The University respects the privacy of website visitors to the extent permitted by law. University websites must include a privacy statement that notifies visitors of the information that the site collects. This applies to any website operated on the University network or by a University unit or using University resources, whether or not it is accessed through a umn.edu address.
University websites include those that:
- collect online information from visitors, or
- track user actions, or
- represent a University unit.
Units and individuals responsible for websites must either select the standard privacy statement included within this policy, or develop a customized privacy statement. Units who create customized privacy statements must include the following disclosures. (see Appendix: Language for Customized Privacy Statements). :
- Informs visitors about information collected, its intended use, and options for using the site without providing such information.
- Specifies that laws governing the collection of online information are followed.
- Notifies visitors of their options concerning accessing information collected.
- Appropriate security measures are followed for any personally identifiable information collected.
Units must ensure that each page of the website must display a link to a privacy statement, or display the statement itself.
The Institutional Review Board (IRB) is responsible for reviewing sites conducting web-based research. The IRB develops its own guidelines for the use of websites in research and applies those guidelines to research projects requiring IRB review.
Reason for Policy
This policy requires University websites to inform visitors about how their website collects, uses and protects information voluntarily provided by the visitor and information collected by the website. This policy complies with the Minnesota Government Data Practices Act - Minn. Stat. 13.01 et seq., which governs the notification of public and private information collected by public organizations.