Privacy and Security

Information Collection, Use and Release

When you visit our web sites to read or download information, we do not collect personal information about you. In particular, we do not use "cookies" to collect or store personal information. However, we do collect and store technical information about your visit in server logs.

Some of our web sites also send general information about your visit to Google Analytics. We do not send personal information to Google Analytics.

We use personal information that you provide via email or through other online means to serve your needs, such as responding to an inquiry or other request for information. This may involve redirecting your inquiry or comment to another person or department better suited to meeting your needs.

We use information from server logs to evaluate accessibility or gauge the popularity of various features on our web sites. We also use that information for general reporting and management functions. Specifically, we use log analysis tools to generate statistics, determine technical design specifications, and identify system performance issues.

Occasionally, we acquire, record, and analyze portions of the data that you enter, store, or transmit through our web sites or email you send us. We release this information - only when legally required - to help law enforcement investigations, legal proceedings, or internal investigations of Texas A&M University rule and regulation violations. These groups would use the information to track the electronic interactions back to the source computer(s) or account(s).

Except for education records governed by the Family Educational Rights and Privacy Act of 1974 (FERPA), all information collected from our web sites, including server logs, and information collected from web forms, or email you send to us, may be subject to the Texas Public Information Act. This means that while we do not actively share information, in some cases we may be compelled by law to release this information.

Cookies

A cookie file contains unique information that a web site can use to store such things as passwords, or pages you have visited, or the date you last looked at a specific page. Cookies can also identify your server session at a particular web site. We do not use cookies to collect or store personal information.

Sessions

A server session is like a cookie that is stored on a web server. It can store information such as what web pages you visited, when you visited a web page, or personal information that you supply or information the web page retrieves for you. Occasionally, we use server sessions to store information about your session. For example, we may require you to login to a web site and store your username; distinguishing you from other people using the site.

Server Logs

We store the following information in our server logs:

  • User/client hostname - The hostname or IP address of the user/client requesting access
  • HTTP header, "user agent" - The user-agent information includes the type of browser, its version, and the operating system on which it is running
  • HTTP header, "referrer" - The referrer specifies the page from which the client accessed the current page
  • System date - The date and time of the user/client request
  • Full request - The exact request the user/client made
  • Status - The status code the server returned to the user/client
  • Content length - The content length, in bytes, of the document sent to the user/client
  • Method - The request method used
  • Universal Resource Identifier (URI) - The location of a resource on the server including web pages, images, and other files
  • Query string of the URI - Anything after the question mark in a URI
  • Protocol - The transport protocol and version used

Google Analytics

Google Analytics stores the following information on their web site:

  • User/client hostname - The host-name or IP address of the user/client requesting access
  • HTTP header, "user agent" - The user-agent information includes the type of browser, its version, and the operating system on which it is running
  • Universal Resource Identifier (URI) - The location of a resource on the server including web pages, images, and other files
  • HTTP header, "referrer" - The referrer specifies the page from which the user/client accessed the current page
  • Screen colors - Color processing ability of the user/client screen
  • Screen resolution - The resolution or dimensions of the user/client screen
  • Service Provider - The Internet service provider of the user/client
  • Mobile device - If user/client is a mobile device, the manufacturer of the mobile device
  • Mobile carrier - If user/client is a mobile device, its Internet service provider
  • Bandwidth (Internet connection speed) - The speed of the user/client connection from their Internet service provider
  • Java support - If Java is enabled
  • Flash version - Which version of Adobe Flash is installed
  • Geographic data - Country, State, City, language preference of the user/client
  • Time on page - The time spent on a web page

Google Analytics shares information with Google. Please read Google's Privacy Policy for more information.

Information Security

We employ extensive security measures consistent with the Texas Administrative Code (TAC) "Information Security Standards" and Texas A&M University Rules and Standard Administrative Procedures to protect against unauthorized access, disclosure, modification, or destruction of information under our control, as well as the loss, misuse, or alteration of our web sites and/or associated electronic information resources. The information resources that support our web sites undergo an annual information security risk assessment via the Information Security Awareness Assessment and Compliance (ISAAC) system. The ISAAC system assesses the security posture of information systems and measures compliance with information security standards.

Information Access

The Texas Public Information Act, with a few exceptions, gives you the right to be informed about the information our web sites collect about you. It also gives you the right to request a copy of that information, and to have the university correct any of that information. You may request to receive and review any of this information, or request corrections to it, by contacting the TAMU Public Information Officer or the TAMU Office of Open Records, 1181 TAMU, College Station, Texas, 77843-1181, at 979-862-7777.

Questions

If you have any questions about this privacy and security statement, the practices of our web sites, or your use of our web sites, please send email to the webmaster or by postal mail to:

Computing Services Group
ATTN: Webmaster
3112 TAMU
College Station, TX 77843-3142

Privacy in Electronic Information Systems (EIS)

  • 1.0 Background 
    Privacy in the context of EIS relates to the expectations users may have with regards to their data and activities, and to the allowable actions by administrators and other users. With regard to expectations, most users should be warned that there are few absolute guarantees against unethical actions. The technology and openness that makes an interconnected worldwide set of multiuser computer systems so valuable also makes the individual's data somewhat vulnerable. However, this vulnerability does not mean approval of actions which violate privacy.
     
  • 2.0 Statement of Policy 
    Subject to certain exceptions listed below, data owned by a user are private and may not be accessed by others without explicit consent of the owner. This right to privacy is rooted in many documents and is not lost with the use of computing systems. These exceptions are specific to our computing environment and are not meant as an excuse to compromise the basic right to privacy.
     
    • 2.1 Texas A&M University (TAMU) is an agency of the State of Texas. For TAMU employees, certain electronic information may be created in the performance of their official duties. Those data are not more private to the individual user than paper records would be. Some electronic information may be subject to review and/or release under the Texas Open Records Act.
    • 2.2 System administrators may access files in the course of maintenance or operations. They may not divulge information gained in this manner. Nor may they access user files without need.
    • 2.3 System administrators may access files to determine if a security violation occurred or is occurring. The user should be notified as soon as practical.
    • 2.4 Computer systems and data stored on them are subject to audits by designated University personnel. Users will cooperate in providing access to systems and/or data upon proper notification.
    • 2.5 Nothing in this statement of policy gives the user or system administrator the right to violate law or University regulations.
       
  • 3.0 Specific Interpretations 
    Statements and guidelines herein are meant to clarify potential interpretations of the Statement of Policy and are not exhaustive.
     
    • 3.1 The networked computer environment provided here consists of facilities provided to faculty, staff, and students to enable them to accomplish certain tasks required by their roles within the department and the University. There is an acknowledged trade-off between the absolute right of privacy of a user, and the need of the Computing Services Group (CSG) to gather necessary information to ensure the continued functioning of these resources.
    • 3.2 CSG at all times has an obligation to maintain the privacy of a user's files, electronic mail, and printer listings to the best of its ability. In computing environments where a user's activities/commands are not publicly available, users should also have the expectation of privacy regarding their activities.
    • 3.3 In the normal course of system administration, CSG may have to examine activities, files, electronic mail, and printer listings to gather sufficient information to diagnose and correct problems with system software or hardware.
    • 3.4 In order to protect against hardware and software failures, backups of all data stored on CS computing facilities may be made. CSG has the right to examine the contents of these backups to gather sufficient information to diagnose and correct problems with system software or hardware. It is the user's responsibility to find out retention policies for any data of concern.
    • 3.5 The Director of CSG, only, may monitor user activities and/or examine data solely to determine if unauthorized access to a system or data is occurring or has occurred. If files are examined, the account owner will be informed as soon as practical, subject to delay in the case of an on-going investigation. Any other access to data by system administrators (except as in 3.3 & 3.4 above) may only come after following appropriate University procedures.
    • 3.6 Files owned by individual users are to be considered as private, whether or not they are accessible by other users. The ability to read a file does not imply consent to read that file. Under no circumstances may a user alter a file that does not belong to him or her without prior consent of the file's owner. The ability to alter a file does not imply consent to alter that file.
    • 3.7 Some individually owned files are by definition open access. Examples include Unix .plan files, Web files made available through a system-wide facility and files made available on an anonymous ftp server. Any authorized user that can access these files may assume consent has been given.
    • 3.8 File permissions will not be changed without the consent of the owner. This includes files owned by students who graduate and leave.
    • 3.9 Because this is an educational environment, computer systems are generally open to perusal and investigation by users. This access must not be abused either by attempting to harm the systems, or by stealing copyrighted or licensed software. System-level files (not owned by individuals) may be used and viewed for educational purposes if their access permissions so allow. Most system-level files are part of copyrighted or licensed software, and may not be copied, in whole or in part, except as needed as part of an educational exercise. The same standards of intellectual and academic honesty and plagiarism apply to software as to other forms of published work.
    • 3.10 In this document, "owner" should be interpreted as an account under an operating system, not in a legal property sense. "Consent" may only be obtained from the person who is authorized to use the account that "owns" the files. Operating system access control features (e.g., permissions bits, Access Control Lists) do not provide consent.
    • 3.11 Individuals, especially students, who have extra access to data because of their position have the absolute responsibility not to take advantage of that access. If information is inadvertently gained (e.g., seeing a copy of a test or homework) that could provide personal benefit, the individual has the responsibility to notify both the owner of the data and the Director of CSG.