Fayetteville Policies and Procedures 225.1
University Website Privacy
Overview
This policy defines the official websites of the University of Arkansas, addresses collection and use of information in connection with such websites, and describes under what circumstances the university may disclose such information, consistent with Ark. Code § 25-1-114.
Official University Websites
Except as noted, the information in this privacy policy applies to all official University of Arkansas websites, which are defined as those administered through the university content management system, such as university colleges and schools, main departments, divisions, or other units typically reporting to or deemed official by the chancellor, provost, vice chancellors, deans, directors and/or department heads/chairs. These sites comply with the university template, graphics and Web standards as managed by the Office of University Relations. Certain official websites may have their own or supplementary privacy policies appropriate to their function or as required by law.
Other Websites
Within the university domain (uark.edu) are various websites that are not maintained by the university. These unofficial sites include, but are not limited to, RSO sites, personal websites of faculty, staff or students, and other campus entities. This privacy policy only applies to official university websites.
Access Information Collected
The university, while reserving its right to monitor communications via university websites for legal, policy or business reasons, including security and functionality, will not monitor the content of communications as a matter of normal business practice. However, the fact that communication occurred (such as when a user visits a university website or utilizes university websites to search for information or submit a form), may be routinely logged as a normal business practice.
Common information logged includes, but is not limited to, the following:
- the IP address of the user’s computer
- the date and time a user’s computer accessed the university’s site
- the IP address and URL of a referring website
- the page the user requested from the university’s site
- the information that a user’s Web browser software sends, which typically identifies the browser software and may also indicate the operating system and type of CPU used in the user’s computer
- in the case of email, the sender and recipient's email addresses
Google Analytics
Some university websites use Google Analytics, a Web analytics service provided by Google, Inc., to collect information such as URLs, Internet domain and host names, browser software, date and time site visited, etc.
Voluntary Information
Services are provided through university websites via forms (e.g., admissions, financial aid requests, job applications), surveys, etc., whereby individuals are required to enter personal information in order to process the request, such as name, physical and email addresses, phone numbers, and financial data. If information requested is not entered, the services and/or requests cannot be accomplished online.
How Personal Data Is Used
As a general rule, the university does not track individual visitor profiles. This data is used to analyze aggregate traffic/access information for resource management, site planning, advertising and marketing.
When personally identifiable information is entered through university websites, typically the information requested and collected is only used to provide the information or services sought by the requester, just as a person might provide such information when visiting a university office in person or submitting the information via paper, for example, an application for admission.
However, the university may also use any information gathered through university websites or exchange such information with other entities in order to carry out normal university business operations, including marketing and subcontractor services. Legal requirements concerning use and disclosure of sensitive information will be applied to information maintained with these resources to the same extent that the requirements are applied to other records kept or maintained by the university. The university does not sell information collected through university websites to other entities.
Cookies
Websites can use cookies to provide the user with tailored information from a website. A cookie is an element of data that a website can send to a browser, which may then store it on the user’s system. Some applications may require the user to accept cookies in order for the application to work properly. Two types of cookies exist, session cookies and persistent cookies. Session cookies contain data through which the Web application the visitor is using can maintain the continuity and state of a session. Session cookies expire upon user logout, closing of the browser or timed-out sessions. Persistent cookies contain information that may be useful across multiple sessions, such as identifying the user or other persistent attributes, and are typically not deleted. Data from cookies may also be used to identify user trends and patterns, provide services and record session information. Web browsers can be configured to refuse cookies, accept cookies, disable cookies and remove cookies as needed or desired.
E-Commerce
The university has several sites that enable encrypted, online payments. The confidential information entered for these payment transactions is only to be used for purposes defined within/for the transaction. Some transactions are isolated from campus systems and managed by a third party.
Children’s Online Activities
Some university websites may present university-sponsored information or activities that are specifically designed for children. However, any such websites are intended to be used only by adults to voluntarily share information online, so that a child who is under the age of 13 can participate in these activities (e.g., camps and enrichment programs) or so that the child can receive information from the university. When a parent or legal guardian voluntarily signs up his or her child for one of these programs, the parent may be asked to provide:
- the child’s name
- mailing address
- phone number
- date of birth
- school and grade level
- email address
- parent or legal guardian’s name and email address
The university, through its websites, does not make participation conditional in any university online activities on the disclosure of more information than is reasonably necessary to participate. This information will not be disclosed to a third party unless disclosure is integral to the site or service and will not be used for other purposes. Parents or guardians have the right:
- to review such personal information that has been recorded by a university website about their child
- to refuse to allow further collection of the information
- to require the deletion of any information that has been recorded
Third Party Applications and Links
University of Arkansas websites contains links to third party applications and websites that may or may not be hosted on university servers. The university cannot warrant or be responsible for the privacy policies of such sites. Users are encouraged to become familiar with the privacy policies of third party or off-campus sites.
Security
In addition to complying with all applicable laws and regulations, the university strives to implement and maintain systems and policies to protect the confidentiality and integrity of personal information provided by users. Despite these security measures, the university does not represent or warrant that personal information will be protected against loss, misuse or alteration by third parties.
Disclosure of Data Collected
The university is required to comply with the Arkansas Freedom of Information Act (FOIA) (Ark. Code Ann. § 25-19-101 et seq.) and may be required to disclose records maintained in the daily operations of the university unless such records are exempt from disclosure under federal or state law. Therefore, some data collected through university websites may be subject to disclosure upon receipt of a valid FOIA request.
Additionally, at times, the university may be legally required to disclose information collected through university websites in response to a valid subpoena or court order or to comply with a legally permitted inquiry by a governmental agency or regulatory body.
Subject to governing law and other applicable university policies, the university reserves the right to disclose information collected on its websites to governmental authorities in connection with suspected unlawful activity or to aid an investigation into suspected unlawful activity. In addition, the university reserves the right to release information collected on university websites to appropriate governmental authorities if university officials determine, in their sole judgment, that university policies have been violated, or that release of information is necessary to protect the rights, health, safety or property of persons or the university or to protect the integrity of university computer networks. Further, the university reserves the right to disclose information as university officials believe necessary to exercise the university’s legal rights, to defend against actual or potential legal claims, or as otherwise permitted or required by university policy, including but not limited to, Fayetteville Policies and Procedures 900.0 -- Code of Computing Practices.
Additional Resources
The university adheres to University Information Technology Services policies, and other campus and board of trustees policies that are applicable to the use of computing resources, as well as all applicable federal and state laws. These include, but are not limited to:
- Family Educational Rights and Privacy Act (FERPA)
- Electronic Communications Privacy Act of 1986
- Gramm-Leach-Bliley Act
- Health Insurance Portability and Accountability Act (HIPAA)
- USA Patriot Act
- Children’s Online Privacy Protection Rule
- Arkansas Freedom of Information Act
- 18 U.S.C. § 1030
- Ark. Code. § 5-41-101 et seq.
- Ark. Code. § 13-2-701 et seq.
- Ark. Code. § 25-1-114
Questions
For more information regarding this policy, please contact the Office of University Relations at 479-575-5555 or email urelinfo@uark.edu.
February 23, 2015