{"id":3158,"date":"2026-04-22T21:40:35","date_gmt":"2026-04-22T21:40:35","guid":{"rendered":"https:\/\/www.tarleton.edu\/technology\/?page_id=3158"},"modified":"2026-04-22T21:41:33","modified_gmt":"2026-04-22T21:41:33","slug":"tarleton-oits-privacy-standard","status":"publish","type":"page","link":"https:\/\/www.tarleton.edu\/technology\/tarleton-oits-privacy-standard\/","title":{"rendered":"Tarleton OITS Privacy Standard"},"content":{"rendered":"\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:66.66%\">\n<h1 class=\"wp-block-heading\">Tarleton Office of Innovative Technology Solutions (OITS) <br> Privacy Standard<\/h1>\n\n\n\n<p>Effective: February 11, 2020<\/p>\n\n\n\n<p>Revised:&nbsp; April 22, 2026&nbsp;<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:33.33%\">\n<figure class=\"wp-block-image alignright size-large is-resized\"><img decoding=\"async\" src=\"https:\/\/www.tarleton.edu\/technology\/wp-content\/uploads\/sites\/170\/2021\/12\/Tarleton_TonTexas.svg\" alt=\"The Tarleton State University logo\" class=\"wp-image-670\" style=\"width:159px;height:auto\" \/><\/figure>\n<\/div>\n<\/div>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<hr class=\"wp-block-separator alignfull has-alpha-channel-opacity has-vivid-cyan-blue-to-vivid-purple-gradient-background has-background is-style-wide\" \/>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Procedure Summary<\/strong>&nbsp;<\/h2>\n\n\n\n<p>Privacy policies are mechanisms used to&nbsp;establish&nbsp;the responsibilities and limits for system administrators and users in providing privacy in university information resources. Tarleton State University\u2019s (Tarleton or university) has the right to examine information on information resources that are under the control or custody of the university. The general right to privacy is extended to the electronic environment to the extent possible; however, there should be no expectation of privacy beyond that which is expressly provided by applicable privacy laws. Privacy is limited by the <a href=\"https:\/\/statutes.capitol.texas.gov\/?tab=1&amp;code=GV&amp;chapter=GV.552&amp;artSec=\">Texas Public Information Act<\/a>, administrative review, computer system administration, audits, and as it relates to other Tarleton-wide privacy policies.&nbsp;&nbsp;<\/p>\n\n\n\n<p>Tarleton information resources are strategic assets which, as property of the State of Texas, must be managed as valuable state resources in accordance with <a href=\"https:\/\/statutes.capitol.texas.gov\/Docs\/GV\/htm\/GV.2054.htm\">Texas Government Code Chapter 2054<\/a>. This standard applies to electronic information created, sent, received, or stored on information resources owned, leased, administered, or otherwise under the custody and control of Tarleton.&nbsp;&nbsp;<\/p>\n\n\n\n<div class=\"wp-block-group word-wrap: normal is-layout-flow wp-block-group-is-layout-flow\">\n<p>The purpose of this standard is to provide a set of measures that will mitigate information security risks associated with privacy issues. The assessment of potential risks and the application of appropriate mitigation measures will be determined by the information resource owner or their designee. In accordance with <a href=\"https:\/\/texas-sos.appianportalsgov.com\/rules-and-meetings?chapter=202&amp;interface=VIEW_TAC&amp;part=10&amp;title=1\">Texas Administrative Code (TAC) Chapter 202 \u2010 Information Security Standards<\/a>, each department and\/or resource owner may elect not to implement some or all of the risk mitigation measures provided in this standard based on information security risk management decisions and business functions. Such risk management decisions must be documented and reported to the designated information security officer. This standard applies to all individuals, users, and\/or administrators of Tarleton information resources.<\/p>\n\n\n\n<p>Please see the <a href=\"https:\/\/www.tarleton.edu\/security-controls-catalog\/\"><\/a><a href=\"https:\/\/www.tarleton.edu\/security-controls-catalog\/personally-identifiable-information-processing-and-transparency-pt\/pt-5-privacy-notice\/\">Tarleton Security Controls Catalog, specifically PT-5: Privacy Notice<\/a>, for additional information and requirements.<\/p>\n<\/div>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Procedures and Responsibilities<\/strong>&nbsp;<\/h2>\n\n\n\n<ul class=\"wp-block-list its-nested-list\">\n<li>Privacy of information shall be provided to users of university information resources consistent with obligations of federal and Texas law and\/or secure operation of university information resources in accordance with Texas A&amp;M University System (TAMUS) policies and regulations and Tarleton rules and procedures.&nbsp;&nbsp;&nbsp;&nbsp;<\/li>\n\n\n\n<li>In the normal course of their duties, system administrators may examine user activities, files, electronic mail, and printer listings, etc. to gather sufficient information to diagnose and correct problems with system software or hardware.&nbsp;&nbsp;\n<ul class=\"wp-block-list\">\n<li>In order to&nbsp;protect against hardware and software failures, backups of all data stored on&nbsp;university&nbsp;information resources may be made. System administrators have the right to examine the contents of these backups to gather sufficient information to diagnose and correct problems with system software or hardware. It is the owner\u2019s responsibility to define the retention policies for any data of concern.&nbsp;&nbsp;<\/li>\n\n\n\n<li>The organization unit head may&nbsp;designate&nbsp;certain individuals or functional areas that may&nbsp;monitor&nbsp;user activities and\/or examine data solely to&nbsp;determine&nbsp;if unauthorized access to a system or data is occurring or has occurred. If files are examined, the file owner will be informed as soon as practical, however, a delay in notification will be subject to a any ongoing investigations etc., as applicable.<\/li>\n\n\n\n<li>Files owned by individual users are to be&nbsp;considered as&nbsp;private,&nbsp;whether or not&nbsp;they are accessible by other users. The ability to read a file does not imply consent to read that file. Under no circumstances may a user alter a file that does not belong to him or her without prior consent of the file&#8217;s owner. The ability to alter a file does not imply consent to alter that file.&nbsp;&nbsp;<\/li>\n\n\n\n<li>Some individually owned files are by&nbsp;definition&nbsp;open access. Examples include Unix plan files, Web files made available through a system-wide&nbsp;facility&nbsp;and files made available on an anonymous ftp server. Any authorized user that can access these files may assume consent has been given.&nbsp;&nbsp;<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>If access to information is desired without the consent and\/or knowledge of the file owner or if inappropriate use of Tarleton information resources is suspected, files may be reviewed without the consent and\/or knowledge of the file owner if that review is part of the process of <a href=\"https:\/\/www.tarleton.edu\/technology\/tarleton-oits-electronic-information-resource-complaints-standard\/\">Standard Electronic Information Resource Complaints<\/a>.&nbsp;&nbsp;<\/li>\n\n\n\n<li>If criminal activity is suspected, the University Police Department or other&nbsp;appropriate law&nbsp;enforcement&nbsp;agency&nbsp;must be notified. All further access to information on university information resources must be&nbsp;in accordance with&nbsp;directives from law enforcement agencies.&nbsp;&nbsp;<\/li>\n\n\n\n<li>Information resource owners or custodians will provide access to information requested by auditors in the performance of their jobs. Notification to file owners will&nbsp;be as&nbsp;directed by the auditors.&nbsp;&nbsp;<\/li>\n\n\n\n<li>Unless otherwise provided for, individuals whose relationship with the university is terminated\u00a0(e.g., student graduates; employees taking a new job; visitors\/third-party has left) are considered to cede\u00a0ownership to the information resource custodian. Custodians and\/or owners should\u00a0determine\u00a0what information is to be\u00a0retained\u00a0and\u00a0delete\u00a0all others in accordance with any record retention requirements, see the <a href=\"https:\/\/www.tarleton.edu\/security-controls-catalog\/media-protection-mp\/\">Tarleton Security Controls Catalog, specifically the Media Protection (MP) family<\/a> for additional information.\u00a0\u00a0<\/li>\n\n\n\n<li>The university collects and processes many&nbsp;different types&nbsp;of information from third parties. Much of this information is confidential and shall be protected&nbsp;in accordance with&nbsp;all applicable laws and regulations (e.g., Gramm-Leach-Bliley Act, <a href=\"https:\/\/texas-sos.appianportalsgov.com\/rules-and-meetings?chapter=202&amp;interface=VIEW_TAC&amp;part=10&amp;title=1\">Texas Administrative Code 202<\/a>, etc.).&nbsp;&nbsp;<\/li>\n\n\n\n<li>Individuals who have&nbsp;special access&nbsp;to information because of their position have the absolute responsibility not to take advantage of that access. If information is inadvertently gained (e.g., seeing a copy of a test or homework, access to employee records) that could provide personal benefit, the individual has the responsibility to notify both the owner of the data and the organizational unit head.&nbsp;&nbsp;<\/li>\n\n\n\n<li>Users of Tarleton information resources shall call the Innovative Technology Solutions Associate VP\/CIO, the Chief Information Security Officer (CISO), or designee to report any compromise of security which could lead to divulging confidential information. <\/li>\n<\/ul>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Definitions<\/h2>\n\n\n\n<p><strong>Confidential Information<\/strong>: information that is excepted from disclosure requirements under the provisions of applicable state or federal law, e.g. the Texas Public Information Act.&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<p><strong>File Owner:&nbsp;<\/strong>a user typically assigned to a file in a filesystem, usually the file creator (assignee of the computer account which controls a file; not necessarily the owner in the sense of property).&nbsp;&nbsp;<\/p>\n\n\n\n<p><strong>Information Resources (IR)<\/strong>: the standards, equipment, and software that are designed, employed, operated, and maintained to collect, record, process, store, retrieve, display, and transmit information or data.&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<p><strong>Information Security Officer (ISO) \/ Chief Information Security Officer (CISO)<\/strong>: responsible for administering the information security functions within the university and reports to the information resources manager (IRM).&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<p><strong>Mission Critical Information<\/strong>: information that is defined by the university or information resource owner to be essential to the continued performance of the mission of the university or department. Unavailability of such information would result in more than an inconvenience. An event causing the unavailability of mission critical information would result in consequences such as significant financial loss, institutional embarrassment, failure to comply with regulations or legal obligations, or closure of the a department or the university.&nbsp;&nbsp;<\/p>\n\n\n\n<p><strong>Owner of an Information Resource<\/strong>: an entity responsible for a business function and for determining controls and access to information resources supporting that business function.&nbsp;&nbsp;<\/p>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Related Statutes, Policies, or Requirements<\/strong>&nbsp;<\/h2>\n\n\n\n<p>&nbsp;<a href=\"https:\/\/texas-sos.appianportalsgov.com\/rules-and-meetings?chapter=202&amp;interface=VIEW_TAC&amp;part=10&amp;title=1\" target=\"_blank\" rel=\"noreferrer noopener\">Title 1, Texas Administrative Code (TAC 202), Information Security Standards for Institutions of Higher Education<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/policies.tamus.edu\/29-01.pdf\">TAMUS Policy 29.01, Information Resources<\/a><\/p>\n\n\n\n<p><a href=\"http:\/\/policies.tamus.edu\/29-01-02.pdf\">TAMUS Regulation 29.01.02, Use of Licensed Software<\/a><\/p>\n\n\n\n<p><a href=\"http:\/\/policies.tamus.edu\/29-01-03.pdf\">TAMUS Regulation 29.01.03, Information Security<\/a><\/p>\n\n\n\n<p><a href=\"http:\/\/policies.tamus.edu\/29-01-04.pdf\">TAMUS Regulation 29.01.04, Accessibility of Electronic and Information Resources<\/a><\/p>\n\n\n\n<p><a href=\"http:\/\/policies.tamus.edu\/29-01-05.pdf\">TAMUS Regulation 29.01.05, Artificial Intelligence<\/a><\/p>\n\n\n\n<p><a href=\"http:\/\/policies.tamus.edu\/29-01-06.pdf\">TAMUS Regulation 29.01.06, Covered Applications and Prohibited Technologies<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/www.tarleton.edu\/policy\/wp-content\/uploads\/sites\/142\/2022\/06\/29_01_03_T0_01.pdf\">Tarleton SAP 29.01.03.T0.01, Information Resources &#8211; Acceptable Use<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/www.tarleton.edu\/policy\/wp-content\/uploads\/sites\/142\/2022\/06\/29_01_99_t1.pdf\">Tarleton Rule 29.01.99.T1, Information Resources<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/www.tarleton.edu\/security-controls-catalog\/\">Tarleton Security Controls Catalog<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/www.tarleton.edu\/rules\/privacy-and-security-policy\/\">Tarleton Rules and Notices &#8211; Privacy and Security Policy<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/www.tarleton.edu\/registrar\/students\/privacy-information\/\">Tarleton&#8217;s Family Educational Rights and Policy Act (FERPA) Information Privacy Policy<\/a><\/p>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Contact Office<\/strong>&nbsp;<\/h2>\n\n\n\n<p>Office of Innovative Technology Solutions&nbsp;<\/p>\n\n\n\n<p>AVP and CIO of Innovative Technology Solutions&nbsp;<\/p>\n\n\n\n<p>254-459-5685&nbsp;<\/p>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Tarleton Office of Innovative Technology Solutions (OITS) Privacy Standard Effective: February 11, 2020 Revised:&nbsp; April 22, 2026&nbsp; Procedure Summary&nbsp; Privacy policies are mechanisms used to&nbsp;establish&nbsp;the responsibilities and limits for system &#8230;<\/p>\n","protected":false},"author":94,"featured_media":580,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"template-fullwidth.php","meta":{"_acf_changed":false,"inline_featured_image":false,"advgb_blocks_editor_width":"","advgb_blocks_columns_visual_guide":"","footnotes":""},"class_list":["post-3158","page","type-page","status-publish","has-post-thumbnail","hentry"],"acf":[],"coauthors":[],"author_meta":{"author_link":"https:\/\/www.tarleton.edu\/technology\/author\/jgeorge\/","display_name":"jgeorge"},"relative_dates":{"created":"Posted 2 days ago","modified":"Updated 2 days ago"},"absolute_dates":{"created":"Posted on April 22, 2026","modified":"Updated on April 22, 2026"},"absolute_dates_time":{"created":"Posted on April 22, 2026 9:40 pm","modified":"Updated on April 22, 2026 9:41 pm"},"featured_img_caption":"","featured_img":false,"series_order":"","_links":{"self":[{"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/wp\/v2\/pages\/3158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/wp\/v2\/users\/94"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/wp\/v2\/comments?post=3158"}],"version-history":[{"count":2,"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/wp\/v2\/pages\/3158\/revisions"}],"predecessor-version":[{"id":3160,"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/wp\/v2\/pages\/3158\/revisions\/3160"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/wp\/v2\/media?parent=3158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}