individuals who are present at RIT facilities, official RIT events, or who use RIT
Why was the policy updated?
- Reflect changes in technology such as the challenges associated with handling
electronic records and electronic communications
- Respond to increasing threats such as spam, malware and phishing that may
masquerade as “personal communications”
- Clarify the legitimate privacy expectations of RIT community members and
visitors to RIT
- Reflect changes in regulatory requirements, including HIPAA, GLB, USA Patriot
Act, NYS Information Security Breach & Notification Act, etc.
What are the changes?
clearly identifies the meaning of privacy, consistent with State & Federal law.
The new policy also eliminates redundancy that existed with other RIT policies
(Intellectual Property, Student Educational Records, and the Code of Conduct for
Computer Use, etc.) while retaining current practices (process for Authorized
Search & Seizure, etc.).
Will the policy result in any changes to normal RIT business practices?
You should expect no change to normal RIT business practices.
Why was an Institutional Privacy Committee formed?
A new institutional standing committee was formed in 2006 to provide on-going
oversight to the complex issues of privacy in a college campus environment. This
committee was instrumental in reviewing these issues and drafting the Privacy
Policy revisions that were ultimately reviewed by governance groups and adopted
by RIT in April 2006. The committee was chaired by Diane Barbour, CIO and Jim
Moore, Information Security Officer. A list of current committee members may be
found at www.rit.edu/privacy
Web site “privacy policies”
- Web site privacy policies must be labeled as a “privacy statement”
not a “policy.” Web site privacy statements may only describe how
information is used on a specific site and may not imply greater protection than
the information may actually receive.
exception of Alumni Relations and Student Health, all other departments are
Health Center have privacy policies that address specific legal mandates.
For more information
Questions about the policy should be directed to Diane Barbour, CIO and Jim
Moore, Information Security Officer.