Prologue
University of the Pacific respects the privacy of your personally identifiable information and does not, under any circumstances, rent or sell personal information submitted by visitors to our site to any outside third party.
Personal information that you submit to this Web site will be used only for the purpose for which it was asked, for example, information submitted on the Admissions section of our web site will be used for admissions purposes. Aggregate, non-personally identifying information may be both used internally and shared externally, for example, to analyze web site visitor statistics.
The university is committed to upholding our community members' and visitors' right to privacy.
Date this Master Privacy Statement went into effect: 02/04/2008
Date this Master Privacy Statement was last updated: 06/06/2018
Introduction
In the course of fulfilling its mission of teaching, learning and scholarship, the University employs a variety of record keeping systems and collects and uses a variety of information associated with its past, present and future customers, including faculty, staff and students. In addition to observing all applicable privacy and confidentiality laws, the University respects and protects individual privacy through this Master Privacy Statement and, where applicable, a series of Privacy Statement Addendums. Privacy Statement Addendums are specific to the information being collected and/or the specific academic or administrative units that collects it. Privacy Statement Addendums, if applicable, appear at the point of data collection.
Privacy Statement Definitions
The University: The University of the Pacific and all its divisions, departments and officially sponsored organizations.
The General Public: Unrestricted readers of, University produced, Printed Materials and Web Site Personally identifiable information: Individually identifiable information including any of the following:
- A full or partial name
- A home address or other physical address
- An e-mail address or other electronic address
- A telephone number or other communications device number
- A social security number or other identification number
- A date of birth
- Drivers license number
- Credit card or financial account number
- Any other identifier that permits the physical or online contacting of a specific individual.
- Any information concerning an individual in combination with an identifier described above. In particular,
a) for students, this includes all information not designated as Directory
information under FERPA.
b) for all, Protected Health Information (PHI). The Privacy Rule provisions of the Health Insurance Portability and Accountability Act (HIPAA) of 1996 define PHI as all "individually identifiable health information" held or transmitted by a covered entity or its business associate, in any form of media, whether electronic, paper, or oral." Does not include non-individual summary information used for statistical purposes. Does not include works of authorship, copyrighted information or electronic communications such as voicemail or email.
Record keeping system: A system designed to collect, organize and store personally identifiable information. Record keeping systems may vary from a simple document, to a spreadsheet to a database and are primarily intended to facilitate administering activities related to the mission of the University.
Information Provider: The individual that provides the information.
Third Parties: Individuals or organizations, not a part of or affiliated with the University.
Provided information: Personally identifiable information given directly to the University by an individual. This information can be about themselves or another individual, like a parent or guardian.
Collected Information: Personally identifiable information that may include directly provided information and/or information obtained from a third party.
Directory Information: Personally identifiable information that:
- For Students consists of elements defined as not confidential under FERPA.
- For employees, information defined as not confidential by HR.
- For everyone, information that the Information Provider explicitly designates as not confidential.
Directory information may be freely provided to The University.
Privacy Flag: Students may request that Directory information not be shared with anyone, by asking the Registrar to set the privacy Flag.
Privacy Statement Precepts
In all circumstances, the University will:
- Secure all personally identifiable information using appropriate and generally practiced security measures and technology.
- Except for Directory Information, consider all personally identifiable information as confidential under its Computing and Communications Confidentiality Policy, sharing it only on a need-to-know basis under the terms of this Master Privacy Statement and any applicable Privacy Statement Addendums.
- Directory Information will not be shared with the General Public without its owner's explicit permission.
- Practice good stewardship of Directory Information, using it appropriately under applicable laws, this Master Privacy Statement and any applicable Privacy Statement Addendums.
- If it is required to do so, comply with the law or with legal process and disclose personally
identifiable information. - Retain the right to use personal information in its systems to identify the source of any inappropriate usage of its electronic resources as outlined in its Information Technology Policies: Acceptable Use Policy.
- Change this Master Privacy Statement from time to time without prior notice or consent, but if changes are made, that fact will be prominently and widely communicated. A Change history for the Master Privacy Statement will be maintained off the Privacy Statement link on Pacific's Home Page.
- Accept and act on all allegations of Privacy Statement violations addressed to privacy@pacific.edu.
Unless explicitly stated otherwise in a specific Privacy Statement Addendum, Pacific may:
- Share personally identifiable information, on a need to know only basis, with authorized third parties (non-Pacific entities) that provide service to the University and that have contractually agreed to point (1.) above.
- Share protected Health Information with authorized third parties as permitted under the HIPAA Privacy Rule solely for the purpose of treatment, payment, or and health care operations.
- Not provide personally identifiable information to third parties for any purpose unrelated to the mission of the University without the explicit permission of the information provider or as specified in the HIPAA Privacy Rule. This includes, but is not limited to the marketing of commercial goods or the provision of commercial services.
- Share personally identifiable information within Pacific in support of its mission of teaching,
learning and scholarship and the administration thereof so long as the Privacy Statement
Addendum (if any) under which the information was collected remains in force. - Obtain personally identifiable information from third parties (collected information), solely as necessary to conduct the business of the University, and will treat that information as if it were directly obtained from the person in question.
- Request personally identifiable information for the purpose of obtaining access to and/or verifying authorization to use services or facilities of or sponsored by the University, especially by electronic means for electronic services.
- Add a consent line to information input sources, like forms or screens, stating that by their agreement their information will be managed under the University's Privacy Statement and/or a particular Privacy Statement Addendum(s). Failure to sign would halt the associated business process, perhaps resulting in the inability of the University to provide desired services or considerations.