Application Use Policy

User Responsibilities

Users of applications maintained and managed by the Auburn University Graduate School have access to  records that may contain private, sensitive, or personally identifiable information (PII).  Access to the applications is tightly controlled and the collection of sensitive data is kept to a minimum; however, unsolicited PII is often found on transcripts or other supporting documents and could be overlooked during redaction.

All users are expected to follow appropriate guidelines for the responsible use of data, and must abide by the below confidentiality statements.

• Will not knowingly violate University or departmental policies, or state or federal laws governing privacy of information.
• Will agree that the Auburn University Network Policy to all users in its entirety.
• Will respect the confidentiality of all student, faculty, and personnel information to which access is granted.
• Will not copy or store screenshots, PDFs, or any other formats containing data from applications to which access is granted.
• Will promptly notify the Graduate School upon discovering access to applications or sensitive data that job responsibilities do not require.
• Will promptly notify the Graduate School upon learning of the misuse of any software application, including but not limited to the sharing of passwords or data.
• Will read and understand the Graduate School’s PII Policy below.
• Will agree that the responsibility for safe handling of PII is required and that a violation may result in disciplinary actions or revocation of privileges.
• Will agree that no PII will be stored on personal computers, in personal home directories, or on any external devices.

PII Policy

Section 1 – Introduction

In order to fulfill our duties to Auburn University and the student population, the Graduate School must handle Personally Identifiable Information (PII) and must do so responsibly.  Our software applications allow minimal and tightly controlled access to such data, and authorized users must follow these policies when handling.

Section 2 – Definition

The definition of PII can include many different data elements.  For the purposes of this policy, we follow Internal Audit’s definition: social security number, driver’s license number, bank routing number, and credit or debit card number.  The Graduate School does not routinely collect most of these elements.

Section 3 – Collecting and Accessing PII

PII is collected only for the purposes of verifying the uniqueness of applicants and performing the necessary background research.  The only currently authorized means of collecting PII is through the ApplyYourself (AY) application, which has any such fields set as optional.  Only the admissions staff has the ability to see the full numbers.

 Section 4 – Storing and Disposing of Papers Containing PII

The Graduate School may have historical documents containing PII, most notably in the form of transcripts.  While not requested, PII is often still included on transcripts sent from other institutions and could be overlooked during redaction.  PII may exist on documents uploaded to the older GWAAP application or archived in Xtender.  Neither electronic nor paper documents containing PII may be stored in an unsecured location, nor, out of caution, any document produced by the software applications. No form of PII is allowed to be stored on a mobile electronic device or in a personal home directory.

Section 5 – Handling Emailed PII

While not solicited, PII is often found in emails from students or other institutions.  Staff must immediately delete any email containing PII.  All computers at the Graduate School or used to review software output must be routinely scanned and remediated by Identity Finder.

 Section 6 – Control and Maintenance

The policies contained herein are owned by the Auburn University Graduate School and reviewed annually.  Violations are handled in accordance with university policies.