Individual privacy and security are highly valued by our society but it has limitations at a private educational and research institution such as RIT, consistent with the university's need to protect and maintain its property, electronic network and resources, preserve the health and safety of its students, faculty, staff and guests, or whenever necessary to aid in the basic responsibility of the university in support of its educational mission. The right to individual privacy, while highly valued at RIT, must be balanced by the other community enumerated values and needs. The university endeavors to provide a safe and hospitable environment for all those who learn, work, live and visit here, and individual community members are expected to support this mutual effort.
At the same time, consistent with the law, RIT cannot guarantee or assure the privacy of personal information or personal property, and is not responsible for any loss or theft. Individuals must assume the risk of a breach of their privacy and guard against it.
For purposes of this Policy, the following terms shall have the meanings set forth below:
"RIT facilities" means any property owned or leased by the university, wherever located.
An "official RIT event" means one conducted outside RIT facilities with the explicit official sponsorship of RIT, including, but not limited to, an athletic competition by an RIT sports team, or a seminar or an online course
"Personal property" means any physical items of a personal nature, including but not limited to clothing, pocketbooks, wallets, briefcases, laptops, cell phones, and other similar items.
"Personal information" means: any private information or information concerning an individual which can be used to identify such individual; and any oral, written and electronic communications, files, or data intended by their creator to be private, including those transmitted or preserved in paper, electronic, or other media.
Compliance with Laws
The university is aware of the requirements of federal and state privacy laws and regulations, among them the Family Education Rights and Privacy Act (FERPA), Gramm Leach Bliley Act (GLBA), the Health Insurance Portability Accountability Act (HIPAA), and New York's Information Security Breach and Notification Act, and endeavors to comply with them. Nothing in this Policy shall be construed in derogation of any rights afforded by applicable federal or state law.
With respect to individuals who are present at RIT facilities or at official RIT events, the university specifically reserves the right to:
inspect and retain any personal property
remove from or limit access to RIT property
delete or limit material posted on RIT property
including, but not limited to, when applicable university policies, contractual obligations, or federal or state laws are violated
With respect to information on RIT's electronic resources, including, but not limited to personal information, the university specifically reserves the right to:
access all RIT property including electronic resources, and all communications, records, data and information created or stored thereon;
remove from or limit access to RIT electronic resources
remove, delete or limit information posted on RIT electronic resources, including, but not limited to, when applicable university policies, contractual obligations, or federal or state laws are violated.
Searches and Seizures
As a matter of regular business practices, authorized university personnel will only inspect or retain personal property or personal information in accordance with this Policy and when there is a legitimate university reason to do so.
In order to evidence that power, RIT vice presidents (or their designees) may authorize the inspection and retention of personal property and/or personal information through the issuance of a written authorization to that effect, stating that they have reason to believe that a law or an university policy has been or is about to be violated, and that the inspection and retention may either yield the information or item necessary to prove the existence of such violation or prevent danger or harm to individual(s) or property. For RIT students, except in limited circumstances, these authorizations shall be issued by the vice president for Student Affairs (or designee). Such a written authorization is not mandatory under this policy, however.
Generally speaking, authorized university personnel who conduct inspections and/or retentions will:
attempt to allow the individual whose personal property and/or personal information are the subject of the inspection and/or retention to be present while the inspection and/or retention is conducted (if that individual cannot be located, or refuses to be present, or if his/her presence is impractical, the inspection and/or retention can go forward without his/her presence) and
create a record of the personal property or personal information retained, and provide a copy to the individual.
Law enforcement officials may also search and/or seize personal property and personal information, but are generally required to have a court order, subpoena or a search or arrest warrant. If RIT is served with a court order or subpoena for what may be termed personal property or personal information of an RIT student, faculty or staff member, which is being transported or stored on RIT property or RIT electronic resources, RIT will attempt in good faith to notify the individual affected before complying with the subpoena, if permitted.
An individual may have certain grievance rights with respect to the privacy of his or her personal property and/or personal information. This Policy is not intended to abrogate any existing RIT grievance procedures.
RIT Privacy Standing Committee
There shall be a standing committee for the purpose of providing guidance on privacy issues related to university business including, but not limited to, regulatory compliance, individual privacy, and management of university resources. The committee shall be drawn from a broad cross-section of the RIT community (including the University Council) and report on at least an annual basis to the Administrative Council. Questions with respect to the administration of the committee or this policy may be referred to the committee chairperson. The current members of the committee are listed at www.rit.edu/privacy.
Approved December 11, 1996
Revised April 26, 2006
Eedited August, 2010