events, associations to Access Points, etc..)

 

How We Use Transactional Log Data

Facility Planning (support transportation planning, space utilization, WiFi service, public safety and security and other services by analyzing aggregated and anonymized data on AP location, session time, and count of devices)

Research (De-identified data may be used by faculty for institutional research)

Service and Support (monitor network performance and provide end user support)

 

Transactional Log Data is used in combination with student academic and profile information in order to provide:

Cohort Success Analytics (monitor outcomes of groups to ensure programs meet specific cohort needs and evaluate effectiveness of student success initiatives)

Student Success Analytics (improve student outcomes, engage in timely, relevant interventions, personalize mentoring and advising)

Other: Any use case outside of the above criteria requires approval of the Privacy Governance Team.

 

How We Collect Transactional Log Data

Automatically (when a device connects to system access points)

 

How We Share Transactional Log Data

  • The university does not sell or rent your transactional log information.

  • Information may be shared with service providers that support or provide instructional services. Service providers must meet our data security requirements and use the data only for providing services to the University.

  • Personal information may be shared when required by law, or to protect the safety, property or rights of the university, its community members and guests. These requests require approval of the Privacy Governance Team.

 

STUDENT RECORD DATA

<University Name> Information and Technology Services maintains the following systems to support student administration:

 

(Add List)

 

What Student Record Data We Collect

Student Profile (ie preferred name, pronoun, residency, VA benefit eligibility, sport code, and other information collected during admissions)

Academic Record (ie courses, grades, major/minor, degree level)

Logging Information (ie date/time of login, duration, page visits, transaction timestamps, browser and operating system)

 

How We Use Student Record Data

Communications (information on campus services, events, etc)

Campus Life (ie emergency alerts, housing, transportation, recreation, libraries, immigration support)

Registrar/Academic Processes (ie support enrollment, selection/attendance of classes, degree attainment, financial transactions)

Institutional Planning ((using aggregated data evaluate trends to make needed improvements)

Research (academic research purposes using aggregated data sets)

Service and Support (monitor service performance to provide a positive user experience)

Other: Any use case outside of the above criteria requires approval of the Privacy Governance Team

 

How We Collect Student Record Data

Directly (during registration and updating of personal information)

Automatically (visits/interactions stored by student administration systems)

From Faculty and Staff (ie grades, major, degree completion, honors, discipline)

How We Share Student Record Data

  • The university does not sell or rent student record information.

  • Information may be shared with service providers that support or provide instructional services. Service providers must meet our data security requirements and use the data only for providing services to the University.

  • Government (mandatory reporting of personal/demographic data, transcript, degrees earned)

  • Regulating Organizations (ie National Student Clearinghouse, NCAA-National Collegiate Athletic Association)

  • Personal information may be shared when required by law, or to protect the safety, property or rights of the university, its community members and guests. These requests require approval of the Privacy Governance Team.

 

STUDENT FINANCIAL DATA

The primary systems used to collect and process student financial data are:

 

(Add List)

 

What Student Financial Data We Collect

Bank Accounts (used to process refunds)

Financial Aid Information (ie parents’ income, dependency status, scholarship/loan/work study info, FAFSA documentation)

Logging Information (login and transaction time stamps, duration, page visits)

 

How We Use Student Financial Data

Service and Support (monitor system performance to ensure stability and positive user experience)

Administration

Institutional Planning (using aggregated data evaluate trends to make needed improvements)

Service and Support (monitor system performance and processes to ensure stability and positive user experience)

Other: Any use case outside of the above criteria requires approval of the Privacy Governance Team.

 

How we Collect Student Financial Data

Directly (when forms are completed and and information is updated)

Automatically (data stored based on visits, interactions, etc with student administration systems)

From Staff (recorded information on financial aid awards)

 

How We Share Student Financial Data

  • The university does not sell or rent student financial information.

  • Data is shared with government entities (Dept of Education, IRS, and National Science Foundation) to meet mandatory reporting requirements.

  • Information may be shared with service providers that support or provide instructional services. Service providers must meet our data security requirements and use the data only for providing services to the University.

  • Personal information may be shared when required by law, or to protect the safety, property or rights of the university, its community members and guests. These requests require approval of the Privacy Governance Team.

 

VIDEOCONFERENCING DATA

The <University Name> provides several third-party videoconferencing and video capture tools/services including:

  • Zoom

  • Google Meet

  • Microsoft Teams

  • <Other>

 

What Videoconferencing Data We Collect

User Profile (name, email address, and other contact information)

User Content (voice and image recordings, chat messages, uploaded files and if enabled surroundings and transcripts)

Meeting Usage Information (routing information and other metadata)

Device (IP address, MAC address, device type, operating system, etc)

 

How We Use Videoconferencing Data

Online Learning Experiences (instructional activities and other online university programming)

Research (research collaboration with faculty and students worldwide)

University Administration and Operations

Service and Support (monitor system performance to ensure stability and positive user experience)

Other: Any use case outside of the above criteria requires approval of the Privacy Governance Team.

 

How We Collect Videoconferencing Data

Directly (when you participate)

Automatically (when platforms generate and store data based on interactions)

From Other Users (when they invite or collaborate with you)

 

How We Share Videoconferencing Data

  • The university does not sell or rent videoconferencing information.

  • Service Providers (have access but are not allowed to rent or sell information, use it only for university services and must meet data security requirements)

  • Meeting Hosts and Attendees (messages and content are available to all university and external participants. Hosts have access to recordings but must notify participants when recording a session.)

  • Personal information may be shared when required by law, or to protect the safety, property or rights of the university, its community members and guests. These requests require approval of the Privacy Governance Team.

 

STUDENT HOUSING DATA

When you use our on- and off-campus housing services, information is generated and stored in <University Name> systems such as:

 

<Add List>

 

What Student Housing Data We Collect

Student Contact (ie name, mobile number, permanent address, emergency contact, parent contact)

Housing Application (ie housing preferences, roommate matching profile, vehicle, accommodations needed, background check, move-in/move-out dates)

Housing Management (ie housing assignment, key card/pin, change requests, communication logs, contract violations, package deliveries)

Billing information

Logging Information (ie uniquename, timestamps, duration, page visits)

 

How We Use Student Housing Data

Administration (processing applications, assignment, contract, etc)

Communications (safety notices, campus activities, community updates)

Institutional Planning (using aggregated data evaluate trends to make needed improvements)

Service and Support (monitor system performance and processes to ensure stability and positive user experience)

Other: Any use case outside of the above criteria requires approval of the Privacy Governance Team.

 

How We Collect Student Housing Data

Directly (ie application process and change requests)

Automatically (data stored based on visits, interactions, etc with housing systems)

From Staff (ie profile updates, change requests)

 

How We Share Student Housing Data

  • The university does not sell or rent student housing information.

  • Data is shared with government entities (ie US Census Bureau) to meet mandatory reporting requirements.

  • Information may be shared with service providers that support or provide instructional services. Service providers must meet our data security requirements and use the data only for providing services to the University.

  • Personal information may be shared when required by law, or to protect the safety, property or rights of the university, its community members and guests. These requests require approval of the Privacy Governance Team..

 

LIBRARY DATA

What Library Data We Collect

Profile (ie uniquename, name, local address)

Library Material Use (ie IP address, transaction timestamp, uniquename and materials requested)

Logging Information (ie uniquename, date/time of login/transactions, duration, page visits, browser and operating system)

 

How We Use Library Data

Facility Usage (evaluate hours of operation, staffing, space prioritization)

Instructional Initiatives (use of library resources is used to help improve and integrate them with learning initiatives)

Learning Analytics (evaluate use across cohorts in order to improve resources and services)

Institutional Planning (using aggregated data evaluate trends to make needed improvements)

Service and Support (monitor system performance to ensure stability and positive user experience)

Research (de-identified summary data for academic research)

Other: Any use case outside of the above criteria requires approval of the Privacy Governance Team.

 

How We Collect Library Data

Directly (ie completed forms, requests)

Automatically (data stored based on visits, interactions, etc with library systems)

From External Sources (website traffic data from Google Analytics)

 

How We Share Library Data

  • The university does not sell or rent library information.

  • Information may be shared with service providers that support or provide instructional services. Service providers must meet our data security requirements and use the data only for providing services to the University.

  • Research Institutions (anonymized transaction logs may be shared as part of research grants/projects. IRB approval is required as well as a MOU about data use and retention)

  • Personal information may be shared when required by law, or to protect the safety, property or rights of the university, its community members and 3rd Party/Content Providers (Interaction with online journals and databases from 3rd party vendors is governed by the individual privacy policies of those sites)

 


PRINTER DATA

The <University Name> provides printing services to support faculty, staff and students to print from their devices to multiple printers on campus.

 

<Add List>

 

What Printer Data is Collected

User credentials (ie uniquename, key card number)

Usage Information (ie timestamp, printer/server name, IP address, job names)

Job Attributes (ie document name, copy count, orientation, paper size, color, page requested)

 

How We Use Printer Data

Cost management

Reporting (aggregated data on total page counts, total cost, etc)

Service and Support (monitor system performance, provide troubleshooting to ensure stability and positive user experience)

 

How We Collect Print Data

Automatically (information stored when print jobs are submitted and executed)

 

How We Share Print Data

  • The university does not sell or rent your printer information.

  • Information may be shared with service providers that support or provide instructional services. Service providers must meet our data security requirements and use the data only for providing services to the University.

  • Personal information may be shared when required by law, or to protect the safety, property or rights of the university, its community members and guests. These requests require approval of the Privacy Governance Team..

 

SECURITY CAMERA DATA

When necessary and appropriate, <University Name> will place security cameras on campus for the purposes of aiding in protecting the safety of faculty, staff, students and guests, protecting campus property and deterring criminal activity.

 

Exclusions

This policy does not apply to medical facilities, or where cameras are deployed for non-security purposes (ie instruction, video conferencing, police body and vehicle cameras)

 

 

What Security Camera Data is Collected

Digital Video images )i.e activity on <University Name> campus

No Audio recordings are collected or stored

 

How We Use Security Camera Data

Campus Safety

Personnel Performance

Property Protection

Prevent and Investigate Criminal Activity

Service and Support (monitor system performance and provide troubleshooting to ensure stability)

 

Other: Any use case outside of the above areas requires approval of the Privacy Governance Team.

 

How We Collect Security Camera Data

Automatically (storage of video recordings generated by the <University Name> Enterprise cameras

 

Cameras generally cannot be installed in or view areas where there is a reasonable expectation of privacy, including restrooms, locker rooms, lactation rooms, private offices, residential rooms

 

How We Share Security Camera Data

  • The university does not sell or rent security camera information.

  • Only users approved by the Privacy Governance Team from may view real time or stored images

  • Real time display of video images through a website authorized for community or public view will not be permitted unless approved by the Privacy Governance Team.

  • Personal information may be shared when required by law, or to protect the safety, property or rights of the university, its community members and guests. These requests require approval of the Privacy Governance Team..

 

CARD SWIPE DATA

<University Name> uses card swipe data to limit access to campus facilities and to track student usage of its services (ie workshops, tutoring, library, computer labs) in order to evaluate and improve the facilities and services provided to faculty, staff and students. Card Swipe System used include:

 

{{add list}}

 

What Card Swipe Data is Collected

Student Name/ID

Location

Time Stamp (date and time of swipe on entry and exit)

 

How We Use Card Swipe Data

Student Services (ie evaluate total use, effectiveness of initiatives to promote use, identify need for new or additional services)

Facility Management (space management, determine hours of operation and staffing needs, control building access and security)

Service and Support (monitor system performance, provide troubleshooting to ensure stability and positive user experience)

 

How we Collect Card Swipe Data

Automatically (data is generated and stored by card swipe system)

 

How we Share Card Swipe Data

  • The university does not sell or rent your printer information.

  • Information may be shared with service providers that support or provide instructional services. Service providers must meet our data security requirements and use the data only for providing services to the University.

  • Personal information may be shared when required by law, or to protect the safety, property or rights of the university, its community members and guests. These requests require approval of the Privacy Governance Team..

 

 

Related content