Protecting Your Privacy
We respect the privacy rights of individuals and strive to protect personal data in all aspects of university operations. We also encourage individuals to take reasonable steps to protect their personal information and know their privacy rights. We use the Fair Information Practice Principles (FIPPs) to guide our organization on properly handling individuals' personal data.
Collection Limitation: limit the collection of personal data to only the information you need. Obtain the information lawfully and with the knowledge or consent of the data subject.
Data Quality: personal data should be accurate, up-to-date, and relevant to the purpose for which it was collected.
Purpose Specification: the purpose for which information is collected should be disclosed at the time it is being collected and only used for that purpose specified. Any change in purpose must be disclosed and consented to by the data subject.
Use Limitation: personal data must only be used for the purpose for which it was collected with the consent of the data subject or by authority of law. It should not be disclosed or shared with third parties without consent or a contractual business purpose.
Security Safeguards: reasonable physical, technical, and administrative security measures are required to protect against unauthorized access, use, modification, disclosure, or destruction of data.
Individual Participation: individuals should have a right to obtain their data in a reasonable time, manner, and format; and to request amendment, rectification, completion, or erasure of their data.
Accountability: organizations are held accountable for following these principles.
Data Privacy Week! Jan. 21-27, 2024
- Student information (grades, schedules, GPA, attendance, etc.) should not be shared with other students, parents, or third-parties without the explicit written consent of the student, with limited exceptions:
- Some education records may be shared with "school officials" who have a "legitimate educational interest" without the student's consent (e.g. AU administrator).
- Some education records may be shared with vendors of the university to fulfill a specific contractual business purpose requiring them to protect the information (e.g. a software that integrates with Canvas).
- Some education records designated as "directory information" (name, Auburn e-mail, degree received, etc.) may be shared if for non-commercial purposes and with the consent of the SVP of Student Affairs (e.g. invitation to an honor society).
- Contact the Registrar's Office if you have questions.
- Avoid using non-Auburn services and tools (Gmail, personal devices, Dropbox, etc.). Use Auburn e-mail, Auburn computers/laptops, and storage solutions such as One Drive, Box, and Xtender.
- The Data Classification Policy identifies categories of data based on its sensitivity and criticality, and specifies appropriate protection standards for each category of data.
- Contact the Cybersecurity Office if you have questions.
- This process provides guidance for implementation and, if needed, additional contractual obligations of the company to meet legal standards.
- The Software & Information Technology Services Approval Policy requires this approval prior to the acquisition or renewal of any software or information technology services to ensure they meet or exceed regulatory statutes and industry best practices.
- Contact the Office of Information Technology if you have questions.
If you suspect that data or information has been compromised, lost, stolen, or inappropriately accessed, used, or exposed, report it immediately to the Information Security Incident Response Team (ISIRT) by sending an email to email@example.com or calling (334) 844-0888.
The Information Security Incident Reporting Policy requires that security incidents be reported to the proper departments to allow Auburn University to take appropriate action.
- Do not click on suspicious emails or links
- Do not give out your username, password, or other sensitive information
- Do not approve DUO requests that you did not initiate
- Social Media: be suspicious of messages from strangers and links from identity thieves posing as your friends. These can contain malware that can steal information from your smartphone or tablet.
- Safeguard your personal information including your social security number, financial information, student ID, etc.
- Check your credit report annually for any accounts or lines of credit you did not initiate.
Approved Data Storage
- HIPAA Privacy and Security Policy
- The Health Insurance Portability and Accountability Act at Auburn
- HIPAA Hybrid Entity Policy
- AU Health Plan Notice of Privacy Practices
- AU Pharmacy Health Services Notice of Privacy Practices
- AU Speech & Hearing Notice of Privacy Practices
- AU Med Clinic Patient Privacy and Rights
- AUM Warhawk Health Services Notice of Privacy Practices
External Privacy Resources
External Privacy Resources
- Federal Trade Commission - Privacy & Security
- Federal Trade Commission - ID Theft
- Department of Education - Family Educational Rights & Privacy Act (FERPA)
- Department of Health & Human Services - Health Information Privacy
- Future of Privacy Forum
- Health Privacy Project
- Electronic Privacy Information Center
- Center for Democracy and Technology
- Privacy Rights Clearinghouse