Website privacy statement template by fanzhongqing



To ensure the data and reports contained within remain under the control of the University, and
are properly handled, the following process is
1) Purchase a organizational NetID for your unit from ATS
   a) Password should be known only by IT-staff, not report consumers
2) Create a Google Account based on this organizational NetID for use by Webmaster
   a) Use this Google Account ONLY for Google Analytics
   b) Agree to the Google Terms of Service
   c) Use of this account should only be for administration of the account, not for all report
users to share
3) Agree to the Google Analytics Terms of Service
4) Ensure site privacy policy includes information required by Google Analytics ToS
5) Ensure site meets technical requirements for privacy expected in Google Analytics ToS
   a) Specifically: Users can not be identified through collection/display of variables in the URL-
string (audit your server logs for URL-encoded query-string parameters)
6) Deploy tracking cookie code to your site
7) Any users requiring access to reports in Google Analytics should register their own Google
8) Google Analytics account administrator should provide access to reports on site-by-site basis
to individuals
   a) Unit severance practices should include removal of access as employees separate
   b) Unit should audit who has access to these reports quarterly
9) Consider establishing routine business practices to mitigate risks of cloud-based "free"
services in line with LCT's Cloud Computing Guidelines
   a) e.g. Routinely download electronic copies of reports in case Google discontinues service

Sample Online Privacy Statement – Version 1.0 Finalized 7/27/2011 –

[-READ ME FIRST: INSTRUCTIONS FOR USE: Local Unit Webmaster must review
implementation of website, web-application code, and server configuration to ensure
compliance prior to implementing this statement on a university website. Ensure each
section marked below with […] is customized appropriately given the implementation
of the site on which a derivative of this statement is deployed.– REMOVE THIS SECTION

Michigan State University
Privacy Statement
revised [7/27/2011]

This online privacy statement is intended to inform you of the ways in which this website
(“Site”) collects information, the uses to which that information will be put, and the ways in
which we protect information you choose to provide us.

Please note that other Michigan State University websites may adopt different privacy practices
as their specific needs require.

Use of this Site is subject to all applicable state and federal laws, as well as general University

Information Collected
This Site collects two general types of information: (a) information you voluntarily provide to us,
which may include personal information (such as your name, address, e-mail address, etc.), and
(b) information we collect automatically when you visit this Site through cookies, third party
tracking technologies and server logs.

Information Voluntarily Provided by You
This Site will only collect personal information that you knowingly and voluntarily provide by, for
example, responding to surveys, completing membership forms, sending e-mails, etc. It is this
Site’s general practice to use personal information only for the purposes for which it was
requested and any additional uses specifically stated on the Site. However, information
collected through this Site may be subject to the University’s obligation to respond to
subpoenas, court orders, discovery requests, and requests for public records under the Michigan
Freedom of Information Act. Further, the disclosure of information collected through this Site is
subject to the provisions of the Family Educational Rights & Privacy Act.

The University may also access or permit access to information collected through this Site in
accordance with and subject to the limitations of the University’s Acceptable Use Policy for
Information Technology Resources.

Although this Site has security measures in place to protect personal information provided to us
by users, users should also take steps to protect personal information by, for example, closing all
web browsers after using the Site. Information disclosed in chat rooms, news groups, forums,
message boards and similar contexts may become public. Users should therefore exercise
caution before disclosing personal information in such contexts.

When you engage in financial transactions at our Site, you may be asked for a credit card
number. Unless otherwise noted on the Site, credit card transactions are encrypted and the
server that processes your credit card information is secure. Such information may also be
saved in an encrypted format or in internal systems that are protected by a firewall system. This
Site complies with the Payment Card Industry Data Security Standard.

Updating Personal Information
You may correct, update, or remove the personal information provided to us through the use of
the Site. In particular:

[Local webmaster should provide instructions on how to correct, update, or remove users’
personal information]

Information We Collect Automatically
This Site collects information automatically through the use of cookies, third party tracking
technologies and server logs. This information does not include any personal information. We
use this information primarily to monitor the use of this Site and to make improvements. We
may share this data with partners in order to enhance the functionality of this Site.

“Cookies” are small text files used to collect information about website activity. No personal
information is collected through our use of cookies. This Site uses cookies for two main
purposes: (a) to carry information about your current session at this Site from one web page to
the next, which also allows you to automatically login to other Michigan State University
websites, and (b) to identify you on this Site on return visits.

You have the option of disabling or not accepting cookies by changing the preferences on your
browser. If you opt to disable cookies, you will still be able to use certain sections of our Site.
However, you will not be able to use any parts of this Site that requires a login (e.g. accessing
secured content, posting to message boards, etc).

Third Party Tracking Technology
[To the extent a third party application or provider is used to track web browsing data through
cookies or other means, the administrative unit should identify the third-party application or
provider and describe its purpose and function. The administrative unit should also ensure that
its privacy statement is in compliance with any requirements imposed by the terms of the third-
party provider’s license. The following example concerns the use of the Google Analytics
tracking technology and may be used as a guide.]

This Site uses a tracking technology called Google Analytics to obtain Site usage information
such as users’ Internet Protocol (IP) addresses, Internet domain and host names, browser
software, and the date and time that the Site is visited. Data obtained through Google Analytics
does not include and is not linked to any personal information. Data from Google Analytics
allows us to monitor the use of this Site, understand how users find our Site, and improve the
Site’s function and content.

Site usage data collected through Google Analytics is not shared with other Google products and
tools. Our use of Google Analytics is in compliance with Google’s Terms of Service and the MSU
Access to Student Information Guidelines. Google provides more information about Google’s
privacy practices and information on how to opt-out of Google Analytics tracking of your web

You may also wish to review the MSU Access to Student Information Guidelines.

Server Logs
Our web servers routinely generate logs that contain the following types of information each
time the Site is used:

       The date, time and length of your visit.
       The path taken through our Site and the browser being used.
       The list of files downloaded and the amount of time spent viewing video or audio files.
       The IP Address of the computer accessing our Site.
       Any errors encountered.

This information is used primarily to monitor the functioning and integrity of the Site and other
MSU websites.

[Local webmaster should review this list against actual configuration of their web server logs]

This Site may contain links to other sites. Please be aware that we do not control or claim any
responsibility for the privacy practices or content of such other sites. We encourage users to
read the privacy statements of each website they visit.


Our users are given the opportunity to receive communications from us. To unsubscribe from
these communications:

[Local webmaster should include examples specific to their site and detailed instructions about
how to opt out]

Changes to Privacy Statement
If we make changes to our privacy statement, we will indicate this on our home page.

Neither Michigan State University, nor any of its units, programs, employees, agents or
individual trustees, shall be liable for any improper or incorrect use of information obtained
through the use of this Site.

By using this Site you consent to the terms of this privacy statement.

Questions and feedback
Your questions, comments and concerns are always welcome. Please send us your feedback
regarding the privacy statement or any other issues at: ____.

[Local webmaster should provide contact information]


To top