As an educational institution, Missouri State University encourages our students, faculty, staff and guests to advance learning and understanding through communication and collaborative teamwork. Missouri State acknowledges that these functions may require a certain level of privacy and protection, and it strives to provide a reasonably safe information systems environment. Please remember that access to university computer systems and facilities is a privilege, not a right, and abuse of that privilege can result in its loss.
Additionally, this policy is subject to all other information services policies. Please review all the information technology policies.
While authorized users cannot assume an expectation of privacy regarding data, information or electronic communications contained on University computers and systems, the University does take reasonable precautions to protect its accounts, personally identifiable records and personal communications from unauthorized access or disclosure:
- University web sites that display personal information, such as the My.MissouriState.edu website, will only display an individual's records after the proper password has been entered. These sites will also ensure data communication security by using server authentication, encryption, and data/message integrity.
- University email, accounts and voice mailboxes may only be accessed after the appropriate user ID and password have been entered.
- System administrators and data custodians follow procedures to protect the confidentiality of personal or confidential information encountered in the performance of their duties.
- The University does not rent or sell personally identifiable University data to anyone. Per a contractual agreement, the University does provide data on students 18 years and older to the University's affinity credit card company for promotional mailings, usually a couple times per year. The University also provides data on graduates for use by the Missouri State Alumni Association and Missouri State Foundation so that graduates can receive regular information about their alma mater.
If the Chief Information Officer believes a system has been compromised, the University will notify the authorized users.
However, the University does not attempt to protect data that have been made public by a user or generic data that are not personalized to a specific user. Examples of generic data include log files, network jack data and IP address assignments. Additionally, the University cannot guarantee the security of commercial wireless services.
Authorized users also play a key role in protecting data and records. They should not share their passwords with others. Also, they should close the web browser every time they finish using a web application that required a password for access and logoff their accounts when they finish using a computer.
Certain types of information have specific disclosure and publishing guidelines, which are outlined below. The University's policy is to not publish or disclose data unless it meets these disclosure requirements or the University is following the access to electronic information conditions outlined in the next section.
The University will disclose all University records, including electronic records, with these exceptions:
- Closed records
In accordance with the Sunshine Law (chapter 610 of the Missouri Revised Statutes), the University defines certain records as closed to the public. See the Open Records Policy for definitions and other detailed information.
- Personally identifiable educational records
The University complies with the Family Educational Rights and Privacy Act (FERPA) of 1974. For more information about the privacy of these records, including details on how to inspect and review your educational records, see the Personally Identifiable Student Record Policy.
The categories of information that have been designated as directory can be found in the University's FERPA/Confidentiality of Student Education Records policy.
The University attempts to obtain releases before publishing images, voices, or likenesses of identifiable human subjects.
As such, each web site's supervisor should ensure that the identifiable subject(s) featured has/have provided written consent before publishing that person's image, voice, or likeness on an official University web site. This consent is necessary for any image, voice, or likeness, regardless of whether it was obtained through a free information request, personal camera, or other means.
The supervisor of the web site publishing the likeness must provide notice, obtain consent, and keep a record of the consent--unless Photographic Services or the Office of Web and New Media has already obtained consent for that likeness. For more information, see the Web Development Resource Center.
If you discover your image, voice, or likeness in one of the University's online publications and would like it removed, please notify the Office of Web and New Media.
University access to electronic information
The University does not routinely seek out, examine, disclose, use or modify the contents of individually assigned accounts, personal communications, records or University computers. The University does reserve the right to view, scan or otherwise access any file, hardware, software or communication on University computers/systems or transmitted over University networks in the following conditions:
- When data custodians, university auditors, legal counsel or information technology employees access data as part of their employment, and then only to the extent as necessary to perform work activities.
- When the Board of Governors, President, Director of Internal Audit and Compliance or applicable Vice President/Chancellor (or designee if the Vice President/Chancellor is unavailable) has authorized a review because the University has reasonable cause to believe that an individual may be violating the law or University policy. Any request for a review must follow the appropriate procedures. University employees will not disclose information accessed during a review other than to University administrators and/or proper authorities investigating the matter.
- As permitted by applicable policy or law. For example, the University may be required to disclose public records, including electronic versions such as email, when requested under the Sunshine Law (chapter 610 of the Missouri Revised Statutes). The University may also be required to disclose closed records or personally identifiable educational records to comply with a court order or subpoena.
Electronic information may be quickly deleted or modified. As such, the University will notify an individual about a review/disclosure after the University accesses the individually assigned electronic information.
Additionally, if the University has reason to believe a system security breach has occurred or could occur, the University retains the right to access any University system and, upon evaluation of the situation, shut down any system and/or require its modification to mitigate any perceived risk.