Policy: 

Clarkson College values individual privacy and understands the importance of privacy when collecting, using, storing, or transmitting personal information provided by individuals. Clarkson College protects the privacy of individuals and the confidentiality of official information stored on its information systems while balancing the need for the college to manage and maintain healthy and secure systems. 

Procedure: 

1. Information Privacy

1. General Privacy 

1. Clarkson College shall limit the collection, use, disclosure, or storage of Personally Identifiable Information (PII) to that which reasonably serves the academic, research, or administrative functions or other legally required purposes of Clarkson College. Such collection, use, disclosure, and storage shall comply with applicable federal and state laws and regulations and Clarkson College policies. 

1. Information That May Be Disclosed to Third Parties 

1. Legal Requirements: Clarkson College may release records in response to a lawful subpoena, warrant, or court order or where such records could be required or authorized by law to be produced or lawfully requested for any other reason, including disclosure to a government agency.  

1. Authorized Persons: Records may be disclosed to authorized Clarkson College employees and authorized individuals performing work for Clarkson College who require the information to perform their duties. 

1. Protection of Clarkson College’s Interests: Clarkson College may disclose information contained in records to protect its legal interest when those records may be related to the actions of an individual that Clarkson College reasonably believes may violate or have violated his/her conditions of employment or threaten injury to people or property. 

1. Emergencies: Information may be disclosed if, in the judgment of the designated custodian of such records, disclosure is necessary to protect the health, safety or property of any person. 

1. Expectations of Privacy 

1. Clarkson College recognizes the reasonable privacy expectations of its employees, affiliates, and students regarding their personal information, including papers, confidential records, and communications by email, telephone, and other electronic means, subject only to applicable state and federal laws and Clarkson College policies. Clarkson College will not monitor such information without cause except as required by law or permitted by Clarkson College policy. 

1. II. Specific Categories of Information

Below are data use constraints related to certain types of data collected, processed, stored, or published by Clarkson College. 

1. Academic and Administrative Information 

1. It is Clarkson College's policy to collect only the PII that is required to provide academic and administrative services to employees, affiliates, and students. When students enroll in classes or employees are hired by Clarkson College, personal information provided by the individual, such as name, address, Social Security Number (SSN), and related information, is collected and stored on Clarkson College computer resources. Throughout the course of the individual’s association with Clarkson College, additional personal information is collected and stored. 

1. Information Systems 

1. In the course of ensuring healthy and secure information systems, Clarkson College has deployed automated technology services to monitor network traffic for performance, detect unauthorized transmission of Restricted Data, identify intrusion attempts, and detect spam, malware, and other malicious attacks that could damage Clarkson College information systems. Information from these devices is used solely to maintain a healthy and secure environment for Clarkson College information systems. Clarkson College does not perform routine monitoring that personally identifies one’s use of Clarkson College information systems. 

1. Information Collected for Service Provisioning  

1. On occasion, Clarkson College may collect information from and about users to synchronize systems or update the experience between the user and Clarkson College. Per this policy, Clarkson College will not sell, trade, or share the information collected. Information collected will be used solely for the purpose for which it was intended.  

1. Information Collected from the Website 

1. Clarkson College website, including affiliated websites owned by Clarkson College, are governed by the Clarkson College IT-3 Privacy Policy.  

III. Data Protection and Data Loss Prevention 

1. Clarkson College Systems 

1. In order to protect "Sensitive" or "Restricted" data entrusted to its care (See Policy IT-10 Risk Classification Guide), Clarkson College reserves the right to monitor its networks to detect and respond to externally or internally generated attacks upon its systems, subject to the constraints of this policy. 

1. Vendor Contracts 

1. In the event that a department or individual seeks to enter into a contract that involves PII, or other “Sensitive” or “Restricted” data, that particular department or individual is responsible for ensuring that the contract outlines adequate and appropriate safeguards and the contractual provisions required by the IT-9 Information Security Program policy relating to the collection, access, use, dissemination, and/or storage of this PII before entering the contract. Moreover, before a department or individual enters into a contract that involves the use of PII, that department or individual must (1) notify and consult every other unit or department across the college involved, either directly or indirectly, about the necessity for PII in the performance of the contract, (2) seek Executive Leadership Council (ELC) approval as defined in IT-10 Data Classification and Protection, and (3) seek approval from the Director of College Technology Services. The applicable safeguards shall be documented in writing in an appropriate manner to ensure compliance.