Confidential data

• Social Security Numbers: Some of our web sites with personnel and payroll data contain Social Security Numbers, which are confidential and protected by the Privacy Act of 1974 and the university's own SSN policy.



• Student data: Some of our web sites contain student information, the privacy of which is governed by the Family Educational Rights to Privacy Act. Some of the information is considered to be "directory information" by the campus and can be released under certain circumstances, but most of it is not considered directory information and must be treated with confidentiality. The Tuition, Waiver, and Appointment site contains tuition, enrollment, and financial aid information which is particularly sensitive.
  
  Each student has the option of suppressing his/her directory information from the public, so none of the data from the DMI site should ever be published in individually identified form unless the user has first checked to see if the students have requested suppression under FERPA.



• Proposal data: Proposals for Grants & Contracts are considered proprietary information while the proposal is in pending status, and proposal information should not be released publicly. Such release could damage the university's chances of obtaining a grant or contract.



• Staff addresses: The staff directories available under the Departments and Executive Officers web site are provided to allow university staff members to find each other easily. and to create simple mailing lists of staff in a few departments. They are not provided for any commercial use and are not intended to be used to create mass mailing lists.



• Staff e-mail addresses: The Departments and Executive Officers site provides staff e-mail addresses to a limited number of IP addresses on campus. These are provided for university business only and should not be used to create mailing lists for personal gain or for distribution to persons outside the campus.

Cookies

A cookie is a file created on your computer when you enter our web site. You may configure your browser to refuse cookies, but you will not be able to access any of our secure sites if you do so. We use cookies on our secure sites (those requiring a login) in order to save the user logon, what the user is authorized to see, and the choices made by the user from previous pages at our site. We need to use cookies in order to pass this information from one page to the next. Our cookies are not active once you leave our web site and do not pass any information to us other than the information you have entered yourself into the DMI web pages. We do not use cookies to store information from one session to the next, so you may delete the cookies at the end of your session with us.

Logs

Security logs: We maintain security logs of all log in events at our web site. We use these to monitor repeated password violations and other events that might indicate someone is trying to break into our server. If we see that a login was used repeatedly with an incorrect password, we may contact the user, the user's supervisor, or the network administrator or security contact of the user's IP address to find out what is causing the problem.

Access logs: We also track all requests for web pages and maintain logs of these requests with the time, user id, IP address, and type of operating system and browser. The logs are used to provide statistics and feedback to us on how people are using our services in order for us to improve our web offerings. If we suspect that our data are being misused for personal gain or non-university business, we may use the logs to verify who accessed what data and when.