Skip to main content

Policies

Go Search
Home
  
Policies > Wiki Pages > Electronic Privacy Policy  

Electronic Privacy Policy

Purpose:

The purpose of this policy is to establish the privacy policy for the University's electronic information.

 

 

Statement:

Information about Worcester State, its operations, its students, faculty, and staff obtained in the conduct of Worcester State business is the property of the University and is confidential. Such information must not be disclosed or used for purposes other than the conduct of Worcester State business, as required by law, or as permitted by written Worcester State practice.  Information resident on Worcester State digital or network resources is discoverable by Worcester State, as per applicable policies and/or guidelines.

 

Description:

  • Worcester State does not sell, rent, share, or otherwise disclose mailing lists or other personally identifiable information.
  • Occasionally, Worcester State may enable cookies on its websites for the purposes of demographic tracking and personalization.
  • Worcester State does keep track of the domains from which people visit. The University analyzes this data for trends and statistics.
  • University employees must never leave computer terminals unattended, please see the policy 'Network and System Passwords'. Use of password-activated, screen-saver programs on systems that process personal information is mandatory.
  • When providing copies of information for others, the University will ensure that nonessential information is removed and that personally identifiable information, which has no relevance to the transaction, is either removed or masked (the process of “redacting” or “severing” the record).
  • All records retention/disposal must be done in accordance with the classification level of the documents and Worcester State records retention/disposal policy. When disposing of computers, diskettes, magnetic tapes, hard drives, and any other electronic media that contain personally identifiable materials, all data must be completely erased using an approved Worcester State sanitation product, or the hardware must be destroyed.
  • WSC data should be stored only on WSC network storage devices. Network storage is available from on and off campus. Examples of high risk storage locations include but are not limited to: USB drives, CD/DVDs, laptop hard drives, home computer.
  • The use of SSNs as personal identifiers and for record-keeping purposes is strongly discouraged and avoided whenever possible.
  • If the University must use the SSN as a record-keeping number, the display of SSNs on any documents that are widely seen by others is strictly prohibited. Access to SSN and other personally identifiable information will be evaluated on an individual basis.
  • Storage of any necessary personally identifiable information on removable media is expressed prohibited.
  • Storage of any necessary personally identifiable information must be located in an secure and encrypted network location.
  • If the University contributes student or other client data to a cooperative database, the security of the database must be verified to be equivalent to or greater than that applied at Worcester State and the third party's privacy policy must be reviewed before information is released.

Additional Information:

While Worcester State is not responsible for the privacy policies of businesses and Web sites with which business relationships may or will exist, the security measures and privacy practices of such organizations should be examined before entering into a business arrangement. The protection of Worcester State’s reputation and public trust, as well as the privacy of its students, faculty, staff, and associates, is an important responsibility.

 

 

Approved By: Managers and CIO

 

Date of Origination: 7/28/2006

 

Updated: 04/02/2012

Last modified at 4/10/2012 9:30 AM  by Ramsdell, Nancy