Policy on Personally Identifiable Information Security

Personally identifiable information (PII) is described as any electronic data that can be used to disclose the identity of an individual. This includes but is not limited to social security number, address, phone number, college ID number, email address, or name.

In an effort to maintain data security in all realms of data collection SUNY Cortland requires that all online data collection programs conform to the following information security regulations:

• Personally identifiable information will not be stored on any server accessible by the public. This includes but is not limited to web servers and email servers.
• All personally identifiable information will be stored on securely controlled central database servers that conform to all access control and authentication regulations set forth by designated data/cyber security officers in Administrative Computing Services.
• All online data collection, data retrieval, and application requests involving personally identifiable information will be reviewed by designated data/cyber security officers in Administrative Computing Services. Prior to production or implementation, the designated data/cyber security officer(s) will ensure that all security principles, programming standards, data storage, and that all data elements are being collected securely and appropriately.
• Programs and methods that do not conform to information collection and security policies will be removed and taken out of production. The administrator/requestor of the program will be notified. Once security violations are corrected the program will be placed back into a production environment.

Online data collection programs are defined as any Web form, application, or survey tool that is made available to the public and stores some or all of the personally identifiable information elements. Surveys, while they may or may not collect personally identifiable information, must be reviewed by a designated data/cyber security officer to ensure that the data being collected is securely stored in a manner consistent with all designed security standards established for personally identifiable information (PII).

Disclosure of Personally Identifiable Information to Parties Outside the University

SUNY Cortland does not sell, rent, give away, or loan any personally identifiable information about students, faculty or staff to any third party other than agencies directly connected to the university. Agencies who have access to personally identifiable information are required to protect this information in a manner that is consistent with this privacy policy and those set forth by the State of New York and the Federal government. Violators of these privacy acts will be prosecuted by every extent of the law.

Accessing or Correcting Personal Information

The BannerWeb Systems provide a mechanism for you to manage your personal information. It is very important that all of your personal contact information is current and up to date.

Consent

By using the college technology infrastructure, you consent to the collection and use of your personally identifiable information by SUNY Cortland. The policies that govern the usage of SUNY Cortland's technological infrastructure and your personally identifiable information can be located at the following URL: http://www.cortland.edu/ir/policies.asp