Personally Identifiable Information Policy

Web Content Display Web Content Display

Purpose

The purpose of this policy is to set forth the University’s policy on the collection, storage, transfer and use of personally identifiable information (PII).


Definition

For purposes of this policy, and except as set forth below, "personally identifiable information" includes information about an individual collected by the University that could reasonably be used to identify such individual, regardless of the source of such information or the medium in which it is recorded. Personally identifiable information includes but is not limited to first and last name, residence or other physical address, electronic mail address, telephone number, birth date, credit card information, checking account information, and social security number.

For purposes of this policy, "personally identifiable information" does not include information collected in furtherance of any regulatory, investigative, or criminal justice purpose, information collected in furtherance of litigation in which the University is a party, or information that is required to be collected pursuant to any state or federal statute.


University Policy

The University supports the protection of individual privacy. It recognizes the numerous and complex laws that govern the collection, storage, transfer, use and access to personally identifiable information. It also recognizes that individual privacy rights vary substantially based on the applicable factual and legal circumstances.

Employees of the University are to comply with all applicable laws that govern the collection, storage, transfer, use and access to personally identifiable information. Employees of the University should strive to minimize the collection of personally identifiable information, regardless of its source or medium to the least amount of information required to complete a particular transaction or to fulfill a particular purpose.

Consistent with applicable law and University policy, custodians of personally identifiable information will take reasonable and appropriate steps to (a) limit access to and further use or transfer of such information, and (b) ensure that the information is maintained in a form and manner that is appropriately secure in light of the nature and sensitivity of the information.