Skip to main content
uta
uta

Web Privacy Standard

Contents:

I. Purpose

The University of Texas at Arlington (UTA) is committed to ensuring the privacy and accuracy of your confidential information. UTA does not actively share personal information gathered from its Web servers. However, because UTA is a public institution, some information collected from UTA websites, including the summary server log information, emails sent to websites, and information collected from Web-based forms, may be subject to the Texas Public Information Act. This means that while UTA does not actively share information, in some cases it may be compelled by law to release information gathered from its Web servers.

UTA also complies with the Family Educational Rights and Privacy Act (FERPA), which prohibits the release of education records without student permission, unless certain exceptions apply. Although FERPA regulations apply only to UTA students, the university is equally committed to protecting the privacy of all visitors to our Web site.

As part of its commitment to maintain the privacy of its Web users, UTA has developed this privacy statement. The statement has two purposes:

  1. To educate users about privacy issues
  2. To inform users about specific privacy policies and guidelines employed at UTA.

II. Scope

UTA by and through its academic, research and administrative units and programs, owns, controls, operates and/or maintains websites under a number of domains (collectively, “UTA Web”). This Web Privacy Policy applies to all domains within the UTA Web.

III. Required Link

Each Web application or site must contain a link for "Web Privacy" that links to this standard.

IV. Exceptions

The UTA Web consists of hundreds of Web servers. Some servers hosted by UTA may adopt different privacy statements as their specific needs require. If a UTA department has a privacy statement that is different from this statement, that policy must be approved by the Information Security Office and Office of University Compliance and Legal Affairs. However, those sites cannot adopt a privacy statement that in any way supersedes federal or state regulations.

The UTA Web contains links to hundreds of external websites. The university is not responsible for the privacy practices or the content of the external websites we link to.

V. Information Gathered by UTA

UTA Web servers generate logs that may contain the following information:

  • Internet address (IP address) of computer being used
  • Web pages requested
  • Referring Web page
  • Browser used
  • Date and Time
  • Other web data collectively known as “web headers” or “http headers”
  • UIN (unique person identifier for NetID-based services only)

The data is used in aggregate by IT custodians to tune the Web site for its efficiency and is not ordinarily associated with specific individuals. Raw data from the Web server logs is only shared with the custodian of each Web site. Summary reports produced from the logs help Web publishers determine what Web browsers and pages are most popular. For example, if the aggregate reports show a particular Web page is very popular or used more by freshmen than by seniors, publishers might use this information to customize the content of that page and make it easier to find.

VI. Third-party content

Some pages within the uta.edu domain may contain content that is served from external third parties. For example, a uta.edu Web site might include a graphic logo or a script from a third party. Specifically, the following code within a uta.edu page would represent an example of third party content:

<img src="/%3Ca%20href%3D"http://www.other-org.com/logo.gif">http://www.other-org.com/logo.gif" alt="Sample" />

In this example, logo.gif would be third party content served from a Web server outside the uta.edu domain (www.other-org.com in this case). Third party content in uta.edu is not limited to graphics, but this is the most frequent use. Examples of these third parties include social media sites like Facebook, Twitter, LinkedIn, YouTube, Fickr, etc.

UTA does not transmit any information to these third parties as part of such requests. However, when you visit uta.edu pages that contain third party content, information such as your IP address, date, browser, and requested page are transmitted from your computer to that third party. UTA is not responsible for the privacy practices of these external third parties.

VII. Cookies

Cookies are small pieces of data stored by the Web browser. Cookies are often used to remember information about preferences and pages you have visited. For example, when you visit some sites on the Web you might see a "Welcome Back" message. The first time you visited the site a cookie was probably set on your computer; when you return, the cookie is read again. You can configure your Web browser to refuse to accept cookies, to disable cookies, and to remove cookies from your hard drive as needed.

UTA Web servers use cookies in the centralized authentication system called NetID that utilize Shibboleth or Active Directory Federated Services (ADFS). These cookies are used so you will not have to repeatedly enter user names and passwords when you go to different parts of the Web site. You are normally required to enter a UTA NetID or email address when you request data about yourself or to ensure that you are a member of the University community. For example prospective students who want to check their admission status, or employees who want to look at their paystubs, must enter their UTA NetID so the system knows who is requesting the data. This login process uses Transport Layer Security (TLS) so the user name and password are encrypted between the Web browser and our Web server.

Some Web servers within UTA may also use cookies to retain user preference information. It is against university policy to share this information with external third parties.

VIII. Web Analytics

Some UTA websites use Web Analytics Services provided by various vendors like Google, Inc. Such vendors use cookies to collect information such as URLs, Internet domain and host names, browser software, and the date and time that the site is visited. This information is used to monitor the effectiveness of the website and to consider potential improvements to the website. The information is non-personal and is transmitted to and stored by vendors on their servers. UTA does not share any specific information about a particular user.

Please visit the following pages for more information on Google Analytics terms of use and Google's privacy practices. To opt out of Google’s data collection, read more about the Google Analytics opt-out browser add-on.

IX. Security and Accuracy of Confidential Information

UTA does its best to ensure that the personal information we have about you is accurate. Users with a UTA NetID can check and update personal information such as their address and email address on UT Share (employees and certain affiliates) or MyMav (students).

Although no computer system is 100% secure, UTA has deployed extensive security measures to protect against the loss, misuse, or alteration of the information under our control.

X. E-commerce

Several sites within UTA enable you to pay for products or services online with a credit card. Unless otherwise noted, these transactions are encrypted. It is university policy that confidential information you enter in the transaction is used only for the purposes described in that transaction, unless an additional use is specifically stated on that site.

XI. Sharing of Information

UTA does, upon explicit request of users, share information with other parties and gather information from other private data providers. For example, the university receives test scores from testing agencies and will send transcripts to other schools. This is done only at the request of users (persons to whom the information applies). Unless specifically required under public information requests filed under the Texas Public Information Act, it is against university policy to release confidential information gathered through the Web, such as pages visited, or personalized preferences. For example, the University's portals, UT Share and MyMav, enable users to customize the content they see on their personal page. This information cannot be shared with external third parties.

Consistent with FERPA, we do not release personal student information, other than public directory information, to other parties unless we receive explicit written authorization to do so or an exemption applies. UTA students can read more about directory information in the University's FERPA page. Examples of directory information include first and last name, address, and date of birth. Enrolled students can restrict release of their directory information by contacting setting privacy elections in MyMav.

XII. Public Forums

UTA makes some public chat rooms, forums, message boards, and news groups available to its users. The university does not ordinarily log public chat sessions, however, any information that is disclosed in these areas becomes public information and you should therefore exercise caution when deciding to disclose your confidential information in such places.

Academic chat sessions and discussion forums, such as those in Blackboard, may be logged. However, these educational records are protected from disclosure by FERPA.

XIII. Online Surveys

UTA is a research institution. At any time there are numerous online surveys being conducted on the University’s Web site. It is University policy that confidential information gathered in these online surveys is used only for the research purposes indicated in the survey. Unless otherwise noted on the specified survey, your answers are confidential and individual responses will not be shared with other parties unless required by the Texas Public Information Act. Aggregate data from surveys may be shared with external third parties.

XIV. Open Records Requests

Except for educational records governed by FERPA, all information collected from the UTA Web, including the summary server log information, emails sent to the Web site, and information collected from Web-based forms, may be subject to the Texas Public Information Act.

XV. Texas Public Information Act

The Texas Public Information Act, with a few exceptions, gives you the right to be informed about the information that UTA collects about you. It also gives you the right to request a copy of that information, and to have the university correct any of that information that is wrong. You may request to receive and review any of that information, or request corrections to it, by contacting the University's Public Information Officer, Office of University Compliance and Legal Affairs, 701 S. Nedderman Drive, Arlington, TX 76019-0145 (email: publicrecords@uta.edu).

XVI. Questions

If you have questions about this privacy statement or you believe that your personal information has been released without your consent send email to security@uta.edu.

XVII. Responsibility for Maintaining and Updating this Standard

Chief Information Security Officer & Director of Information Security

XVIII. Responsibility for Implementation

Chief Information Officer & Vice President for Information Technology

XIX. Updates and Modifications to this Document

This document will be modified as necessary to address changes in technology, processes and identified risks, and is intended to complement, and does not supersede, relevant UT System or UT Arlington policies and procedures governing the security of University data. In the absence of specific policies, policy statements found in this document will stand as provisional until such time that it is incorporated into a HOP policy or procedure. Significant changes to this document will be announced to Information Security Administrators and/or in the MavWire.