not mobile

Information Technology Handbook

Section 6.0: ePrivacy

Section 6 Introduction

Version date May 13, 2014

This section promulgates ePrivacy requirements for all University System of Georgia (USG) institutions, the University System Office (USO) [including the Shared Services Center (SSC)], the Georgia Public Library System (GPLS), and the Georgia Archives.

The USG is committed to protecting the privacy of all its students, faculty, staff, and other employees, and personal information will not be disclosed to third parties unless required by law.

We reserve the right to update and amend our ePrivacy standards as needed. A current version of the ePrivacy standards will be posted on the IT Handbook web site at: http://www.usg.edu/information_technology_handbook.

Definitions

The following definitions of shall, will, must, may, may not, and should are used throughout this Handbook.

  1. Shall, Will, and Must indicate a legal, regulatory, standard, or policy requirement. Shall and Will are used for persons and organizations, and Must for inanimate objects.
  2. May indicates an option.
  3. May Not indicates a prohibition.
  4. Should indicates a recommendation that, in the absence of an alternative providing equal or better protection from risk, is an acceptable approach to achieve a requirement. The focus of should statements generally is more outcome-based; i.e., an alternate method to achieve the requirement may be developed assuming it is documented as effectively managing risk.

Implementation and Compliance

Section Number Section Name Compilation Date Published Date Compliance Date Revision Date(s)
6.1 USG Privacy Standard June 2013 August 2013 to InfoSec
May 2014 to IT Handbook
May 2014
6.2 USG Web Privacy Standard June 2013 August 2013 to InfoSec
May 2014 to IT Handbook
May 2014

6.1 USG Privacy Standard

Version date May 13, 2014

6.1.1 Purpose

This section defines general privacy requirements for all USG institutions, the USO, the GPLS, and the Georgia Archives.


6.1.2 Standard

All USG participant organizations shall enact and maintain a permanent privacy processes and procedures in adherence with this standard, which includes, but is not necessarily limited to, the following principles:

  1. Personally identifiable information may only be obtained through lawful means.
  2. The purposes for which personally identifiable data are collected shall be specified at or prior to the time of collection, and any subsequent use of the data shall be limited to and consistent with the fulfillment of those purposes previously specified.
  3. Personal data may not be disclosed, made available, or otherwise used for a purpose other than those specified, except with the consent of the subject of the data, or as required by law or regulation.
  4. Personal data collected shall be relevant to the purpose for which it is needed.
  5. The general means by which personal data is protected against loss, unauthorized access, use, modification, or disclosure shall be posted, unless the disclosure of those general means would compromise legitimate USG entity objectives or law enforcement purposes.

6.1.3 Applicability and Compliance

Each USG participant organization shall implement this privacy standard by:

  1. Designating which position within the organization is responsible for the implementation of and adherence to this privacy standard;
  2. Prominently posting the standard physically in its offices and on its intranet website, if any;
  3. Distributing the standard to each of its employees and contractors who have access to personal data;
  4. Complying with the USG Privacy Standard and all other State and Federal laws pertaining to information privacy; and,
  5. Using appropriate means to successfully implement and adhere to this privacy policy.

6.2 USG Web Privacy Standard

Version date May 13, 2014

By accessing any website of any USG institution, the USO, the GPLS or the Georgia Archives, users agree to abide by this Web privacy standard, as well as the USG IT Handbook.


6.2.1 Information Collection and Use

The USG may collect some information about how visitors access and use a website affiliated with the USG.edu domain and its contents. The information collected on any such website is limited to non-personally identifiable information and may include information such as the computer address used to access the website.

Note: The definition of Personally Identifiable information is given in Section 5.7 of this Handbook.

These data are used to improve website content and website management for users. Cookies may be used to facilitate the navigation of this site, but these cookies will not contain any personally-identifiable information. Other USG websites may have different privacy practices. If applicable, consult the privacy statement on each website.


Information Technology Services
© Board of Regents of the University System of Georgia