Policy ACAF-IT-012

Responsible University Administrator:Vice President for Finance and Administration
Responsible Officer:Chief Information Officer
Origination Date:N/A
Current Revision Date:04/12/16
Next Review Date:04/12/20
End of Policy Date:N/A
Policy Number:ACAF-IT-012
Status:Effective

 

INFORMATION PRIVACY STATEMENT

PDF Version

 


Policy Statement


The University of Southern Mississippi values individuals' privacy and actively seeks to preserve the privacy rights of those who share information with us. Your trust is important to us, and we believe you have the right to know how information submitted to the University of Southern Mississippi is generally handled, whether you are a student, faculty, staff or prospect of the university.

Reason for Policy/Purpose


This policy is required for the effective communication of university policies and practices regarding information privacy and to assist individuals in protecting their privacy.  


Who Needs to Know This Policy


All members of The University of Southern Mississippi community. 


Website Address for this Policy


usm.edu/institutional-policies/policy-ACAF-IT-012

 


Definitions


 

official university components Colleges, departments, divisions, administrative units, researchers or other units and any other areas specifically designated as official by the Institutions of Higher Learning (IHL), the President of Southern Miss, or the Provost or a Vice President personally identifiable information (PII).
    

Policy/Procedures


PRIVACY NOTICE

 

The university has adopted the following privacy policies and practices for any and all parts of Southern Miss where personally identifiable information (PII) in any format is created, received, maintained and transmitted. Privacy and public records obligations of the university are governed by applicable Mississippi statutes and U.S. federal laws.  This Privacy Statement speaks generally to the information created, received, maintained and transmitted by and to official University of Southern Miss components. However, the amounts and types of information will vary from site to site within the University.

 

PERSONALLY IDENTIFIABLE INFORMATION (PII)

Personally Identifiable Information (PII) is considered sensitive information that can be used, either alone or in conjunction with other information, to identify a specific individual. For the purposes of this Southern Miss Information Privacy Statement, this information is divided into two categories: Moderately Sensitive and Highly Sensitive.

 

1.   Moderately Sensitive: information that is generally available publicly and/or information that may have been provided by the individual. This information is typically referred to as Directory Information (DI). The University will never knowingly provide DI to any requester for commercial purposes. Individuals may request the university not release DI; however, the consequences of that action should be considered before making that request, such as:

    Enrollment may not be verified to any outside source such as potential employers, colleges, universities or medical insurance companies.

    Information will not appear in any official university publications distributed to the public, such as a commencement program.

    Information will not be provided to the media when releasing academic recognition announcements (President's List or Dean's List).

This is the same and only information that is authorized to be released for faculty and staff without the express approval of the University Communications Office.

The following items are included in Moderately Sensitive information and are subject to public disclosure in accordance with the Family Educational Rights and Privacy Act of 1974:

Student's name

Postal address

Telephone number

Email address

Major

Dates of attendance

Classification

Degree(s) earned

Previous institutions attended

Participation in university-recognized organizations and activities

Weight and height of athletic team member

Honors and awards

Unique electronic identification number (including, without limitation, student identification number (emplid, for instance), address, or routing code)

 

2.  Highly Sensitive: information that is NOT generally available publicly. This information may have been provided by you when you filled out a registration or other form. This information is generally stored and transmitted in encrypted format to minimize the possibility of unintended disclosure. This information in combination with Moderately Sensitive information can be used to specifically identify an individual and is never disclosed by the university without permission from the individual and/or a rigid agreement that extends the protection of the information from potential disclosure or an order from a court of competent jurisdiction.

1.  Names and Numbers:

Social security number

Date of birth

Mother's maiden name

Official state-issued or U.S.-issued driver's license or identification number

Alien registration number

Government passport number

Employer or taxpayer identification number

Medicaid or food stamp account number

Bank account number

Credit or debit card number

Personal identification number or code assigned to the holder of a debit card by the issuer to permit authorized electronic use of such card

2.  Unique biometric data, such as fingerprint, voiceprint, retina or iris image or other unique physical representation 

3.  Medical records

4.  Telecommunication identifying information or bulk records (SOAR, SOARFIN, email)

5.  Other number or information that can be used to access a person's financial resources

 

THE INFORMATION WE COLLECT

When you  contact  official  Southern  Miss  components,  certain  client  information  may  be collected. No information is collected unless you deliberately provide it to us (for example, by leaving your name and telephone number, by completing a university form, or by clicking a web- link to send us an email). Examples of the information you might choose to give us are listed below:

Your name, address, telephone number and email address

Names, addresses, telephone numbers and email addresses of family members and/or friends

Your date of birth, ethnicity, gender and country of origin

Your height, weight, hair and eye color and blood type

Your academic history, including schools attended, grades received and test scores

Your financial profile, including income and assets

Your employment history, including previous employers and duties

Credit or debit card and bank account information for yourself and others

Your criminal history, including convictions, time served and probation status.

 

THE WAY WE USE INFORMATION

As a general rule, Southern Miss maintains various types of records for individuals based upon their association with the university. We also analyze aggregate information for resource management and planning purposes. Southern Miss reserves the right to use information details about individuals to investigate its resource management or security concerns.

Personally  identifiable  information  is  used  to  accurately  compile,  store  and  retrieve  an individual's records; to place and track individuals appropriately for academic purposes, and to award academic degrees and honors; to properly employ individuals and compensate them for their work; to correctly diagnose and medically treat individuals; to respond appropriately (or in a personalized format) to individuals' requests for services; and to improve the university's services and products.

Under Mississippi's Public Records Law, most records in our possession are subject to inspection by or disclosure to members of the public upon their request. Information must be retained according to applicable federal and state laws, and must be available for inspection, unless otherwise exempt from the Public Records Law.

We use the information you provide about yourself or about someone else when placing a request for service only to complete that order or request. To enhance the educational experience we do share this data with third parties, within the requirements of state and federal statute, with approval of the University President.

We generally use return addresses, telephone numbers and email addresses only to answer the communications we receive. Such addresses are generally not used for any other purpose and by university and state policy are not shared with outside parties, except in accordance with Public Record Laws.

 

PROVIDING INFORMATION IS YOUR CHOICE

Most of the services and products available to you require essential relevant information to be collected from you. While there is no legal requirement for you to provide some information to us, state and federal law require certain information, which may be requested.

 

OUR COMMITMENT TO DATA SECURITY

The University of Southern Miss is dedicated to preventing unauthorized information access, maintaining information accuracy, and ensuring the appropriate use of information. We strive to put in place appropriate physical, electronic and managerial safeguards to secure the information we collect in all formats: on paper, electronically and verbally. These security practices are consistent with the policies of the university and with the laws and regulatory practices of the state of Mississippi and multiple federal agencies.

 

THIRD PARTY PROVIDER ACCESS TO STUDENT DATA

Any personally identifiable information (or PII) from students’ education records that a third party provider receives under FERPA’s university official exception may only be used for the specific purpose for which it was disclosed (i.e., to perform the outsourced institutional service or function, and the university must have direct control over the use and maintenance of the PII by the third party provider receiving the PII). Further, under FERPA’s university official exception, the third party provider may not share (or sell) FERPA-protected information, or re-use it for any other purposes, except as directed by the university and as permitted by FERPA. Additionally, the following must be adhered to:

Educational Purpose: Third party providers collect, use, or share student PII only for educational and related purposes for which they were engaged or directed by the university,   in accordance with applicable state and federal laws.

Transparency: Third party providers disclose in contracts and/or privacy policies what types of student PII are collected directly from students, and for what purposes this  information is used or shared with third parties.

Authorization: Third party providers collect, use, or share student PII only in accordance with the provisions of their privacy policies and contracts with the university, or with the      consent of students or parents as authorized by law, or as otherwise directed by the university or required by law.

Security: Third party providers have in place security policies and procedures reasonably designed to protect personal student information against risks such as unauthorized access or use, or unintended or inappropriate destruction, modification, or disclosure.

Data Breach Notification: Third party providers have in place reasonable policies and procedures in the case of actual data breaches, including procedures to both notify the   university, and as appropriate, to coordinate with the university to support their notification of affected individuals, students and families when there is a substantial risk of harm from the breach or a legal duty to provide notification.”

 

HOW TO CONTACT US

Should you have other questions or concerns about these privacy policies and practices, please call us at Office of CIO (601) 266-4190.  You may contact the University Technology Security Officer (601) 266-5587 or email InfoSec@usm.edu.

If  you  wish  to  review  or  change  information  about  you  that  you  provided  to  an  official University of Southern Miss component but you do not know how, the University Technology Security Privacy Officer will assist in locating the persons responsible for that area so that you may make your request directly to them.


Review


The Chief Information Officer is responsible for the review of this policy every four years (or whenever circumstances require immediate review).

 


Forms/Instructions


N/A 

 


Appendices


N/A 

 


Related Information


N/A 

 


History


Amendments: Month, Day, Year – summary of changes

 

  1. 10/23/09 : Posted to website.
  2. 11/01/11: Formatted for Institutional Policies website.
  3. 02/19/13: Formatted for template. Minor editing of punctuation and usage throughout
  4. 01/13/16: Revisions approved by Executive Cabinet
  5. 03/09/16: Minor edit to conform to regulatory requirements

 

Amendments:  January 13, 2016 - Third Party Provider Access to Student Data