I:03:05 Privacy of Information


The purpose of this policy is to establish principles to guide the evolution of Middle Tennessee State University (MTSU) community standards of information privacy. This is a first step to clarify the level and protection of information privacy that may be expected by students/potential students, University employees, and outside persons who have relationships with MTSU. This policy is intended to be flexible and independent of current definitions or concepts of technology, and to rely on common sense and a culture supportive of mutual respect. While consideration has been given to the unique qualities of electronic information, this document reflects the reasoning that the core value of privacy is not confined to any information medium.

While recognizing that other MTSU policies address some privacy issues, primarily those based on federal and state laws, the objectives of this policy are to ensure that:

A. A sharper focus is given to the University's values and beliefs related to information privacy,

B. The expectations for maintaining information privacy are provided for University employees and students, and

C. Information privacy guidelines are provided for University employees and students.


Where discretionary considerations are possible, a balanced approach to resolving conflicts between privacy and other values must incorporate the perspectives of the University as an institution, the collective behavior of employees and students, and the protection of individual privacy.

A. Institutional Perspective – MTSU must not be unduly constrained with respect to administrative efficiency in the enforcement of policies related to information privacy. Considering the mission, internal control of information, and external mandates governing information collection and use, each organizational unit to which privacy issues are of concern is encouraged to develop related procedures. Where practical, the decentralization of responsibility and the encouragement of employee participation in the development of relevant division or department operating procedures is the preferred method of increasing the level of learning and trust regarding information privacy issues.

B. Ethical Stewardship as a Collective Responsibility – We are ethically obligated to respect the privacy of others and to adhere to a reasonable standard of conducts that supports this collective respect. For example, when employees gain unintentional access to information that a reasonable person would consider private, personal, or confidential, sensible actions are required, such as the notification of officials who are responsible for initiating corrective measures, or simply returning or forwarding the information to the intended recipient or owner.

C. The Individual's Right to Know – While most employment-related records are public, even confidential records can be accessed under certain conditions. Therefore, information in any form should be presumed capable of acquisition by others for purposes not related to the original creation of that information. In most instances, employees of MTSU have a right to know when their individual records have been reviewed, or subpoenaed by parties external to MTSU, or are under review by MTSU officials or administrators who do not manage the information as part of their official duties. In such instances where it is administratively practical, the employees should be notified by email, phone call or other means. Additionally, the Human Resource Services office will maintain records of all requests for employee public information when such requests are made by vendors or others for a business or commercial purpose. While most student-related records are private, even confidential records can be accessed under certain conditions. In most instances, students will be notified of the compliance with judicial order or subpoena by parties external to MTSU.


A. Student records – With regard to students' educational records, MTSU adheres to the federal Family Educational Rights and Privacy Act of 1974, commonly referred to as FERPA or the Buckley Amendment. In additional, MTSU Policy II:02:00 (Access to Educational Records) provides students with the right to inspect and review education records, the right to seek to amend these records and to limit disclosure of information from the records.

1. The release of student information in any medium (including the internet), therefore, should be done only in accordance with the conditions of the existing MTSU Policy II:02:00.

2. Students have the right to restrict release of directory information as outlined in MTSU Policy II:02:00.

3. Records are retained in accordance with Tennessee Board of Regents Guideline G-070 and the American Association of Collegiate Registrars and Admissions Officers (AACRAO) guidelines.

B. Employee records – The Human Resource Services office maintains the official personnel files for the employees, except faculty. Official faculty personnel files are maintained in the Executive Vice President and Provost Office. See MTSU Policy IV:07:17 Personnel Records. With the exception of records that include medical information, all Human Resource Services information is public and accessibility is granted in compliance with MTSU Policy I:03:01 Inspect/Copying Public Records.

C. Additional Privacy-Related Policies – Several current MTSU policies are directly or indirectly related to information privacy issues, illustrating the nature and complexity of the topic. These include the following:

1. I:01:24 Protection of Human Subjects in Research

2. I:03:03 Information Technology Resources Policy

3. II:01:10 Misconduct in Scholarly Activities and Research

4. III:00:08 Release of Names and Addresses of Prospective Students

5. III:04:01 Guidance and Counseling Center – Counseling

6. III:04:02 Guidance and Counseling Center – Testing

7. IV:07:02 Conditions of Employment


Employees who access files or browse data of others, or access any information technology resources for personal gratification or unauthorized dissemination of information obtained from these resources, may have violated the privacy of others. If so, such behaviors are subject to disciplinary actions that are in proportion to the egregious nature of the offense. MTSU Policy IV:07:10 Disciplinary Procedures – Classified Personnel and MTSU Policy II:01:05A Policies and Procedures for Tenure prescribe disciplinary actions and processes. In cases where employees dispute a charge, they may respond based on the following MTSU policies: IV:07:11 Employee Grievance/Complaint Procedure or II:01:05C Tenure and Promotion Appeals Process. Refer to the Student Handbook for disciplinary actions regarding students.

Revision: February 8, 2000; March 16, 2004.

Cross-references: Family Educational Rights and Privacy Act of 1974; MTSU Policies II:02:00 Access to Educational Records; IV:07:17 Personnel Records; I:03:01 Inspect/Copying Public Records; I:01:24 Protection of Human Subjects in Research; I:03:03 Information Technology Resources Policy; II:01:10 Misconduct in Scholarly Activities and Research; III:00:08 Release of Names and Addresses of Prospective Students; III:04:01 Guidance and Counseling Center-Counseling; III:04:02 Guidance and Counseling Center-Testing; IV:07:02 Conditions of Employment; IV:07:10 Disciplinary Procedures-Classified Personnel; II:01:05A Policies and Procedures for Tenure; IV:07:11 Employee Grievance/Complaint Procedure; and II:01:05C Tenure and Promotion Appeals Process; Tennessee Board of Regents Guideline G-070; American Association of Collegiate Registrars and Admissions Officers Guidelines.