Privacy Statement
The policy of the North Dakota State University Information Technology Services (ITS) is to respect the privacy of all users of information technology services. This electronic privacy statement is intended to inform the ITS clients of ITS information gathering and usage practices.
North Dakota University System Policy and Procedure, 1901.2, NDSU Policies and Procedures 158 and 710, federal and state laws, and the NDSU Information Technology Services Confidential Information Agreement take precedence over this privacy statement.
Use of Information
Electronic records needed to support ITS functions are retained, managed, and accessible in accordance with established records disposition authorizations to the extent permitted or authorized by law. Electronic records will be identified, managed, protected, and retained as long as they are needed to meet administrative, fiscal, or legal requirements.
Public Disclosure
Electronic records stored and received by ITS are subject to the access and confidentiality provisions of state and federal law. ITS provides security and privacy for information stored and received on its systems and services. In addition, the following information provided to ITS is protected from disclosure to the public: personal, copyright, research, trademark, and proprietary information; unless otherwise specified by the owner. Information not specifically addressed in this document may be disclosed pursuant to the North Dakota Open Records Law.
North Dakota law specifies in NDCC Ch.44-04-18 that "Except as otherwise specifically provided by law, all records of a public entity are public records, open and accessible for inspection during reasonable office hours." All information provided to, stored, or collected electronically that is not specifically exempted by state or federal law should be considered as an "open record" and may be released upon any request of the public.
Network Traffic Logs
In the course of ensuring network security and consistent services for all ITS clients, ITS employs software programs to do such things as monitor network traffic, identify unauthorized access to nonpublic information, enforce access rights and user quotas, detect computer vulnerabilities, and other software that might damage university computers. In the course of such monitoring, the information detected from these activities is used only for monitoring for compliance with law and policy and for the purpose of maintaining the security and performance of NDSU's networks and computer systems. Personally identifiable information from these activities is not released to any party without consent unless required or authorized by law.
Desktop Services
In the course of ensuring network security and consistent services, it may be necessary to audit NDSU owned desktops regarding
In the course of such an audit, personal, copyrighted, research, trademarked or proprietary data on the client's machine will not be purposely or intentionally reviewed unless there is valid and/or legal reason to do so.
Remote Desktop
The ITS LAN Group may install and maintain an application that will enable efficient and remote management and maintenance of the user's desktop. The application may also be used for the following:
At no time will personal, copyrighted, trademarked, proprietary, or research data on the client's machine be reviewed unless there is valid and/or legal reason to do so.
Server Logs
ITS servers (e.g., email servers, Web servers, etc.) routinely collect and store information from online visitors to facilitate management and improve service of the Web sites. This information includes the NDSU Web pages visited, the date and time of the visit, the Internet address (URL or IP address) of the referring site, the domain name and IP address from which the access occurred, the version of browser used, the capabilities of the browser, and search terms used on the search engines. ITS makes no attempt to identify individual visitors from this information; no personally identifiable information is released to external parties without consent unless required or authorized by law.
Cookies
Cookies are pieces of information stored by the Web browser on behalf of a Web site and returned to the Web site on request. The NDSU Web site(s) may use cookies for two purposes: to carry data about the current session at the site from one Web page to the next, and/or to identify to the site between visits. The cookie setting may be turned off in the computer's browser, or the browser may be set to send a request to the client prompting the client to accept the new cookie. Some pages may not function properly if the cookies are turned off. Unless otherwise notified on the NDSU Web site, ITS will not store data, other than for these two purposes, in cookies. Cookies remain on the computer. ITS does not store cookies or forward them to any external parties. Unless otherwise noted on the Web site, NDSU does not use cookies to track movement among different Web sites and does not exchange cookies with other entities.
NDSU provides links to other World Wide Web sites or resources. NDSU does not control these sites and sources, does not endorse them, and is not responsible for the availability, content, or delivery of services. In particular, external sites are not bound by NDSU's electronic privacy policy.
Collection of Information
ITS uses the collected information to respond appropriately to requests. Survey information collected may be used statistically to help ITS understand usage patterns and forecast requirements.
Information Voluntarily Provided by Clients
In the course of using the NDSU Web site, the client may choose to provide ITS with information to help ITS serve the client's needs. Personally identifiable information will only be used for the purpose indicated. Requests for information will be directed to the appropriate staff, and may be recorded to help ITS update services to better serve the client's requests. ITS will not sell, exchange or otherwise distribute personally identifiable information without prior authorization except to the extent required or authorized by law. ITS will not retain the information longer than necessary for normal operations. The purpose for all information will be disclosed through the appropriate media form.