Data Privacy
Towson University is dedicated to safeguarding your privacy and personal information.
Data privacy is a key element of TU’s information governance program, complemented by data governance, which reinforces privacy by implementing policies and procedures for the proper management, protection, and authorized use of data throughout its lifecycle.
The University maintains compliance with the . For privacy rights beyond FERPA, the Chief Information Security Officer (CISO) acts as the University privacy officer and is responsible for overseeing and managing the company’s data privacy program. This includes ensuring compliance with privacy regulations, implementing privacy policies, and safeguarding sensitive information.
Systems of Record
Towson University defines its Systems of Record (SoR) as structured information systems that require strong protection of confidentiality, integrity, and availability that widely support the campus community.
The university has made available the contact details for data subjects/individuals to submit requests regarding data privacy, along with the processes to manage such inquiries.
As required by the , the university has designated the following information systems as “Systems of Record”:
- Human Resources Information System: used for employment records.
- Relationship Management System: used for university engagement activities.
- Student Admissions System: used for students applying to the university.
- Student Information System: for student records.
Information Collection
As an institution of higher education, Towson University’s Systems of Record (SoR) may collect and retain relevant personal information related to educational and student records (e.g., admissions applications, financial aid information, etc.), administrative purposes (e.g., payroll, background checks for employment, etc.) and university engagement (e.g., newsletters, university event attendance, etc.).
The information may be collected directly (e.g., applying for an employment opportunity, signing up for a newsletter, etc.) or indirectly (e.g., transcripts for admissions purposes).
Examples of personally identifiable information stored in TU’s Systems of Record include, but are not limited to the following:
- Name
- Date of birth
- Email addresses
- Financial aid
- Identification numbers
- Payroll data
- Phone numbers
- Transcripts
TU inventories its Systems of Record for the types of data stored. Before adding any new data types, data usage approval must be obtained through data governance processes. Additionally, TU follows access control procedures before authorizing the use of data.
Third-Party Sharing
The university reserves the right to disclose any relevant information, including Personally Identifiable Information (PII), when required by law enforcement or to comply with a court order, law, or legal process, including responding to a government or regulatory request. Personal Information from a System of Record may be shared with local, state, and federal organizations as required such as the Maryland Higher Education Commission (MHEC), U.S. Department of Education and Middle States Commission on Higher Education (MSCHE).
TU will not disclose PII to third parties, other than those third parties processing PII on behalf of TU, unless the Data Subject consents to the disclosure, or TU determines that disclosure of PII is in the best interest of TU.
Some PII may be subject to disclosure under the Maryland Public Information Act or other federal and state laws or regulations.
The university reserves the right to access and use PII in its sole discretion when university staff believe there is a risk to safety or to investigate actual or suspected instances of misconduct or risk to the university, students, faculty, staff, and third parties, subject to applicable law and university policy.
The university may disclose aggregated, disaggregated, anonymized, or de-identified personal information about our community.
Data Subject Requests
An individual may submit data privacy requests concerning Personally Identifiable Information (PII) relating to the individual held and processed by TU. The data subject (the individual to whom the PII relates) may seek access to the PII, correction or deletion of the PII, or to opt out of sharing PII with third parties. Data subjects may submit their requests to TU’s Office of Information Security and Privacy (see the Privacy Statement for current submission instructions).
To protect the data subject’s privacy, TU will take precautions to verify the data subject’s identity and use appropriately secure communication methods.
TU may deny a data privacy request if it reasonably concludes that it has a legitimate basis for processing the PII or if the request is infeasible. If the data subject disagrees with TU’s decision regarding a request to change PII, the data subject will be given the option to leave a record of their change request with the original record.
The above procedures only apply to PII within a designated System of Record.
Other TU Privacy Resources
Here are some ways to manage your info at TU:
- Update/correct academic records: see options on the Registrar's Office webpage.
- Update employee personal information: access links on the Office of Human Resources' webpage.
- See FERPA Annual Notification of Rights
- See TU's Privacy Statement
INSTRUCTIONAL LECTURE CAPTURE GUIDELINES AND RELEASE FORM
Guidelines
Faculty and staff who intend to use instructional lecture capture resources supported by Towson University are to adhere to the Instructional Lecture Capture Guidelines to ensure the FERPA regulations are not violated.
Release Form
If a faculty/staff member intends to reuse recordings where the image, voice or materials of students are captured, the Instructional Lecture Capture Release Form must be used. *Be sure to read the guidelines (above) first.