Coppin State University

Privacy Notice

Coppin State University Privacy Notice

Introduction

The Coppin State University (“University” or “We”) Privacy Notice (“Notice”) provides information about how the University protects, maintains, collects, processes, and discloses information through online and offline Systems of Record. This Notice describes the types of information We may collect from/about you when you physically visit our property, visit our official website, or connect to a System of Record operated by us or one of our authorized third-party providers.

Please read this Notice carefully. This Notice and the institution’s Privacy Policy may change from time to time.  You hereby agree that it is your responsibility to monitor the institution’s Privacy Policy and this Notice for changes.  Your continued affiliation with the institution and use of institutional property and information systems is deemed to be acceptance of those changes.

For purposes of this Notice the following terms have the meaning provided:

“Data Subject” means the individual to whom a particular PII Record relates.

“Legitimate Basis or Legitimate Business Use” means that the University has a contractual need, public interest purpose, business purpose, or other legal obligation to retain and/or process information or data in the University’s possession, or a Data Subject has consented to the retaining and/or processing of information or data in the University’s possession.

“Personally Identifiable Information” (PII) includes any information that, taken alone or in combination with other information, enables the identification of an individual, including:

  1. a full name;
  2. a Social Security number;
  3. a driver's license number, state identification card number, or other individual identification number;
  4. a passport number;
  5. biometric information including an individual's physiological, biological, or behavioral characteristics, including an individual's deoxyribonucleic acid (DNA), that can be used, singly or in combination with each other or with other identifying data, to establish individual identity;
  6. geolocation data;
  7. Internet or other electronic network activity information, including browsing history, search history, and information regarding an individual's interaction with an Internet website, application, or advertisement; and
  8. a financial or other account number, a credit card number, or a debit card number that, in combination with any required security code, access code, or password, would permit access to an individual's account.

Personally Identifiable Information does not include data rendered anonymous through the use of techniques including obfuscation, delegation and redaction, and encryption, so that the individual is no longer identifiable.

“Records” means information that is inscribed on a tangible medium or that is stored in an electronic or other medium and is retrievable in perceivable form.

“System” means an electronic or other physical medium maintained or administered by the University and used on a procedural basis to store information in the ordinary course of the business of the University.

“System of Record” means a System that has been designated by the University as a System of Record.  Determination that a System is a System of Record is based on the following criteria:

  • the risk posed to individuals by the Personally Identifiable Information processed and stored on the System;
  • the relationship of the System to the overall function of the University; and
  • the technical and financial feasibility of implementing privacy controls and services within the System.
     

As required by Maryland law, Coppin State University has designated the following as Systems of Record.

  • Student Information System
  • Human Resource Information System
  • Alumni / Donor Information System
  • Financial System
  • Recruitment System

Under Maryland law, you have certain rights when it comes to your data. To learn more about these rights under Maryland law please review the Maryland Higher Education Privacy Law. As outlined in the law, you have the following rights in institutional Systems of Record.

  • Access – You have the right to request any personally identifiable information about you in our Systems of Record.
  • Correction – If you believe that one or more data elements about you in one of our systems of record is incorrect, you have the right to request for the record to be corrected.

    Please note: In the event that a request for correction is denied, you have the right to dispute the denial and to have that dispute produced if the information is ever requested by a third party.

  • Deletion – You have the right to request that We delete your PII from a University System of Record.

    Please note: Only information that is being held without a Legitimate Basis for holding or processing can be deleted. Information that must be held for technical, legal, or financial reasons also cannot be deleted.

  • Sharing – You have the right to ask if your PII was or is currently being shared with a third party. The institution may share information with third parties based on a Legitimate Basis or with your consent. If your information is being shared by consent, you have the right to know how your consent was gathered, and you also have the right to revoke your consent.

Currently enrolled students should direct requests to the Registrar’s office. Current employees should direct requests to Human Resources.

Privacy Information Request

Coppin State University is committed to protecting your privacy and personal information. Please use the csuprivacyrequest@coppin.edu to submit request regarding your personal information that is processed by the University. The written request must indicate the specific action to be performed. For additional information related to how Coppin uses and protects your personal information, please review our Privacy policy.

Please note:  For security reasons, any privacy request MUST be made by the Data Subject and will be reviewed and verified by the University. At this time, the University does not have the capability to process requests from third parties, such as data removal services.  Any request not directly made by the Data Subject will be denied.
 

Some Personally Identifiable Information may be subject to disclosure under the Maryland Public Information Act or other federal and state laws or regulations.

The University reserves the right to access and use Personally Identifiable Information in its sole discretion when University staff believe there is a risk to safety or to investigate actual or suspected instances of misconduct or risk to the University, students, faculty, staff, and third parties, subject to applicable law and University policy.

The University reserves the right to disclose any relevant information, including PII, when required by law enforcement or to comply with a court order, law, or legal process, including responding to a government or regulatory request.
The University may disclose aggregated, disaggregated, anonymized, or de-identified personal information about our community.

Other Privacy Laws Related to Your Information

In addition to the Maryland Higher Education Privacy Law, the following state, national and international laws may apply to your information.  The following links will take you to information about each of these laws, including how they may apply to information held by the institution.

  • FERPA – Family Educational Rights and Privacy Act
  • HIPAA – Health Insurance Portability and Accountability Act
  • COPPA – Children's Online Privacy Protection Rule
  • GLBA – Gramm-Leach-Bliley Act
  • GDPR – Europe’s General Data Protection Regulation
     

The University may use automated collection technologies such as “Cookies” or “Web Beacons” to collect some or all of the PII listed above. Please visit allaboutcookies.org for information on how browser cookies and web beacons work.

Cookies may also be used by organizations other than the University. Because the University does not control these other organizations, you should review their policies. Users may disable cookies through their individual browser configuration. However, if you do not accept cookies, you may not be able to access or use some portions of the University’s digital content or technology network. 
 

Contact Information

To ask questions about the University’s Privacy Notice, contact:

Rickey Williams
Director of Information Security and Privacy Program
csuprivacyrequest@coppin.edu