ROWAN UNIVERSITY POLICY
Title: Records Release Policy and Security of Donor Information
Subject: University Advancement
Policy No: UA: 2014:02
Applies: University-Wide
Issuing Authority: President
Responsible Officer: Associate Vice President for University Advancement/Executive Director, Rowan University Foundation
Adopted:
Last Revision: 9/2014
Last Reviewed: 4/14/2015
I. PURPOSE
This policy outlines a code of ethics and principles for the stewardship of the personal information of University constituents and provides a Donor's Bill of Rights. It also includes an overview of donor anonymity levels, a privacy policy statement regarding use of the Millennium database, processes for the request of information from Millennium, best practices regarding safeguarding alumni and donor privacy, and a statement of understanding for all campus Millennium users.
...
- Rowan University's Department of Advancement Services (DAS) maintains a database (Millennium) of biographical and gift/pledge information about University alumni and friends in accordance with the general needs and expectations of the University community. The information contained in this database is intended exclusively for purposes related to Rowan University's programs.
- Staff members of University Advancement will have access to Millennium [alumni and/or development information as well as data analysis] from their workstations. Each employee user should diligently deal with sensitive information regarding alumni, prospects and donors in the areas of data retrieval, retention, dissemination and disposal. This policy document is designed to protect the privacy of Rowan University alumni and other constituents and to maintain standards of confidentiality associated with electronic records in Millennium. Exceptions to this policy can only be made by the Vice President of University Advancement or his/her designee.
- An employee's need to access Millennium does not equate to casual viewing. It is the employee's obligation, and his/her supervisor's responsibility, to ensure that access to Millennium is only to complete assigned functions.
- The Director of Advancement Services in recognition of the right to privacy of donors to Rowan University, ethical considerations, and the need for good donor relations has categorized Millennium data as restricted. Data and information available in Millennium and in related reports and files is the property of Rowan University and its use is governed be federal, state and local law, as well as University regulations. It may only be used to support University-sponsored or University-approved development or alumni relations functions.
- The Department of Advancement Services expects that individuals with access to Millennium data understand their responsibilities with respect to use, interpretation and distribution of that data and the consequences for misuse of data. The ability to access and produce reports and mailings does not constitute automatic authority to do so. Unauthorized release or use of Millennium information for any purpose is strictly prohibited and may result in suspension, and/or termination of employment for the employees involved. Additional legal action may be taken, when warranted.
- It is the desire of the Department of Advancement Services to support the ongoing activities of Rowan University by providing assistance for programs, communications, and events, which bring together alumni, donors, and friends of the University. In order to provide the best possible service to those with legitimate needs for such information, and at the same time maintain the confidentiality of the information entrusted to us by our alumni, the following policies have been developed.
D. Responsibilities
- Exceptions to this policy can only be made by the Associate Vice President of University Advancement or his/her designee.
- In cases of dispute about whether an organization has a legitimate affiliation with the University, the final decision will rest with the Associate Vice President of University Advancement or his/her designee.
- In cases of dispute about what constitutes an approved activity, the final decision will rest with the Associate Vice President of University Advancement or his/her designee.
E. Compliance with the above policy.
...
- Information available for release is confined to "public information" i which is limited to:
- Full name
- Address and telephone number
- Degree(s) and date of degree(s) awarded by Rowan University
- School(s) from which degree(s) was/were granted with major field of study
- Employer address and telephone number
- E-mail address
- Fax number(s)
- Federal law severely restricts the amount of information that may be released on current students ii . No information on students will, therefore, be released based on data maintained by Millennium. All requests for information on current students should be forwarded to the appropriate Registrar's office.
- Information provided to volunteer alumni constituent groups will be limited to those alumni who are affiliated with the requesting group.
- In addition to "public information," requests from the Rowan University Alumni Association; Development; administrative, academic, or athletic units of Rowan University; and Central Administration will be provided the following information:
- Employment History
- Student activities
- Alumni activities
- Family members
- Degrees obtained from other Schools
- Miscellaneous comments, awards, text, etc.
- Gift/Pledge data
ATTACHMENT 4
PROTECTING AND PRESERVING ROWAN ALUMNI AND DONOR PRIVACY PRIVACY
- Securing Paper RecordsRecords
- Store paper records in a room, cabinet, or other container that is locked when unattended
- Ensure that storage areas are protected against destruction or potential damage from physical hazards, like fire or floods, by keeping doors closed and items off the floor
- Promptly shred and dispose of outdated constituent information recorded on paper
- Securing Computers and Electronic Records
- Shut down applications if you leave for lunch or any extended period of time
- Use password-activated screensavers
- If you use a computer other than the one you have been assigned, leave a note to notify the assigned user that includes the date and your name as an authorized employee of the College
- Use strong passwords (at least eight characters long) including numbers and letters and non-numeric characters
- Change passwords every ninety days
- Do not post passwords near your computer (for example: passwords written on post-it notes)
- Do not download unauthorized files
- Check with software vendors regularly to obtain and install patches that resolve software vulnerabilities (for example: Microsoft updates, internet explorer upgrades, etc.)
- Use anti-virus software that updates automatically
- Store electronic customer information on a secure server that is accessible only with a password - or has other security protections (for example: in Banner or on network drives, which are backed up by I.T. nightly)
- Maintain secure backup media and keep archived data secure, for example, by storing off-line or in a physically-secure area
- If you transmit sensitive data by electronic mail:
- DO NOT include the constituent's social security number or credit card information
- But DO include a confidentiality notice:
"This communication, including any attachment(s), contains information that may be confidential or privileged, and is intended solely for the individual(s) to whom it is addressed. If you are not the intended recipient, please notify the sender at once and then delete this message. You are hereby notified that any disclosure, copying, or distribution of this message is strictly prohibited." - Secure laptops to avoid theft and possible access to constituent data when traveling and in the office – lock doors when leaving for the day
- Do not save constituent data on your home computer
- Backup your hard drive on a regular basis
ATTACHMENT 5
INTERNAL USES OF INFORMATION
Acceptable Internal Uses of Information from the Millennium Database
- Rowan University's Department of Advancement Services will make available information from Millennium for the support of approved, University-related activities. Approved activities include the following:
- Alumni engagement
- Development
- Public relations
- Government relations
- School/department communications to alumni/constituents
- University-sanctioned research
- Continuing education programs
- Student recruitment
- In cases of dispute about what constitutes an approved activity, the final decision will rest with the Vice President of University Advancement.
- Information maintained by Millennium is not available for release for non-related commercial or political purposes.
- If the information provided will result in the preparation of lists or directories that are to be published in book, magazine, newsletter or other forms for general distribution among alumni groups, prior to publication each individual who might be included must be provided the opportunity to indicate in writing whether he/she wishes to be excluded.
ATTACHMENT 6
DISTRIBUTION OF INFORMATION
Formats Available for Distribution of Information
Information may be obtained in the form of lists, labels, electronic files and downloads by authorized university representatives in support of approved activities as noted in Section III.A of this document. It is the responsibility of the unit requesting information to maintain the absolute confidentiality of that information as specified in this policy statement.
ATTACHMENT 7
HYPERLINKS
i. Anchor
ii. Anchor