Privacy (Policy IT-3)

Clarkson College values individual privacy and understands the importance of privacy when collecting, using, storing or transmitting personal information provided by individuals. The College protects the privacy of individuals and the confidentiality of official information stored on its information systems while balancing the need for the college to manage and maintain healthy and secure systems.

  1. Information Privacy
    1. General Privacy
      1. The College shall limit the collection, use, disclosure or storage of Personally Identifiable Information (PII) to that which reasonably serves the academic, research, or administrative functions, or other legally required purposes of the College. Such collection, use, disclosure and storage shall comply with applicable Federal and state laws and regulations, and College policies.
    2. Information That May Be Disclosed to Third Parties
      1. Legal Requirements: The College may release records in response to a lawful subpoena, warrant, or court order or where such records could be required or authorized by law to be produced or lawfully requested for any other reason, including disclosure to a government agency.
      2. Authorized Persons: Records may be disclosed to authorized College employees, and authorized individuals performing work for the College who require the information for the performance of their duties.
      3. Protection of College Interests: The College may disclose information contained in records to protect its legal interest when those records may be related to the actions of an individual that the College reasonably believes may violate or have violated his/her conditions of employment or threaten injury to people or property.
      4. Emergencies: Information may be disclosed if, in the judgment of the designated custodian of such records, disclosure is necessary to protect the health, safety or property of any person.
    3. Expectation of Privacy
      1. The College recognizes the reasonable privacy expectations of its faculty, employees, affiliates, and students in relation to their personal information, including papers, confidential records, and communications by email, telephone, and other electronic means, subject only to applicable state and federal laws and College policies. Clarkson College will not monitor such information without cause except as required by law or permitted by College policy.
  2. Specific Categories of Information
    The below are data use constraints related to certain types of data collected, processed, stored, or published by the College.
    1. Academic and Administrative Information
      1. It is the policy of the College to collect only the PII that is required to provide academic and administrative services to employees, affiliates and students. When students enroll in classes or employees are hired by Clarkson College, personal information provided by the individual such as name, address, Social Security Number (SSN), and related information is collected and stored on Clarkson College computer resources. Throughout the course of the individual’s association with the College, additional personal information is collected and stored.
    2. Information Systems
      1. In the course of ensuring healthy and secure information systems, the College has deployed automated technology services to monitor network traffic for performance; detect unauthorized transmission of Restricted Data; identify intrusion attempts; and detect spam, malware, and other malicious attacks which could damage College information systems. Information from these devices is used solely for maintaining a healthy and secure environment for College information systems. The College does not perform routine monitoring that personally identifies one’s use of College information systems.
    3. Information Collected for Service Provisioning
      1. On occasion, the College may collect information from and about users to synchronize systems or update the experience between the user and the College. Pre this policy, the College will not sell, trade or share the information collected. Information collected will be used solely for the purpose for which it was intended.
    4. Information Collected From the Website
      1. The Clarkson College website, including affiliated websites owned by the College are governed by the Clarkson College Online Privacy Policy.
  3. Data Protection and Data Loss Prevention
    1. Clarkson College Systems
      1. In order to protect "Sensitive" or "Restricted" data entrusted to its care (See Policy IT-D10 Data Classification and Protection), the College reserves the right to monitor its networks to detect and respond to externally or internally generated attacks upon its systems, subject to the constraints of this Policy.
    2. Vendor Contracts
      1. In the event that a department or individual seeks to enter into a contract that involves PII, or other "Sensitive" or "Restricted" data, that particular department or individual is responsible for ensuring that the contract outlines adequate and appropriate safeguards and the contractual provisions required by the IT-9 Information Security Program relating to the collection, access, use, dissemination, and/or storage of this PII before entering the contract. Moreover, before a department or individual enters into a contract that involves the use of PII, that department or individual must (1) notify and consult every other unit or department across the college involved, either directly or indirectly, about the necessity for PII in the performance of the contract, (2) seek Executive Leadership Team (ELT) approval as defined in IT-10 Data Classification and Protection, and (3) seek approval from the Director, College Technology Services. The applicable safeguards shall be documented in writing in an appropriate manner to ensure compliance.