Button Menu

DePauw University Personal Data Sharing Protocol

DePauw University Personal Data Sharing Protocol

Introduction

DePauw University is dedicated to safeguarding the privacy and confidentiality of personal data belonging to students, faculty and staff. As a guiding principle, the university does not share data externally or internally unless it is absolutely necessary and legally required and there are federal laws that prohibit the sharing of personal data. This protocol outlines the procedures for responding to requests for data sharing, particularly those from law enforcement agencies while ensuring compliance with applicable laws and protecting individual privacy.

General Principles for Data Sharing

  1. Internal Data Sharing:

    • Personal data may only be shared within the university when it is necessary for legitimate institutional purposes.

    • Access to personal data is limited to individuals with a clear need-to-know basis as determined by the university officers.

  2. External Data Sharing:

    • The university only shares personal data with external entities, requested to do so by the student (e.g., graduate school application) or when legally required (e.g., in response to a valid subpoena or warrant).

    • All external legal requests must be reviewed and approved by designated university officers to ensure compliance with privacy laws such as FERPA and HIPAA

Protocol for Internal Data Sharing

  1. Internal Requests:

    • Requests for personal data within the university will only be granted if the request aligns with legitimate institutional purposes and complies with privacy regulations.

  2. Access to Data:

    • Data access will be restricted to individuals who require it to perform their job responsibilities, ensuring minimal exposure of sensitive information.

  3. Confidentiality Obligations:

    • All individuals handling personal data internally are required to maintain strict confidentiality and adhere to applicable privacy laws and university policies.

Designated University Officers

The following individuals are responsible for managing all external law enforcement data-sharing requests:

  • DePauw Police Chief Charlene Shrewsbury

  • Vice President for Institutional Equity Dionne Jackson

These officers are tasked with:

  • Verifying the credentials of any external requesting party.

  • Confirming the validity of legal documentation (e.g., subpoenas or warrants).

  • Ensuring that only relevant departments or individuals are informed to coordinate appropriate action.

  • Protecting Private Personal Information (PPI) in accordance with confidentiality laws.

Protocol for Handling Law Enforcement Requests

  1. Request Requirements:

    • All requests from law enforcement must be submitted in writing and include specific details about the information being requested, the purpose of the request and proper legal documentation (e.g., subpoena or warrant).

  2. Verification Process:

    • Designated university officers will verify the credentials of law enforcement agents and review the legal documentation to ensure its validity before proceeding.

  3. Data Disclosure:

    • Only the specific information requested will be disclosed, and only if legally required.

    • A record of all disclosures will be maintained by the designated university officers.

  4. Search Warrants:

    • In cases where a search warrant is presented, access to personal data will be provided only as mandated by law. 

Compliance and Record Keeping

  1. Legal Compliance:

    • All data sharing practices must comply with local, state, and federal laws, including FERPA, HIPAA, and other applicable regulations governing privacy and consumer rights.

  2. Record Maintenance:

    • A detailed record of external data sharing requests and disclosures will be maintained by the designated university officers for auditing purposes and legal compliance.

Review and Updates

This protocol will be reviewed annually by DePauw’s Cabinet, Director of Compliance, and legal team to ensure alignment with evolving laws, regulations, and best practices in data protection and privacy. This streamlined protocol ensures that DePauw University remains compliant with legal obligations while prioritizing the protection of personal data both internally and externally.