View Bill 20-21-15

Senate Bill 20-21-15

Bill ID: 20-21-15
Name: Proposal for the Establishment of a University Privacy Policy
Proposed: 10/27/2020
Sponsor: Joseph Gridley, Chief Privacy Officer
Proposal: Currently, there is no University Policy that directly governs Privacy. The UMD Policy on the Acceptable Use of Information Technology Resources (X-1.00 [A]) states that users of a University IT resource will have their privacy preserved. However, this simple statement does not address data subjects that may not be users of IT resources, and it does not take into account data generated as a result of their interactions with the University writ large. For example, a user's web traffic may be subject to the privacy protection in Policy X-1.00(A), but whether the health information of that same individual is subject to any privacy protection is not directly addressed. Similarly, the roles, responsibilities, and accountabilities for privacy governance are not considered in Policy X-1.00(A). Further, several new regulations, including Maryland's Higher Education Privacy Act (MD House Bill 1122) require a formalized privacy governance program, and the foundation of such a program is a directly associated Privacy Policy. Lack of such a policy will lead to an inability to meet regulatory compliance obligations. In addition to these concerns, sponsored research contracts are increasingly including requirements to address privacy at an institutional level, and the lack of a formal Privacy Policy could interfere with the University's ability to obtain or accept associated awards.

To address these issues, the University should create a new University Privacy Policy.


Status: Completed
Completed On: 12/22/2021


Presidential Approval: 12/22/2021
Related Files:

Reviewed By: Senate
Received: 12/02/2021
Decision Date: 12/09/2021
Decision: The Senate voted to approve the proposed policy as amended by the Senate.
Actions: The Senate voted to approve four amendments to the policy. An amendment was made to section II to clarify that full name encompasses legal name and preferred name. An amendment was made in section V to indicate that DIT is responsible for supporting Units in implementing the policy through tools, resources, and training. An amendment was made in section V to remove "or to meet the needs of the University Community" in a provision related to the VPIT & CIO's ability to issue, amend, or rescind Standards. An amendment was made to section VI to add language indicating that suspected violations will undergo a standard review process. After considering amendments, the Senate voted to approve the proposed policy as amended by the Senate.
Next Step: Presidential Approval
Related Files:

Reviewed By: Senate Executive Committee (SEC)
Received: 11/12/2021
Decision Date: 11/22/2021
Decision: The SEC voted to place the proposal on the agenda of the December 9, 2021 Senate meeting for consideration.
Related Files:

Reviewed By: IT Council
Received: 04/02/2021
Decision Due By: 11/05/2021
Decision: The IT Council voted to approve the proposal.
Next Step: SEC Review
Related Files:

Reviewed By: Senate Executive Committee (SEC)
Received: 11/11/2020
Decision Date: 11/18/2020
Decision: The SEC voted to charge the Information Technology (IT) Council with review of the proposal.
Actions: The SEC approved a charge to the IT Council on 11/18/20. However, once the Senate Leadership developed the charge and asked for feedback from representatives from the Division of IT, they requested additional time to consult with the rest of the administration before moving forward with the charge. Following the delay, the charge was finalized and sent to the IT Council on 4/2/21.
Next Step: IT Council Review
Related Files: