Eastern Michigan University is committed to protecting the privacy of Personally Identifiable Information (PII) of its students, faculty, staff and other individuals associated with the University. All entities of the University will take appropriate measures, implement necessary technology and/or establish operating procedures to ensure data privacy is maintained.
Eastern is provided and/or collects PII for its use as an educational institution. This data may include, but is not limited to social security number, credit card data, bank account number, financial and medical information, educational records, credit information, address and tax information. Other demographic and descriptive data may also be provided and/or collected such as zip code, gender, age and preferences, but is not considered to be personally identifiable information.
- Read More
PII may be provided, collected and maintained from prospective/current/former students and their parents/guardians, prospective/current/former employees, and external individuals and entities with which the university transacts the business.
PII may be provided, collected and maintained in various formats including paper forms and as data stored on servers, computers, hard drives, and databases. If PII is deemed to be no longer necessary, proper steps will be taken to shred paper forms, purge electronic data and/or securely wipe or destroy hard drives.
Access to PII will be limited to authorized individuals based on job requirements necessary to conduct University business. All employees of the University are expected to respect and protect the confidentiality of PII.
Protected data may also reside and/or be accessible to trusted third parties who deliver services to the University, such as insurance companies, banking institutions, credit card processors and educational software companies. These trusted third parties are prohibited from sharing or selling protected data, and are required to take measures to ensure data privacy is maintained.
Eastern does not release PII without disclosure or consent of the individual unless required by law or to comply with legal proceedings. However, the U.S. Patriot Act dictates that PII may be given to Federal agents without an individual's knowledge and that Eastern may be restricted from informing an individual about the request.
Should a breach occur, Eastern will notify those individuals affected, will supply appropriate details about the breach, and will take appropriate measures to minimize the impact of the breach. Following an incident, a thorough review of events will be done and necessary actions will be implemented to prevent a similar incident in the future.
Eastern encourages all its constituents (Students, faculty, staff, vendors) to be knowledgeable about their own responsibility and opportunity to protect personally identifiable information.
- Educational Records
Educational records (including, but not limited to, student numbers, courses taken, grades, GPA, etc.) are protected under the Family Educational Rights and Privacy Act (FERPA) of 1974, as amended. FERPA gives students the right to inspect and review their own education records. Furthermore, they have other rights including the right to request amendment of records and to have some control over the disclosure of personally identifiable information from these records. Institutions may not disclose information contained in educational records without the student's written consent except under conditions specified in The Act.
EMU's FERPA policy is stated in 8.2 of the Board Policy Manual, Additional information on FERPA can be found at the Office of Records and Registration website.
EMU's Office of Research & Development will protect the professional and academic rights of faculty and staff and ensure that all areas of regulatory compliance are followed and appropriately managed.
EMU is in compliance with the Department of Health and Human Services, Office for Protection from Research Risks guidelines (Title 5 Code of Federal Regulations part 46 - EMU FWA00000050) and oversight for responsible conduct of research and protection of human subject rights and personal information. Additional information may be found at the EMU office of Research & Development website.
- Health Information
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) ensures that individual's health information is properly protected while allowing the flow of health information needed to provide and promote high quality health care and to protect the public's health and well being. EMU is committed to compliance with HIPAA and all other U.S. healthcare regulations and laws on behalf of all Students and employees.
- Financial Services
EMU is committed to compliance with all U.S. financial regulations and laws, and will take appropriate measures to ensure data privacy is maintained. EMU is in compliance with the Federal Trade Commission's Gramm-Leach-Bliley Act (16 C.F.R 313, 65) and the Red Flags Rule(FTC 16 CFR 681), which are designed to combat identity theft.
EMU's GLBA policy is located in Section 8.2 of the Board Policy Manual. EMU's Red Flags Rule policy is located in Section 2.7 of the Board Policy Manual.
- Employment/Human ResourcesEMU Human Resources is committed to safeguarding the privacy of personal information that is collected concerning out prospective, current, and former employees for management, human resources, and payroll purposes. Compliance with all U.S. employment laws and regulations is a priority. Additional information regarding HR procedures may be found at the EMU Human Resources website.