Privacy Principles

General Principles Guiding the Collection and Use of Personal Information

1. The collection and use of Personal Information should be open and transparent to the subject individual.

2. Personal Information should be accurate, complete, and relevant to the purposes for which it was collected.

3. Individuals should be allowed to inspect and correct their Personal Information as required by law.

4. The purpose for collecting Personal Information should be described at the time the specific Personal Information is collected. Only information necessary for the stated purpose should be collected. Any further use of the information should be limited to the purpose described at the time of collection. Personal Information should not be disclosed for secondary purposes without the consent of the subject, unless required by law, and should be securely destroyed or deleted when no longer needed for the defined purposes in accordance with each university's Information and Records Retention Policy.

5. Access to Personal Information that is not publicly available should be limited to those employees with a specific need to access the information to accomplish the functions of their respective jobs.

6. Personal Information that is not publicly available should be protected by reasonable security safeguards approved by the assigned Data Steward against reasonably anticipated risks, such as loss, unauthorized access, destruction, use, modification, or disclosure.

NOTE: These are general principles. Individual university's privacy practices may vary.