Policy Number: C7.0

Policy Name: PRIVACY POLICY

I. General Statement

The purpose of Rochester Institute of Technology's Privacy Policy is to clarify the legitimate expectations of privacy by those individuals who are present at RIT facilities or at official RIT events, or who use RIT electronic resources.

Individual privacy and security are highly valued by our society but it has limitations at a private educational and research institution such as RIT, consistent with the university's need to protect and maintain its property, electronic network and resources, preserve the health and safety of its students, faculty, staff and guests, or whenever necessary to aid in the basic responsibility of the university in support of its educational mission. The right to individual privacy, while highly valued at RIT, must be balanced by the other community enumerated values and needs. The university endeavors to provide a safe and hospitable environment for all those who learn, work, live and visit here, and individual community members are expected to support this mutual effort.

At the same time, consistent with the law, RIT cannot guarantee or assure the privacy of personal information or personal property, and is not responsible for any loss or theft. Individuals must assume the risk of a breach of their privacy and guard against it.

II. Definitions

For purposes of this Policy, the following terms shall have the meanings set forth below:

"RIT facilities" means any property owned or leased by the university, wherever located.

An "official RIT event" means one conducted outside RIT facilities with the explicit official sponsorship of RIT, including, but not limited to, an athletic competition by an RIT sports team, or a seminar or an online course

"Personal property" means any physical items of a personal nature, including but not limited to clothing, pocketbooks, wallets, briefcases, laptops, cell phones, and other similar items.

"Personal information" means: any private information or information concerning an individual which can be used to identify such individual; and any oral, written and electronic communications, files, or data intended by their creator to be private, including those transmitted or preserved in paper, electronic, or other media.

III. Compliance with Laws

The university is aware of the requirements of federal and state privacy laws and regulations, among them the Family Education Rights and Privacy Act (FERPA), Gramm Leach Bliley Act (GLBA), the Health Insurance Portability Accountability Act (HIPAA), and New York's Information Security Breach and Notification Act, and endeavors to comply with them. Nothing in this Policy shall be construed in derogation of any rights afforded by applicable federal or state law.

IV. Access

With respect to individuals who are present at RIT facilities or at official RIT events, the university specifically reserves the right to:

including, but not limited to, when applicable university policies, contractual obligations, or federal or state laws are violated

With respect to information on RIT's electronic resources, including, but not limited to personal information, the university specifically reserves the right to:

V. Searches and Seizures

As a matter of regular business practices, authorized university personnel will only inspect or retain personal property or personal information in accordance with this Policy and when there is a legitimate university reason to do so.

In order to evidence that power, RIT vice presidents (or their designees) may authorize the inspection and retention of personal property and/or personal information through the issuance of a written authorization to that effect, stating that they have reason to believe that a law or an university policy has been or is about to be violated, and that the inspection and retention may either yield the information or item necessary to prove the existence of such violation or prevent danger or harm to individual(s) or property. For RIT students, except in limited circumstances, these authorizations shall be issued by the vice president for Student Affairs (or designee). Such a written authorization is not mandatory under this policy, however.

Generally speaking, authorized university personnel who conduct inspections and/or retentions will:

Law enforcement officials may also search and/or seize personal property and personal information, but are generally required to have a court order, subpoena or a search or arrest warrant. If RIT is served with a court order or subpoena for what may be termed personal property or personal information of an RIT student, faculty or staff member, which is being transported or stored on RIT property or RIT electronic resources, RIT will attempt in good faith to notify the individual affected before complying with the subpoena, if permitted.

VI. Grievance Rights

An individual may have certain grievance rights with respect to the privacy of his or her personal property and/or personal information. This Policy is not intended to abrogate any existing RIT grievance procedures.

VII. RIT Privacy Standing Committee

There shall be a standing committee for the purpose of providing guidance on privacy issues related to university business including, but not limited to, regulatory compliance, individual privacy, and management of university resources.  The committee shall be drawn from a broad cross-section of the RIT community (including the Institute Counsel) and report on at least an annual basis to the Administrative Council.  Questions with respect to the administration of the committee or this policy may be referred to the committee chairperson. The current members of the committee are listed at www.rit.edu/privacy.

 

Responsible Party:

Effective Date: Approved December 11, 1996

Policy History:
Revised April 26, 2006
Eedited August, 2010