WOU’s rules about information privacy

WOU is committed to safeguarding the privacy of personally identifiable information, including personal financial information, educational records, and health records. For employees, be aware that all email and other electronic information pertaining to WOU business is “owned” by the university, regardless of where it is kept.

WOU may monitor user activities and access any files or information in the course of performing normal system and network maintenance while investigating policy or violations.

University policies and procedures are consistent with overall state, federal, and institutional policies regarding release of student and employee information as outlined in the Oregon Public Records Law, ORS 192.501 – 192.505; Oregon Faculty Records Law, ORS 351.065; the Oregon Student Records Law, ORS 351.070(2)(e); the Federal Educational Rights and Privacy Act of 1974; the WOU Faculty Handbook; and the WOU Acceptable Use of Computing Resources Policy.

• Data which is identifiable to particular individuals (e.g., inclusion of names, social security numbers, addresses, telephone numbers), shall be used only within the scope of an individual’s responsibilities, e.g., instructors may access data for classes which they teach, departments for their majors, etc.

• Information extracted and used to conduct the user’s duties shall be considered unofficial data and shall not be used for publication.

• Data analysis of units or groups within the institution, or with organizations external to the University, should be coordinated with the appropriate central administrative office.

• Data that is saved locally must be adequately protected from outside access.

• Saved data must be updated frequently enough that the likelihood of incorrect data being used is minimized.

• Anyone with information system access must ensure that such data is not available to individuals who do not have access to it, or who do not have a legitimate ”need to know.” An individual with information system access is responsible for the security of his/her access.

• Information extracted from the information system and used to complete survey documents or to be distributed to any publication having general readership, or if the information might otherwise have an impact on the external image of WOU, must be presented for review and approval by the appropriate central administration office.

• Requests for data or the use thereof which are outside the user’s responsibilities must be authorized in advance by the appropriate central administrative office, consistent with a written request stating the use of the data.

• Requests for release of any individual or aggregate student or employee information to anyone outside of WOU who has a legitimate ”need to know” must be authorized in advance by the appropriate central administrative office consistent with a written request stating the use of the data.

• Subpoenas for individual or aggregate student or employee information or any request from law enforcement authorities (including campus security, OSP, FBI, CIA, District Attorney) should be referred to the appropriate central administrative office.

The above rules are quoted from the Monitoring and privacy section of the WOU policy on acceptable use of computing resources. All WOU employees and students agree to this policy before they set up their Pawprint accounts to access online resources.

Other privacy-related resources

• Student Records Policy (University Registrar)

• Release of Medical Information (Student Health and Counseling Center)

• Family Educational Rights and Privacy Act (FERPA) US Department of Education