Privacy Policy FAQ

Why does RIT have a privacy policy?

The RIT privacy policy clarifies the legitimate expectations of privacy by individuals who are present at RIT facilities, official RIT events, or who use RIT electronic resources.

Why was the policy updated?

The Privacy Policy was first adopted in 1996. The policy was updated in 2006 to:

  • Reflect changes in technology such as the challenges associated with handling electronic records and electronic communications
  • Respond to increasing threats such as spam, malware and phishing that may masquerade as “personal communications”
  • Clarify the legitimate privacy expectations of RIT community members and visitors to RIT
  • Reflect changes in regulatory requirements, including HIPAA, GLB, USA Patriot Act, NYS Information Security Breach & Notification Act, etc.

What are the changes?

The new Privacy Policy reaffirms the value of privacy to our community and more clearly identifies the meaning of privacy, consistent with State & Federal law. The new policy also eliminates redundancy that existed with other RIT policies (Intellectual Property, Student Educational Records, and the Code of Conduct for Computer Use, etc.) while retaining current practices (process for Authorized Search & Seizure, etc.).

Will the policy result in any changes to normal RIT business practices?

You should expect no change to normal RIT business practices.

Why was an Institutional Privacy Committee formed?

A new institutional standing committee was formed in 2006 to provide on-going oversight to the complex issues of privacy in a college campus environment. This committee was instrumental in reviewing these issues and drafting the Privacy Policy revisions that were ultimately reviewed by governance groups and adopted by RIT in April 2006. The committee was chaired by Diane Barbour, CIO and Jim Moore, Information Security Officer. A list of current committee members may be found at

Other impacts

Web site “privacy policies”

  • Web site privacy policies must be labeled as a “privacy statement” not a “policy.” Web site privacy statements may only describe how information is used on a specific site and may not imply greater protection than the information may actually receive.

Departmental policies

  • The new Privacy Policy (C.7) is the official policy of the institute. With the exception of Alumni Relations and Student Health, all other departments are required to adhere to the new Privacy Policy. Alumni Relations and the Student Health Center have privacy policies that address specific legal mandates.

For more information

The RIT Privacy Policy may be viewed at Questions about the policy should be directed to Diane Barbour, CIO and Jim Moore, Information Security Officer.