DRAFT – UMBC Policy X-1.00.06 – DRAFT
I. POLICY STATEMENT
Privacy is essential to promoting the values of academic integrity, intellectual freedom, autonomy and freedom of association. The University of Maryland, Baltimore County (UMBC) values individuals’ privacy and actively seeks to preserve the privacy rights of those who share information with us. Your trust is important to us, and we believe you have the right to know how your information is handled.
UMBC must balance free expression with the institutional obligations of each member of the campus community to collect and use Personally Identifiable Information (“PII”) responsibly, ethically, transparently, and in a manner that both accords with the law and respects the rights of individuals. The University depends on a shared spirit of mutual respect and cooperation in order to create and maintain a culture of respect, equity, transparency, and responsibility.
Similarly, the University must balance the pursuit of its academic, research, and service missions and its legal, administrative, research, and academic responsibilities with its obligation to collect and use PII responsibly, ethically, transparently, and in a manner that both accords with the law and respects the rights of individuals.
We commit to managing data as a strategic institutional resource and asset. Our data management strategies are intended to protect, and not restrict, the core academic values and processes of UMBC and increase the value of campus information resources through widespread and appropriate use. We recognize our responsibilities of stewardship for personal information and will only access it to support the campus education, service, and research missions, or for other legally required purposes. We will ensure that the third parties we work with understand our policies and practices related to personally identifiable information. In order to balance the privacy and legal rights of individuals with the utility of the data in service of our mission, we commit to providing broad access to data consistent with the level of sensitivity of the data, roles and responsibilities of the users, appropriate and legitimate purposes for use, and level of training.
Privacy and public records obligations of the University are governed by applicable Maryland statutes and by any applicable U.S. federal and international laws.
II. PURPOSE FOR POLICY
The purpose of this policy is to establish a Privacy Governance Program for ensuring that PII in UMBC designated Systems of Record is accurate, relevant, timely, and complete and that it is not disclosed in an unauthorized manner.
III. APPLICABILITY
This policy applies to all PII in UMBC’s designated Systems of Record as described in the Privacy Governance Program which addresses requirements related to the treatment of such information.
All members of the UMBC Community who have access to Systems of Record containing PII must understand their responsibilities for safeguarding the privacy of that information.
IV. CONTACTS
Direct any general questions about this University Policy first to your department’s administrative office. If you have specific questions, call the following offices:
| Subject | Contact | Telephone | |
| Privacy Policy Clarification | Division of Information Technology (DoIT) | 410-455-3208 | itpolicy@umbc.edu |
VI. DEFINITIONS
| UMBC Community | Any student, alumnus, faculty member, staff member, research or graduate assistant, contractor or visitor who uses UMBC facilities and resources. |
| Personally Identifiable Information | Md. Code, State Gov’t § 10-13A-01(f)(1) |
VII. APPROVAL AND PROCEDURES
- The Data Management Committee and IT Steering Committee shall review and recommend approval of modifications to guidelines and procedures associated with this policy.
- DoIT will work with university leadership and shared governance with communicating applicable procedures, guidelines and best practices.
- Procedures: See policy above regarding procedures.
VII. DOCUMENTATION: N/A
VIII. RESTRICTIONS AND EXCLUSIONS
UMBC is a public institution thereby making some information collected by UMBC, including summary server log information, e-mails sent to Web sites, and information collected from Web-based forms, may be subject to the Maryland Access to Public Records Act (Maryland Public Information Act (PIA) Title 10, Subtitle 6, Part III of the State Government Article). This means that in some cases UMBC may be compelled by law to release information gathered from its Web servers.
IX. RELATED ADMINISTRATIVE POLICIES AND PROCEDURES
X-1.00.01 – UMBC Acceptable Use Policy
X.1.00.02 – UMBC Information Technology Security Policy
X.1.00.09 – UMBC Policy on the Classification and Protection of Confidential Information
USM Policy X-1.00 Policy on USM Institutional Information Technology Policies
(Including Functional Compatibility with The State Information Technology Plan)
Administrator Use Only
Policy Number: X-1.00.06
Policy Section: Section X: Information Technology
Responsible Administrator: Chief Information Officer – DoIT
Responsible Office: Division of Information Technology
Approved by President:
Originally Issued:
Revision Date(s):
– DRAFT –