92  Institution Privacy Policies PENNSYLVANIA STATE UNIVERSITY AD53 Privacy Policy https://policy.psu.edu/policies/ad53 involves PII, that particular unit, department, or individual is responsible for ensuring that adequate and appropriate safeguards and contractual provisions are in place relating to the collection, access, use, dissemination, and/or storage of this PII before entering the contract. Moreover, before a unit, department, or individual enters into a contract that involves the use of PII, that unit, department, or individual must (1) notify and consult every other unit or department across the University involved, either directly or indirectly, about the necessity for PII in the performance of the contract, (2) seek approval from every other unit or department across the University whose interests in or records of PII may be disclosed or utilized in performance of the contract, and (3) seek approval from the Privacy Office. The applicable safeguards shall be documented in writing in an appropriate manner to ensure compliance. IMPLEMENTATION AND EXCEPTIONS Any questions regarding the content of this Policy or supplemental Guidelines and Standards should be referred directly to the Chief Privacy Officer (privacy@psu.edu (mailto:privacy@psu.edu)) who has responsibility to interpret. POLICY VIOLATIONS Federal, state, and/or local governments have enacted various laws and regulations relating to privacy to which the University is bound. Compliance with this Policy is designed, in part, to ensure that the University is complying with its various privacy-related obligations. To the extent any violation of this Policy results in, leads to, or is responsible for a reportable incident or penalties imposed by government regulators or agencies, then that specific department or unit operating in violation of this Policy may be required to cover all University costs associated with the resulting reportable incident and/or associated government penalties. University employees or students who violate this Policy and/or supplement Guidelines and Standards may be subject to disciplinary action. FURTHER INFORMATION: For questions, additional detail, or to request changes to this policy, please contact the Privacy Office. CROSS REFERENCES: Other Policies should also be referenced, especially: AD11 (/policies/ad11), University Policy on Confidentiality of Student Records AD22 (/policies/ad22), Health Insurance Portability and Accountability Act (HIPAA) AD35 (/policies/ad35), University Archives and Records Management AD65 (/policies/ad65), Electronic Security and Access Systems (formerly SY33) AD83 (/policies/ad83), Institutional Financial Conflict of Interest AD95 (/policies/ad95), Information Assurance and IT Security AD96 (/policies/ad96), Acceptable Use of University Information Resources HR60 (/policies/hr60), Access to Personnel Files RA02 (/policies/rp02), Addressing Allegations of Research Misconduct (Formerly RA10, Handling Inquiries/Investigations Into Questions of Ethics in Research and in Other Scholarly Activities)
Previous Page Next Page