Data Collection Policy
Data Collection Policy
Policy Name: Data Collection Policy
Policy ID Number: 03-05-011
Version Effective Date: April 11, 2008
Last Reviewed on: January 1, 2019
Policy Applies To: University wide
Responsible Office: Information Technology
INTRODUCTION AND STATEMENT OF PURPOSE
POLICY
The policy of New Jersey City University is to respect the privacy of all web site visitors to the extent permitted by law. Although all University web sites are encouraged to do so, the following web sites must select, adhere to and notify visitors of their information collection policy by including a "Privacy Statement" on their website.
- Official University sites
- All sites that collect online information from visitors
- All sites that track user actions (for example through cookies)
Units and individuals responsible for web sites may select the standard or customized "Privacy Statements" included within this policy, or they may create one of their own. Any such statement must be written to assure web site users that the University will:
- Inform visitors about information collected, its intended use, and options for using the site without providing such information.
- Follow laws governing the collection of online information.
- Notify visitors of their options concerning accessing information collected.
- Establish appropriate security measures for any personally identifiable information collected.
Notification of visitors requires that each page of the web site display a link to a "Privacy Statement", display the statement itself, or cause the statement to be displayed the first time a user visits the site, and each time the statement changes thereafter. The privacy statement should include a reference and link to this University policy and contact information for visitors with questions about the specific site policy, data collection, or data security.
Official University web sites, sites that collect information from visitors online and those that track user actions (e.g. cookies) must post an online privacy statement. Earlier implementation and use by other University web pages not included in the three subcategories above is encouraged
Reason for Policy
As an ever-increasing number of users interact with the University and its units through web sites, technology provides increasing opportunities to gather information about these individuals. While much information-gathering is consensual and for specific purposes, web users are discovering that some web sites gather information without the users' knowledge or consent. This information may be used for purposes contrary to the users' interests, and over time this process may erode users' confidence in using the web.
New Jersey City University is committed to informing online users of the data collection and storage policies of its sites as it fulfills its primary mission of teaching, research and outreach. This policy establishes standards for informing users whether and when the University collects information electronically via the WWW.
The New Jersey Government Data Practices Act - Minn. Stat. 13.01 governs the classification and distribution of public and private information collected by public organizations. Existing University policy on Public and Internal Access to Information helps assure compliance with this law. This policy will further assist adherence by establishing guidelines for information that is collected online.
Customized versions of privacy statements may be necessary to meet the specialized needs of groups within the University such as students, health sciences or business units.
Exclusions
This policy does not address issues related to internal security measures of electronic communication or those related to conducting research activities on the WWW.
Definitions
- Authentication. A verification that substantiates that a person is who the person says he or she is. For purposes of this policy, people are considered authenticated members of the University community if they have an Internet ID, and are able to prove that they know the password associated with that Internet ID listing.
- Cookies. Cookies are data that a web site transfers to an individual's browser where they are stored and later returned to the site upon request. They allow sites to identify users within and across visits, to track usage patterns, and to more easily compile data on transactional information for individuals visiting web sites.
- Identification. Any means of identifying an individual, manual or automated. A process that enables recognition of an entity by an automated information system is usually accomplished through the use of unique machine-readable user names.
- Official University Web Site. Web sites representing themselves as presenting information from a department or unit of the University. Often these are pages directly linked to the main web page for the campus, listed in the directory of departments and units, or displaying New Jersey City University watermark. This includes sites used primarily by the University for administrative purposes.
- Online Information Collected From Visitors. Any data typed into a web page by a visitor and collected and stored by the web site. For example the web page may have prompts for this information such as "enter your name" or input boxes. This definition does not include routine e-mail links to send comments for site improvement to the webmaster.
- Personally Identifiable. Data or information that include (1) the name of the person or other family members; (2) the person's address; (3) a personal identifier such as a Social Security number, student ID number, e-mail address, telephone number, or other user number (4) a list of personal characteristics, or (5) other information that would make the person's identity easily traceable
- Profiling. The process of gathering information about a particular individual or class of individuals for purposes of outlining/highlighting data such as their potential product interests or ability/desire to participate in certain activities.
- Security Measures. Processes, software, and/or hardware used by system and network administrators to assure confidentiality, integrity, and availability of computers, networks, and data belonging to the University and users of University computer and network resources. Security measures include monitoring of network traffic to detect security attacks, the automated or manual review of files for potential or actual security or policy violations, and the investigation of security-related issues.
- Transactional Information. Information gathered as part of identifying, processing, and billing electronic communication including, but not limited to: electronic mail headers, summaries, and addresses; records of telephone calls; IP addresses; and URLs.
- University Community. University faculty, staff, and students, as well as any others (e.g., alumni) are considered a part of the University community if they have been assigned and internet ID number.
- University Web Sites. All sites on University networks, or using University resources, or residing within the University's "umn.edu" domain.
- Visitor. Any authorized user of a web site. This may include members of the University community as well as the general public.
- Web Sites Tracking Visitor Actions. Any web sites that use "cookies" or other technical means to store information about the visitors or visitor’s actions. This definition does not include either the routine information stored in server security logs (date and time of visit, internet address of the referring site, domain name and IP address) by almost all web sites nor counters of the number of visitors to the site.
Responsibilities
Department Head
Select or create an information collection policy and online privacy policy statement that fits the unit's web site. Determine which web pages are Official University pages.
Individual Web Site Operator
Modify the web site to display or link to the online privacy policy statement chosen and to this University policy. Bring to the attention of the Department Head any web sites that should display the privacy statement.
Web Site Visitor
Be informed of your rights and responsibilities related to any personally identifiable information you provide.
DATE TO INITIATE REVIEW AND UPDATE
As deemed necessary or appropriate by the Policy Coordinator but at a minimum, at least every 5 years from the date of last review.