Printed on: 05/26/2017. Please go to for the most current version of the Policy or related document.


Including a Privacy Statement on U Web Pages

Responsible University Officer(s):

  • Vice President for Information Technology (Interim)

Policy Owner(s):

  • Vice President for Information Technology (Interim)

Policy contact(s):

Date Revised:

January 2014

Effective Date:

September 2001


The University respects the privacy of web site visitors to the extent permitted by law. University web sites must include a privacy statement notifying visitors of the information that the site collects. University web sites include:

  • Official University sites
  • Sites that collect online information from visitors
  • Sites that track user actions

The privacy statement must be written to assure web site users that the University will:

  • Inform visitors about information collected, its intended use, and options for using the site without providing such information.
  • Follow laws governing the collection of online information.
  • Notify visitors of their options concerning accessing information collected.
  • Establish appropriate security measures for any personally identifiable information collected.

Units and individuals responsible for web sites must select the standard privacy statement included within this policy, if applicable, or develop a customized privacy statement.

Each page of the web site must display a link to a privacy statement, or display the statement itself.

Special Situations

The Institutional Review Board (IRB) is responsible for reviewing sites conducting web-based research.. The IRB develops its own guidelines for the use of web sites in research and applies those guidelines to research projects requiring IRB review.


This policy requires University web sites to inform visitors about how their web site collects, uses and protects information voluntarily provided by the visitor and information collected by the web site. This policy complies with the Minnesota Government Data Practices Act - Minn. Stat. 13.01 et seq., which governs the notification of public and private information collected by public organizations.






Primary Contact(s)
Research on the Web
Research Subjects Protection Program
(612) 626-5654
Web Site Security
Office of Information Technology
(612) 625-1505
Public or Private Data
Coordinator, Records and Information
Office of General Counsel
(612) 625-3497
(612) 624-4100


A verification that substantiates a person's identity. For purposes of this policy, people are considered authenticated members of the University community if they have an Internet ID, and that they are able to prove that they know the password associated with that Internet ID listing.
Data that a web site transfers to an individual's browser where they are stored and later returned to the site upon request. They allow sites to identify users within and across visits, to track usage patterns, and to more easily compile data on transactional information for individuals visiting web sites.
Any means of identifying an individual, manual or automated. A process that enables recognition of an entity by an automated information system is usually accomplished through the use of unique machine-readable user names.
Official University Web Site
Web sites representing themselves as presenting information from a department or unit of the University.
Online Information Collected From Visitors
Any data typed into a web page by a visitor and collected and stored by the web site. For example the web page may have prompts for this information such as "enter your name" or input boxes. This definition does not include routine e-mail links to send comments for site improvement to the webmaster.
Personally Identifiable
Data or information that include (1) the name of the person or other family members; (2) the person's address; (3) a personal identifier such as a Social Security number, student ID number, e-mail address, telephone number, or other user number (4) a list of personal characteristics, or (5) other information that would make the person's identity easily traceable.
Security Measures
Processes, software, and/or hardware used by system and network administrators to assure confidentiality, integrity, and availability of computers, networks, and data belonging to the University and users of University computer and network resources. Security measures include monitoring of network traffic to detect security attacks, the automated or manual review of files for potential or actual security or policy violations, and the investigation of security-related issues.
Transactional Information
Information gathered as part of identifying, processing, and billing electronic communication including, but not limited to: electronic mail headers, summaries, and addresses; records of telephone calls; IP addresses; and URLs.
University Community
University faculty, staff, and students, as well as any others (e.g., alumni) are considered a part of the University community. The General Counsel may designate other members of the University Community.
University Web Sites
All sites on University networks, or using University resources, or residing within the University's "" domain.
Any authorized user of a web site. This may include members of the University community as well as the general public.
Web Sites Tracking Visitor Actions
Any web sites that use "cookies" or other technical means to store information about the visitors or visitor's actions. This definition includes either the routine information stored in server security logs (date and time of visit, internet address of the referring site, domain name and IP address) by almost all web sites.


Chief Information Security Officer
Maintain the versions of the online privacy statements within this policy.
Department Head
Select or develop an information collection and online privacy statement that fits the unit's web site. Determine which web pages are Official University pages.
General Counsel
Provide advice to Units on legal requirements for maintaining, securing, and releasing information collected from web visitors.
Individual Web Site Operator/Administrator
Post or link to an online privacy statement. Bring to the attention of the Department Head any web sites that should display the privacy statement.
Web Site Visitor
Be informed of your rights and responsibilities related to any personally identifiable information you provide.


Related Policies

Other Related Information


January 2014 - Enhanced the Online Privacy Statement, and provided instructions for developing a customized privacy statement. Improved the FAQ and made changes to the links.
December 2003 - Updated Statement and Reason for Policy, Definitions, FAQ, and online privacy statement because of new provisions in Minn. Stat. 13.15. Title changed from Collecting Information From Visitors To U Web Sites (Online Privacy) to Including a Privacy Statement on U Web Pages.
August 2001 - Deleted the word "Proposed" from Policy Title. Clarified Policy Statement.
February 2001 - Updated Policy Statement, Contacts, Who Should Know, Definitions, Procedure, FAQ and appendices in response to feedback from the University Community.
September 2001
Document Feedback