NAU Web Privacy Statement

 NAU provides online information and services to students, employees and the public to supplement services provided on campus. This privacy statement provides information about privacy, confidentiality and related policies for individuals who use our websites and online services. Individual websites may provide additional information about privacy. Additional information about the use of computing and communications systems at NAU is available at http://www.nau.edu/policy/student_pol.html for students, and for employees at http://www.nau.edu/policy/employee_pol.html. The NAU website contains links to external websites. NAU is not responsible for the privacy practices or policies of those sites not hosted on official NAU servers.

INFORMATION COLLECTED BY NAU

 In addition to information actively provided by individuals using NAU websites, the NAU web servers routinely record the following information each time the sites are used:

• Internet address of the computer being used
• Web pages requested
• Network software access
• Referring web page
• Browser used
• Date, time and duration of activity
• Accounts accessed; date and time of a password change
• Volume of data storage and transfers
• Server space used for e-mail.

NAU uses this information to monitor and preserve the functioning and integrity of the system.

 In cases of suspected violations of NAU policies, especially unauthorized access to computing systems, the system administrator concerned may authorize detailed session logging. This may involve capturing and retaining a complete keystroke log of an entire session. In addition, a system administrator for the equipment involved may authorize limited searching of user files on individual or networked computers to gather evidence on a suspected violation. All system administrators are required to report such logging to their supervisors to assure proper university guidelines for system and network administration are being followed.

 Cookies are short pieces of information used by web browsers to remember information provided by the user, such as passwords and preferences from past visits. Additional information on cookies is available at the Cookie Central web site at http://www.cookiecentral.com and in this publication from the Department of Energy Computer Incident Advisory Center at http://ciac.llnl.gov/ciac/bulletins/i-034.shtml. Some NAU websites, such as the LOUIE online registration system, use cookies to store service information. Some NAU web-based services require cookies for access.

ALTERNATIVES TO WEBSITE TRANSACTIONS

 NAU websites provide access to information and services for students, employees and members of the public. If you prefer not to provide any information to the university online, you may cancel the transaction and contact the administrative unit responsible for the service to learn about available options for conducting business in person, by mail or by telephone.

DISCLOSURE OF INFORMATION

 NAU does not sell or distribute confidential information it collects online to individuals or entities not affiliated with the university, except in the very limited circumstances described below. Non-confidential information may be sold or distributed pursuant to Arizona Public Records law.

 University and Arizona Board of Regents policies protect the confidentiality of student educational records and personnel information. These policies, summarized below, explain what information may be shared with the public or anyone who requests it. They also explain what information is protected as confidential; confidential information will not be disclosed without the consent of the student or employee, except under subpoena or court order or in case of an emergency.

STUDENT RECORDS

 Student records are protected by the federal Family Educational Rights and Privacy Act (FERPA), Arizona law, and university policy. Information about student access to education records and protection of education records is available at http://www.nau.edu/stulife/confidnt.html. This policy also provides information on a student's right to limit access to otherwise public directory information Chat rooms, forums, message boards, and news groups. NAU may retain logs and copies of chat room sessions for various courses. Normal, non-class news group postings or other forums are operated without archives but are subject to the backup policies on the machine hosting the service. Some class materials are treated as confidential educational records. Other class materials are available to the public in general (many course syllabi and most usenet news course discussions, for example).

EMPLOYEE RECORDS

 Employee records are controlled by Arizona Board of Regents policy 6-912 and by NAU Personnel policy 4.11, which is contained in the Personnel Policy Manual: http://hr.nau.edu/Home/Policy_Manual.

PUBLIC RECORDS LAW

 Under the Arizona Public Records Law, NAU may be required to provide information in university records to a third party. Commercial users may purchase public record information, such as non-confidential lists of students and employees. Confidential information protected by FERPA, other state laws or Board policy will not be disclosed in response to a public records request.

CONTRACTORS

 From time to time, individuals or companies under contract with the university may have access to confidential information in the course of the service they provide to the university, but those entities are not permitted to use or re-disclose that information for unauthorized purposes. No other entities are authorized to collect information through NAU's sites.

SECURITY

 Although every effort is made to secure network communications, NAU cannot ensure the privacy of online communications. Individuals using online services should also take steps to protect personal information, such as closing the web browser when finished using the site. Failure to do so may result in personal information being viewed by someone else using the same computer. In general, using a browser in a public area (such as a CyberCafe) may leave history and cache files on the machine that others can abuse.

 NAU accepts credit card payments online for a variety of goods and services. Unless otherwise noted on the site, all university credit card transactions are encrypted. Confidential information entered to complete a transaction will not be used by NAU for any other purpose unless the purpose is described on the site.

 Under NAU policy, university-owned computers and equipment may be examined by authorized individuals to detect illegal software and to evaluate the security of the network. Personal computers connected to NAU's network are also subject to NAU's campus acceptable use policies.

 If you have additional questions about online privacy or security, you can send an e-mail to the NAU Chief Information Technology Officer, Fred Estrella, at Fred.Estrella@nau.edu, you can phone Fred Estrella at 928-523-9998, or you can send an inquiry by mail to Chief Information Technology Officer, Northern Arizona University, PO Box 5100, Flagstaff, AZ, 86011-5100.