File Code: TECH.WEBPRIVACY.POL
Approval Date: 3/28/2011
Approved By: President
Western Illinois University (WIU) is committed to ensuring the privacy and accuracy of confidential information; therefore, WIU does not share personal information gathered from its websites. WIU also complies with the Family Educational Rights and Privacy Act (FERPA), which prohibits the release of education records without student permission. Although FERPA regulations apply to students, the University is equally committed to protecting the privacy of all visitors to our websites. WIU will not sell, rent, or market personal data to third parties.
The University's web privacy notice shall not be construed as a contractual agreement. The University reserves the right to amend the information at any time without notice. Privacy and public records obligations of the University are governed by applicable Illinois statutes and U.S. federal laws. Because WIU is a public institution, some information collected, including the summary server log information, e-mails, and information collected from web-based forms, may be subject to the Freedom of Information Act (FOIA). While WIU does not actively share information, in some instances, the University may be required by law to release information gathered.
This privacy notice applies to all Western Illinois University websites containing "wiu.edu." This includes websites of academic and administrative units, as well as official and unofficial pages. Official pages are sanctioned by WIU while unofficial pages are those not sanctioned by WIU; including but not limited to staff, faculty, student organizations, and student personal pages. In addition, the websites of students, faculty, and staff should not request confidential information from visitors. Examples of confidential information include Social Security numbers, WIU identification numbers, credit card numbers, passwords, and birthdates.
Do not enter confidential information on a Western website unless the site uses encryption. One way to know whether a site uses encryption is if the web address begins with https (i.e. https://webapps.wiu.edu). In addition, the browser may display a locked padlock icon in the lower right corner.
There are four primary types of information that may be collected during a visit to a WIU website: network traffic information, web server statistic logs, cookies, and information voluntarily provided.
In the course of ensuring network security and consistent service for all users, the University may use software programs to:
- analyze network traffic,
- identify unauthorized access,
- detect computer viruses and other software that might damage University computers or networks, and
- monitor and maintain the performance of the University network.
In the course of such monitoring, these programs may detect such information as e-mail headers, addresses from network packets and other information. Information from these activities is used solely for the purpose of maintaining the security and performance of the University's networks and computer systems. Personally identifiable information from these activities is not released to external parties unless required by law.
Web Server Logs
University web servers collect and store information from website visitors to monitor performance and to improve service. This information includes:
- page visited,
- date and time of the visit,
- domain name or IP address of the referring site,
- domain name and IP address from which the access occurred,
- version of browser used and the capabilities of the browser,
- search terms entered into the WIU search engine, and
- ECOM (unique person identifier for ECOM-based services only)
The University makes no attempt to identify individual visitors from this information. Any personally identifiable information is not released to external parties unless required by law. The data is used in aggregate by University Technology (uTech) to further refine websites for efficiency and is not associated with specific individuals. Raw data from the web server logs is only shared with the owner of a website. Summary reports produced from the logs help content publishers determine what web browsers and pages are most popular. For example, if the aggregate reports show a particular web page is popular or used more by freshmen than by seniors, publishers might use this information to customize the content of the page.
Cookies are data stored by a web browser, and are often used to remember information about preferences and pages visited. For example, when visiting a site, a user may see a "Welcome Back" message. The first time the site was visited, a cookie was most likely set on the computer. Web browsers can be reconfigured to refuse to accept cookies, to disable cookies, and to remove cookies from the hard drive as needed.
State Agency Website Act (Public Act 093-117)
University websites will not use permanent (persistent cookies) or any other invasive tracking programs that monitor and track University website viewing habits unless users opt-in to such tracking.
Information Voluntarily Provided (Optional Information)
In the course of using WIU websites, individuals may choose to provide information to help the University better serve the needs of the campus community. For example, users may send an e-mail (through a web form or mailto: link) to request information, register for events, or send an address for an application or other materials. Any personally identifiable information will be used only for the purpose indicated. The University does not retain the information longer than necessary or required by law.
Several sites within WIU allow individuals to pay for products or services online with a credit card. These transactions are encrypted. It is University policy that confidential information entered in a transaction is used only for the purposes described in that transaction. Credit card information such as credit card numbers is not stored on WIU servers or personal computers.
Social Security Numbers (SSNs)
Any web page that requests Social Security Numbers will inform users of the following:
- whether the disclosure is mandatory or voluntary,
- by what statutory or other authority the SSN is requested,
- how it will be used,
- a list of third parties with whom the institution shares this data, and
- if appropriate, an explanation of your right to opt out of collection/sharing.
Family Educational Rights and Privacy Act (FERPA)
Consistent with FERPA, the University does not release personal student information, other than public directory information, to other parties unless the University receives explicit written authorization. Directory information includes: student's name; school and home addresses; WIU e-mail address; telephone numbers; major field of study; dates of attendance; full- or part-time status; classification; degrees, honors and awards received (including Dean's List) and date granted; anticipated graduation date; most recent previous educational agency or institution attended; participation in recognized university activities and sports; and for members of athletic teams, weight and height.
Students can restrict the release of directory information by contacting the Office of the Registrar.
Children’s Online Privacy Protection Act (COPPA)
Western Illinois University complies fully with the Children’s Online Privacy Protection Act. Accordingly, if a user of the University web is under the age of 13, the user is not authorized to provide Western Illinois University with personally identifying information, and the University will not use any such information in its database or other data collection activities without obtaining explicit parental consent before collecting personal information from children.
WIU makes some public chat rooms, forums, message boards, and news groups available to its users. The University does not ordinarily log public chat sessions, however, any information that is disclosed in these areas becomes public information. Individuals should exercise caution when disclosing confidential information.
At any time there may be numerous online surveys being conducted on the University’s website. University policy states that confidential information gathered is used only for the purpose indicated in the survey. Unless otherwise noted on the specified survey, answers are confidential and individual responses will not be shared with other parties. Aggregate data from surveys may be shared with external third parties.
There is no legal requirement for an individual to provide any information at the WIU website. However, the University website will not work without routing information and essential technical information. Failure of a browser to provide nonessential technical information will not prevent the use of the WIU website, but may prevent certain features from working. For any optional information that is requested at the website, failure to provide the requested information will mean that the particular feature or service associated with that part of the web page may not be available.
While visiting a Western website, individuals may encounter links to web pages and sites which are not owned or controlled by WIU. Such websites do not contain a “wiu.edu” address. Be aware that these remote sites are not under the control of Western Illinois University and no warranty or claim concerning these services is implied or should be assumed. Remote sites may have different policies regarding privacy (or no policies at all); therefore, users should avoid entering personal information into such remote sites. If there are doubts about entering personal information, contact Western Illinois University using the information provided below.
Security and Accuracy of Confidential Information
WIU does its best to ensure that the personal information it collects is accurate. Users with an ECOM ID can check and update personal information such as their mailing address and e-mail address at Student/Alumni Records System (STARS) and WIUP (for employees).
While no computer system is 100 percent secure, WIU has security measures in place to protect against the loss, misuse, or alteration of the information under its control. These security measures and the systems are audited by the State of Illinois. To report a security incident, e-mail firstname.lastname@example.org.
Sharing of Information
WIU does, upon explicit request of users, share information with other parties and gather information from other private data providers. This is done only at the request of users (persons to whom the information applies). Unless specifically required under public information requests filed under FOIA, it is against University policy to release confidential information gathered through the web. However, when circumstances arise for the need to share information gathered from its University web servers, the University may share as:
- authorized or required by law,
- to assist law enforcement investigations, legal proceedings, or internal investigations of University rule and regulation violations.
- permitted under University and campus policies,
- required by an approved University contract,
- consent is explicitly given (opt-in),
- certain student and employee demographic information with Western Illinois University Alumni Association, the Western Illinois University Foundation, applicant students’ high schools and other educational institutions with questions about students who have been admitted or earned a degree from the University.
Exceptions to Rule
The University web is comprised of numerous servers, and some servers may adopt different privacy notices as their specific needs require. If another University server has a privacy notice that differs from this notice, then that notice must be approved by the President’s Cabinet, and it must be posted on the site. However, those sites cannot adopt a privacy notice that supersedes federal or state laws or regulations or University or campus policies.
Right to Correct Inaccuracies
Personal information that contains inaccuracies or that needs to be updated should be changed by contacting the appropriate office.
For questions about this privacy notice or if personal data has been compromised or improperly handled, contact the University Auditor at (309) 298-1664 or I-Auditing@wiu.edu or the Office of the Chief Technology Security Officer at (309) 298- 4500 or MA-Rodriguez@wiu.edu. For requests made under the Freedom of Information Act (FOIA) contact the University FOIA officer at (309) 298-1993 or DR-Shinberger@wiu.edu.