Users of applications maintained and managed by the Auburn University Graduate School have access to records that may contain private, sensitive, or personally identifiable information (PII). Access to the applications is tightly controlled and the collection of sensitive data is kept to a minimum; however, unsolicited PII is often found on transcripts or other supporting documents and could be overlooked during redaction.
All users are expected to follow appropriate guidelines for the responsible use of data, and must abide by the below confidentiality statements.
In order to fulfill our duties to Auburn University and the student population, the Graduate School must handle Personally Identifiable Information (PII) and must do so responsibly. Our software applications allow minimal and tightly controlled access to such data, and authorized users must follow these policies when handling.
The definition of PII can include many different data elements. For the purposes of this policy, we follow Internal Audit’s definition: social security number, driver’s license number, bank routing number, and credit or debit card number. The Graduate School does not routinely collect most of these elements.
PII is collected only for the purposes of verifying the uniqueness of applicants and performing the necessary background research. The only currently authorized means of collecting PII is through the ApplyYourself (AY) application, which has any such fields set as optional. Only the admissions staff has the ability to see the full numbers.
The Graduate School may have historical documents containing PII, most notably in the form of transcripts. While not requested, PII is often still included on transcripts sent from other institutions and could be overlooked during redaction. PII may exist on documents uploaded to the older GWAAP application or archived in Xtender. Neither electronic nor paper documents containing PII may be stored in an unsecured location, nor, out of caution, any document produced by the software applications. No form of PII is allowed to be stored on a mobile electronic device or in a personal home directory.
While not solicited, PII is often found in emails from students or other institutions. Staff must immediately delete any email containing PII. All computers at the Graduate School or used to review software output must be routinely scanned and remediated by Identity Finder.
The policies contained herein are owned by the Auburn University Graduate School and reviewed annually. Violations are handled in accordance with university policies.