WMOT/MTSU Privacy of Information Policy
The purpose of this policy is to establish principles to guide the evolution of Middle Tennessee State University (MTSU) community standards of information privacy. This is a first step to clarify the level and protection of information privacy that may be expected by students/potential students, University employees, and outside persons who have relationships with MTSU. This policy is intended to be flexible and independent of current definitions or concepts of technology, and to rely on common sense and a culture supportive of mutual respect. While consideration has been given to the unique qualities of electronic information, this document reflects the reasoning that the core value of privacy is not confined to any information medium.
While recognizing that other MTSU policies address some privacy issues, primarily those based on federal and state laws, the objectives of this policy are to ensure that:
- A sharper focus is given to the University's values and beliefs related to information privacy,
- The expectations for maintaining information privacy are provided for University employees and students, and
- Information privacy guidelines are provided for University employees and students.
II. University Values and Beliefs
Where discretionary considerations are possible, a balanced approach to resolving conflicts between privacy and other values must incorporate the perspectives of the University as an institution, the collective behavior of employees and students, and the protection of individual privacy.
A. Institutional Perspective
MTSU must not be unduly constrained with respect to administrative efficiency in the enforcement of policies related to information privacy. Considering the mission, internal control of information, and external mandates governing information collection and use, each organizational unit to which privacy issues are of concern is encouraged to develop related procedures. Where practical, the decentralization of responsibility and the encouragement of employee participation in the development of relevant division or department operating procedures is the preferred method of increasing the level of learning and trust regarding information privacy issues.
B. Ethical Stewardship as a Collective Responsibility
We are ethically obligated to respect the privacy of others and to adhere to a reasonable standard of conduct that supports this collective respect. For example, when employees gain unintentional access to information that a reasonable person would consider private, personal, or confidential, sensible actions are required, such as the notification of officials who are responsible for initiating corrective measures, or simply returning or forwarding the information to the intended recipient or owner.
C. The Individual's Right to Know
While most employment-related records are public, even confidential records can be accessed under certain conditions. Therefore, information in any form should be presumed capable of acquisition by others for purposes not related to the original creation of that information.
In most instances, employees of MTSU have a right to know when their individual records have been reviewed, or subpoenaed by parties external to MTSU, or are under review by MTSU officials or administrators who do not manage the information as part of their official duties. In such instances where it is administratively practical, the employees should be notified by email, phone call or other means. Additionally, the Human Resource Services office will maintain records of all requests for employee public information when such requests are made by vendors or others for a business or commercial purpose.
While most student-related records are private, even confidential records can be accessed under certain conditions. In most instances, students will be notified of the compliance with judicial order or subpoena by parties external to MTSU.
III. Other MTSU Information Privacy Related Policies
A. Student Records
With regard to students' educational records, MTSU adheres to the federal Family Educational Rights and Privacy Act of 1974, commonly referred to as FERPA or the Buckley Amendment. In addition, MTSU Policy II:02:00 (Access to Educational Records) provides students with the right to inspect and review education records, the right to seek to amend those records and to limit disclosure of information from the records.
The release of student information in any medium (including the Internet), therefore, should be done only in accordance with the conditions of the existing MTSU Policy II:02:00.
Students have the right to restrict release of directory information as outlined in MTSU Policy II:02:00.
Records are retained in accordance with Tennessee Board of Regents Guideline G-070 and the American Association of Collegiate Registrars and Admissions Officers (AACRAO) guidelines.
B. Employee Records
The Human Resource Services office maintains the official personnel files for employees, except faculty. Official faculty personnel files are maintained in the Executive Vice President and Provost office. See MTSU Policy IV:07:17 (Personnel Records).
With the exception of records that include medical information, all Human Resource Services information is public and accessibility is granted in compliance with MTSU Policy I:03:01 (Inspect/Copying Public Records).
C. Additional Privacy-Related Policies
Several current MTSU policies are directly or indirectly related to information privacy issues, illustrating the nature and complexity of the topic. These include the following :
- I:01:24 (Protection of Human Subjects in Research)
- I:03:03 (Information Technology Resources Policy)
- II:01:10 (Misconduct in Scholarly Activities and Research)
- III:00:08 (Release of Names and Addresses of Prospective Students)
- III:04:01 (Guidance and Counseling Center III:04:01 (Guidance and Counseling Center -- Counseling)
- III:04:02 (Guidance and Counseling Center III:04:02 (Guidance and Counseling Center -- Testing)
- IV:07:02 (Conditions of Employment)
IV. Disciplinary Actions
Employees who access files or browse data of others, or access any information technology resources for personal gratification or unauthorized dissemination of information obtained from those resources, may have violated the privacy of others. If so, such behaviors are subject to disciplinary actions that are in proportion to the egregious nature of the offense. MTSU Policy IV:07:10 (Disciplinary Procedure - Classified Personnel) and MTSU Policy II:01:05A (Policies and Procedures for Tenure) prescribe disciplinary actions and processes. In cases where employees dispute a charge, they may respond based on the following MTSU policies: IV:07:11 (Employee Grievance/Complaint Procedure) or II:01:05C (Tenure and Promotion Appeals Process). Refer to the Student Handbook for disciplinary actions regarding students.