Missouri State University

Privacy

Op12.02-8 Privacy

As an educational institution, Missouri State University encourages our students, faculty, staff and guests to advance learning and understanding through communication and collaborative teamwork. Missouri State acknowledges that these functions may require a certain level of privacy and protection, and it strives to provide a reasonably safe computing environment. Please remember that access to university computer systems and facilities is a privilege, not a right, and that abuse of that privilege can result in its loss.

Additionally, this policy is subject to all other information technology policies. Please review all the information technology policies.

Protecting Data and Records

While authorized users cannot assume an expectation of privacy regarding data, information or electronic communications contained on University computers and systems, the University does take reasonable precautions to protect its accounts, personally identifiable records and personal communications from unauthorized access or disclosure:

  • University web sites that display personal information, such as the My Information web site, will only display an individual's records after the proper password or Personal Identification Number (PIN) has been entered. These sites will also ensure data communication security by using server authentication, encryption, and data/message integrity.
  • University email, accounts and voice mailboxes may only be accessed after the appropriate user ID and password have been entered.
  • System administrators and data custodians follow procedures to protect the confidentiality of personal or confidential information encountered in the performance of their duties or otherwise.
  • The University does not rent or sell personally identifiable University data to anyone. Per a contractual agreement, the University does provide data on students 18 years and older to the University's affinity credit card company for promotional mailings, usually a couple times per year. The University also provides data on graduates for use by the Missouri State Alumni Association and Missouri State Foundation so that graduates can receive regular information about their alma mater.

If the Chief Information Officer believes a system has been compromised, the University will notify the authorized users.

However, the University does not attempt to protect data that have been made public by a user or generic data that are not personalized to a specific user. Examples of generic data include log files, network jack data and IP address assignments. Additionally, the University cannot guarantee the security of commercial wireless services.

Authorized users also play a key role in protecting data and records. They should not share their personal identification number (PIN) or password with others. Also, they should close the web browser every time they finish using a web application that required a PIN for access and log off their accounts when they finish using a computer.

Disclosure and Publishing Guidelines

Certain types of information have specific disclosure and publishing guidelines, which are outlined below. The University's policy is to not publish or disclose data unless it meets these disclosure requirements or the University is following the University access to electronic information conditions outlined in the next section.

University Records

The University will disclose all University records, including electronic records, with these exceptions:

Directory Information

The University publishes a printed directory each fall semester. A current directory is also continuously available on the Missouri State website through the People & Email Addresses Search Feature.

The University publishes faculty and staff directory information. The University will also release and publish student directory information without prior consent. Directory information includes these items:

  • Name
  • Local telephone number
  • Local address, including campus email address
  • Major field of study
  • Academic classification and enrollment status--part-time or full-time
  • Participation in officially recognized activities and sports, including photograph of athletes
  • Dates of attendance (including matriculation and withdrawal dates)
  • Degrees, certificates and awards received, including scholastic honors, departmental honors, memberships in national honor societies, and athletic letters
  • Inclusion of an individual in a group photo (additional guidelines may apply when publishing a photograph in an official University web site--see the Image, Voice, or Likeness section of this policy)

Students have a right, however, to refuse the designation of this information as directory information.

Image, Voice, or Likeness

The University attempts to obtain releases before publishing images, voices, or likenesses of identifiable human subjects.

As such, each web site's supervisor should ensure that the identifiable subject(s) featured has/have provided written consent before publishing that person's image, voice, or likeness on an official University web site. This consent is necessary for any image, voice, or likeness, regardless of whether it was obtained through a free information request, personal camera, or other means.

The supervisor of the web site publishing the likeness must provide notice, obtain consent, and keep a record of the consent--unless Photographic Services or the Office of Web and New Media has already obtained consent for that likeness. For more information, see the Web Development Resource Center.

If you discover your image, voice, or likeness in one of the University's online publications and would like it removed, please notify the Office of Web and New Media.

University Access to Electronic Information

The University does not routinely seek out, examine, disclose, use or modify the contents of individually assigned accounts, personal communications, records or University computers. The University does reserve the right to view, scan or otherwise access any file, hardware, software or communication on University computers/systems or transmitted over University networks in the following conditions:

  • When data custodians, university auditors, legal counsel or information technology employees access data as part of their employment, and then only to the extent as necessary to perform work activities.
  • When the Board of Governors, President, Director of Internal Audit or applicable Vice President/Chancellor (or designee if the Vice President/Chancellor is unavailable) has authorized a review because the University has reasonable cause to believe that an individual may be violating the law or University policy. Any request for a review must follow the appropriate procedures. University employees will not disclose information accessed during a review other than to University administrators and/or proper authorities investigating the matter.
  • As permitted by applicable policy or law. For example, the University may be required to disclose public records, including electronic versions such as email, when requested under the Sunshine Law (chapter 610 of the Missouri Revised Statutes). The University may also be required to disclose closed records or personally identifiable educational records to comply with a court order or subpoena.

Electronic information may be quickly deleted or modified. As such, the University will notify an individual about a review/disclosure after the University accesses the individually assigned electronic information.

Additionally, if the University has reason to believe a system security breach has occurred or could occur, the University retains the right to access any University system and, upon evaluation of the situation, shut down any system and/or require its modification to resolve any perceived shortcomings.

Effective date

Approved by Board of Governors: July 30, 2004