View Bill 20-21-15

Senate Bill 20-21-15

Bill ID: 20-21-15
Name: Proposal for the Establishment of a University Privacy Policy
Proposed: 10/27/2020
Sponsor: Joseph Gridley, Chief Privacy Officer
Proposal: Currently, there is no University Policy that directly governs Privacy. The UMD Policy on the Acceptable Use of Information Technology Resources (X-1.00 [A]) states that users of a University IT resource will have their privacy preserved. However, this simple statement does not address data subjects that may not be users of IT resources, and it does not take into account data generated as a result of their interactions with the University writ large. For example, a user's web traffic may be subject to the privacy protection in Policy X-1.00(A), but whether the health information of that same individual is subject to any privacy protection is not directly addressed. Similarly, the roles, responsibilities, and accountabilities for privacy governance are not considered in Policy X-1.00(A). Further, several new regulations, including Maryland's Higher Education Privacy Act (MD House Bill 1122) require a formalized privacy governance program, and the foundation of such a program is a directly associated Privacy Policy. Lack of such a policy will lead to an inability to meet regulatory compliance obligations. In addition to these concerns, sponsored research contracts are increasingly including requirements to address privacy at an institutional level, and the lack of a formal Privacy Policy could interfere with the University's ability to obtain or accept associated awards.

To address these issues, the University should create a new University Privacy Policy.
Active?Yes
Policy: https://policies.umd.edu/assets/section-x/X-100A.pdf

Status

Status: Under Review
Under Review By: IT Council
Received: 04/02/2021
Decision Due By: 11/05/2021
Next Step: SEC Review
Related Files:


History

Reviewed By: Senate Executive Committee (SEC)
Received: 11/11/2020
Decision Date: 11/18/2020
Decision: The SEC voted to charge the Information Technology (IT) Council with review of the proposal.
Actions: The SEC approved a charge to the IT Council on 11/18/20. However, once the Senate Leadership developed the charge and asked for feedback from representatives from the Division of IT, they requested additional time to consult with the rest of the administration before moving forward with the charge. Following the delay, the charge was finalized and sent to the IT Council on 4/2/21.
Next Step: IT Council Review
Related Files: