DRAFT
ONLINE PRIVACY STATEMENT
University web sites will comply
with all applicable laws and institutional policy regarding visitor privacy.
Applicability
This statement applies to all
web sites that are created or maintained either by or for academic,
administrative, or auxiliary units of the University (“University web sites”),
regardless of whether or not the sites are hosted on University servers or
external servers. This includes web
sites of professional associations and publications that are formally hosted,
maintained and operated by faculty or staff of the University. All University websites must post a readily
visible link to this policy on the initial page of the site.
All other web sites that may be hosted on University servers, such as
personal home pages and student organizational web sites,
are encouraged to adhere to the terms of this statement as well. The
University is not responsible, however, for the content of these sites or for
their practices regarding the privacy of their online visitors.
This statement does NOT apply to University web sites that support web-based research, as “research” is defined in Federal law and in University policy governing human subjects-based research. Sites engaged in web-based research must have prior review and approval by the University Institutional Review Board (IRB) or Human Subjects Committee (HSC).
Maintenance of the Online Privacy Statement
Because Internet technologies
continue to evolve rapidly, the University may make appropriate changes to this
statement in the future. Any such
changes will be consistent with the University’s commitment to respecting
visitor privacy, and will be clearly posted in a revised Online Privacy
Statement.
Technical Information
When you access a University web
site from the Internet, your computer automatically provides its Internet
Protocol (“IP”) address to the computer hosting that web site, as is the case
when you attach to any Internet-connected computer. This is so that the computer knows where to send
the requested information. Also, if you
use a modem to dial into the
We collect and store this
information in the University’s computer system for a limited period of time,
30-60 days. We use this information in
aggregate form in order to help diagnose problems with our computer systems,
plan the use of system capacity, and improve the quality of the information and
services available to you on our web sites.
Some University web sites may
also automatically collect and store certain information about your visit, such
as the date, time, and duration of the visit and the Internet address of the
site that referred you to them (via a web link). This information is used in the aggregate to
help manage the sites and improve service generally, and may also be used to
customize the services offered to you.
Except as provided in the Disclosure
of Information section below, the University does not attempt to use the
technical information discussed in this section to identify individual
visitors.
Cookies
A “cookie” is a small data file
that is written to your hard drive that contains information about your visit
to a web page. University web sites may
use cookies to store information about your actions or choices on pages
associated with those web sites, in order to customize the information and
services that the sites offer you.
University web sites must clearly inform visitors if they use
cookies. If you prefer not to receive
cookies, you may turn them off in your browser, or you may set your browser to
ask you before accepting a new cookie; see the Indiana University Knowledgebase
article at http://kb.indiana.edu/data/agwm.html for more information. Some University web pages may not function
properly if the cookies are turned off, or you may have to provide the same
information each time you visit those pages.
Information Visitors Provide Voluntarily
General
A lot of information is necessarily collected when an individual establishes a formal relationship with the University (as a student, employee, or faculty, for examples). This information is generally required to maintain and manage that relationship, including providing associated necessary services. If, in the course of visits to University web sites, individuals in these categories find that information being displayed about them or their status is incorrect, they should contact the appropriate office to have it corrected (i.e., Human Resources Management, Student Affairs, Academic Affairs, etc.).
Other than this necessary
information, some technical information, and cookies as described above, the
only other information that University web sites may obtain will be information
that you provide voluntarily. University
web sites may ask you to provide information in order to make products and
services available to you or to better understand and serve your needs.
All University web sites that
ask you to provide information must:
·
state why the information is being requested and
how it will be used;
·
use the information only for the stated purpose;
·
state whether the information will be shared
with any external party (other than for investigative or law enforcement
purposes described in the Disclosure of Information section below);
·
make a copy of your information available to you
on request;
·
delete or modify your information on request;
·
state that you may contact the site’s Webmaster
to obtain, modify, or delete information you have provided, and give you the
Webmaster’s contact information;
· state that providing the requested information is wholly voluntary, and indicate how not providing the requested information (or subsequently asking that the data be removed) will affect the delivery of products or services for which the information is needed;
·
provide the statements they are required to make
to you in a way that is easily seen and read before you submit any requested
information; and
·
provide a link to this
University Online Privacy Policy.
Special Requirements for
Requesting Social Security Numbers
Certain University web sites,
such as those related to student financial aid or employment, may ask you to
provide your Social Security Number (SSN) in order to process aid applications
or carry out other operations. Any
University web site that asks specifically for your SSN (as opposed to asking
for a Student or Employee ID or similar identifier) must state
· why it is asking for the SSN; and
· that Federal law requires the University to obtain the SSN (giving the citation to the applicable Federal law) and that the relevant form or application cannot be processed without the SSN, or
·
that providing the SSN
is voluntary and that you have the right to refuse to provide it without penalty.
Unsolicited Email
If you send unsolicited email to
a Webmaster, it will be directed to appropriate personnel for any response, and
may be used to help improve the services supported by the web site.
Disclosure of Information
Other than sharing your
information with appropriate University personnel to ensure the quality,
functionality, and security of our web sites, the University will not disclose
your information except under the following circumstances:
·
With your prior written (including email)
consent;
·
When a University web site has given you clear
notice that it will disclose information that you voluntarily provide;
·
With appropriate University personnel and
external parties, such as law enforcement agencies, in order to investigate and
respond to suspected violations of law or University policy. Any such disclosures shall comply with all
applicable laws and University policies.
Security
Due to the rapidly evolving
nature of information technologies, no transmission of data over the Internet
can be guaranteed to be completely secure.
While
Once the University receives
your information, we will use our best efforts to maintain the security of that
information on University systems. Units
that maintain University web sites are expected to maintain those sites, and
supporting systems and databases, at a security level consistent with
prevailing industry standards, commensurate with the sensitivity of the data
being stored.
In addition,
Links to non-University web
sites
University web sites may provide
links to other, non-University web sites.
The University is not responsible for the availability, content, or
privacy practices of those sites. They
are not bound by this Privacy Statement and may or may not have their own
privacy policies.
Contact Information
If you have questions or
concerns about a University web site’s compliance with this policy, please
contact the Webmaster of the site in question.
If this does not resolve the matter, or if you have general questions or
concerns about privacy or information technology policy at
If you have general questions or
concerns about information technology security at