University of Minnesota
University Relations
http://www.umn.edu/urelate
612-624-6868
University of Minnesota
POLICY LIBRARY
POLICY
University of Minnesota
University of Minnesota
University M logo on red background
ADMINISTRATIVE POLICY

Including a Privacy Statement on U Web Pages

Effective Date: September 2001
Last Update: January 2014
Responsible University Officer:
  • Vice President for Information Technology
Policy Owner:
  • Vice President for Information Technology
Policy Contact:

Printed on: . Please go to http://policy.umn.edu for the most current version of the Policy or related document.

POLICY STATEMENT

The University respects the privacy of web site visitors to the extent permitted by law. University web sites must include a privacy statement notifying visitors of the information that the site collects. University web sites include:

  • Official University sites
  • Sites that collect online information from visitors
  • Sites that track user actions

The privacy statement must be written to assure web site users that the University will:

  • Inform visitors about information collected, its intended use, and options for using the site without providing such information.
  • Follow laws governing the collection of online information.
  • Notify visitors of their options concerning accessing information collected.
  • Establish appropriate security measures for any personally identifiable information collected.

Units and individuals responsible for web sites must select the standard privacy statement included within this policy, if applicable, or develop a customized privacy statement.

Each page of the web site must display a link to a privacy statement, or display the statement itself.

Special Situations

The Institutional Review Board (IRB) is responsible for reviewing sites conducting web-based research.. The IRB develops its own guidelines for the use of web sites in research and applies those guidelines to research projects requiring IRB review.

REASON FOR POLICY

This policy requires University web sites to inform visitors about how their web site collects, uses and protects information voluntarily provided by the visitor and information collected by the web site. This policy complies with the Minnesota Government Data Practices Act - Minn. Stat. 13.01 et seq., which governs the notification of public and private information collected by public organizations.

PROCEDURES

FORMS/INSTRUCTIONS

There are no forms associated with this policy.

APPENDICES

FREQUENTLY ASKED QUESTIONS

  1. For commercial reasons, our unit operates a web site with a .com address. Is this site subject to this policy?

    Yes. Any site operated on the University network or by a University unit or using University resources must adhere to the policy, whether or not it is accessed through a umn.edu address. These sites typically require a custom privacy statement.

  2. Does this policy apply to web sites that are limited to only internal University use?

    It applies to any web site that meets the three criteria described in the policy statement.

ADDITIONAL CONTACTS

Subject
Contact
Phone
Fax/Email
Primary Contact(s)
612-625-1505
Research on the Web
Research Subjects Protection Program
(612) 626-5654
 
Web Site Security
Office of Information Technology
(612) 625-1505
 
Public or Private Data
Coordinator, Records and Information
Office of General Counsel
(612) 625-3497
(612) 624-4100
 

DEFINITIONS

Authentication
A verification that substantiates that a person is who the person says he or she is. For purposes of this policy, people are considered authenticated members of the University community if they have an Internet ID, and that they are able to prove that they know the password associated with that Internet ID listing.
Cookies
Data that a web site transfers to an individual's browser where they are stored and later returned to the site upon request. They allow sites to identify users within and across visits, to track usage patterns, and to more easily compile data on transactional information for individuals visiting web sites.
Identification
Any means of identifying an individual, manual or automated. A process that enables recognition of an entity by an automated information system is usually accomplished through the use of unique machine-readable user names.
Official University Web Site
Web sites representing themselves as presenting information from a department or unit of the University.
Online Information Collected From Visitors
Any data typed into a web page by a visitor and collected and stored by the web site. For example the web page may have prompts for this information such as "enter your name" or input boxes. This definition does not include routine e-mail links to send comments for site improvement to the webmaster.
Personally Identifiable
Data or information that include (1) the name of the person or other family members; (2) the person's address; (3) a personal identifier such as a Social Security number, student ID number, e-mail address, telephone number, or other user number (4) a list of personal characteristics, or (5) other information that would make the person's identity easily traceable.
Security Measures
Processes, software, and/or hardware used by system and network administrators to assure confidentiality, integrity, and availability of computers, networks, and data belonging to the University and users of University computer and network resources. Security measures include monitoring of network traffic to detect security attacks, the automated or manual review of files for potential or actual security or policy violations, and the investigation of security-related issues.
Transactional Information
Information gathered as part of identifying, processing, and billing electronic communication including, but not limited to: electronic mail headers, summaries, and addresses; records of telephone calls; IP addresses; and URLs.
University Community
University faculty, staff, and students, as well as any others (e.g., alumni) are considered a part of the University community. The General Counsel may designate other members of the University Community.
University Web Sites
All sites on University networks, or using University resources, or residing within the University's "umn.edu" domain.
Visitor
Any authorized user of a web site. This may include members of the University community as well as the general public.
Web Sites Tracking Visitor Actions
Any web sites that use "cookies" or other technical means to store information about the visitors or visitor's actions. This definition includes either the routine information stored in server security logs (date and time of visit, internet address of the referring site, domain name and IP address) by almost all web sites.

RESPONSIBILITIES

Chief Information Security Officer
Maintain the versions of the online privacy statements within this policy.
Department Head
Select or develop an information collection and online privacy statement that fits the unit's web site. Determine which web pages are Official University pages.
General Counsel
Provide advice to Units on legal requirements for maintaining, securing, and releasing information collected from web visitors.
Individual Web Site Operator/Administrator
Post or link to an online privacy statement. Bring to the attention of the Department Head any web sites that should display the privacy statement.
Web Site Visitor
Be informed of your rights and responsibilities related to any personally identifiable information you provide.

RELATED INFORMATION

Related Policies

Other Related Information

HISTORY

Amended:
January 2014 - Enhanced the Online Privacy Statement, and provided instructions for developing a customized privacy statement. Improved the FAQ and made changes to the links.
Amended:
December 2003 - Updated Statement and Reason for Policy, Definitions, FAQ, and online privacy statement because of new provisions in Minn. Stat. 13.15. Title changed from Collecting Information From Visitors To U Web Sites (Online Privacy) to Including a Privacy Statement on U Web Pages.
Amended:
August 2001 - Deleted the word "Proposed" from Policy Title. Clarified Policy Statement.
Amended:
February 2001 - Updated Policy Statement, Contacts, Who Should Know, Definitions, Procedure, FAQ and appendices in response to feedback from the University Community.
Effective:
September 2001

Document Feedback

Did this document successfully answer your questions?

Additional comments: (2000 character limit)

Email Address: (so we can respond to your questions)

© 2014 Regents of the University of Minnesota. All rights reserved.
The University of Minnesota is an equal opportunity educator and employer.
Last modified on January 17, 2014