POLICY

1. Lamar University is committed to respecting the data privacy of students, staff, faculty, and all members of the University community. This policy sets forth general guidelines regarding the use of personal data collected by the University.
   
   

PURPOSE AND SCOPE

1. This policy falls under the authority of all applicable federal, state, and Texas State University System (TSUS) statutes, rules, and regulations, including, but not limited to, the TSUS Rules and Regulations; Texas Education Code, Title 3, Higher Education; and Texas Administrative Code, Title 19.
   
   
2. This policy outlines Lamar University's general guidelines for protecting and supporting the rights of affiliated users over their personal data collected by the University, while recognizing that complete privacy cannot be guaranteed.
   
   
3. Where applicable, for example, in the case of student education records, the privacy standards outlined by the Family Educational Rights and Privacy Act of 1974 (FERPA), Health Insurance Portability and Accountability Act (HIPAA), and other state and federal laws take precedence over this policy.
   
   
4. This policy establishes the privacy rights of affiliated users as set forth in Section V.
    

DEFINITIONS

1. Data Classification: See Lamar University IT Data Classification Policy 15.01.02.
   
   
2. Data Privacy: See Lamar University Glossary.
   
   
3. Data Security: See Lamar University Glossary.
   
   
4. Directory Hold: See Lamar University Education Records and Student Rights, Office of the Registrar.
   
   
5. Directory Information: See Lamar University Education Records and Student Rights, Office of the Registrar.
   
   
6. School Official: See Lamar University Education Records and Student Rights, Office of the Registrar.

POLICY ROLES AND RESPONSIBILITIES

1. Data Management Officer: The Data Management Officer at Lamar University is responsible for leading the data governance program while ensuring data is managed securely, accurately, and in alignment with institutional privacy policies and regulatory requirements.
   
   
2. Associate Vice President, Data and Compliance Systems: The Associate Vice President, Data and Compliance Systems is responsible for overseeing and managing the University's data.
   
   
3. Registrar: Lamar University's Registrar is responsible for maintaining the integrity and security of student academic records while ensuring compliance with institutional privacy policies and applicable regulations.
   
   
4. Associate Vice President, Human Resources: The Associate Vice President for Human Resources is responsible for maintaining the integrity and security of employee records while ensuring compliance with institutional privacy policies and applicable regulations.
   
   

PRIVACY AND RIGHTS

1. Enrolled students who interact with Lamar University have the right to request a directory hold to prevent the disclosure of directory information normally classified as public from an information request.
   
   
2. Employees of Lamar University have the right, under Texas Government Code 552.024 and 552.132, to elect whether specific categories of personal information may be released to the public. These categories of information include home address, home telephone number, emergency contact information, social security number, information that reveals whether the employee has family members, and information identifying employees who have been the victim of certain crimes. This preference is documented through the University's Employee Disclosure Request Form and is respected in accordance with applicable laws.
   
   
3. Lamar University is committed to protecting information collected about affiliated users and applies risk management measures to reduce the likelihood of unauthorized disclosure. While Lamar University makes reasonable efforts to protect the integrity and security of our network and systems, we cannot guarantee that our security measures will prevent illegal or unauthorized activity related to your personal data. For more information on risk management at Lamar University, please refer to Lamar University's IT Policies & Standards.
   
   
4. Lamar University may share personal information it collects with third-party service providers who have a service agreement obligation to use the information only for purposes that support the University's legitimate operations, programs, or services. These providers must protect personal information in accordance with the terms of their agreement with the University. For more information relating to the contracting of external systems and services, please refer to Texas State University System Information Security & Accessibility Standards and Lamar University Service Agreement Section 1.2.
   
   
5. Data may be shared internally to support Lamar University's business operations. Lamar University may release personally identifiable information to school officials.
   
   
6. Lamar University may be required to disclose personal information in response to lawful requests by public authorities, including those made to meet national security or law enforcement.
   
   
7. FERPA does not cover browsing activity and targeted advertising.
   
   
8. Information collected from Lamar University websites, such as server logs, emails, and web-based forms may be subject to the Texas Public Information Act, Texas Government Code, Chapter 552.
   
   

REFERENCES

1. Family Educational Rights and Privacy Act (FERPA)
   
   
2. Health Insurance Portability and Accountability Act (HIPAA)
   
   
3. Gramm-Leach-Bliley Act (GLBA)
   
   
4. Texas Administrative Code, Chapter 202
   
   
5. Texas Government Code, Chapter 552 (Public Information Act)
   
   
6. NIST Privacy Framework
   
   
7. Privacy Act 1974
   
   
8. Texas Patient Privacy
   
   
9. Texas Health and Safety Code (Medical Records Privacy)
   
   
10. Texas Occupations Code, Chapter 159 (Physician-Patient Communication)
    
    
11. Texas Business and Commerce Code, Ch 503 (Biometric Identifiers)
    
    
12. Texas Business Code, Ch 521 (Unauthorized Use of Identifying Information)
    
    
13. Texas State University System Information Security & Accessibility Standards
    
    
14. Lamar University Service Agreement Section 1.2
    
    
15. Records Management-Lamar University
    
    
16. Lamar University IT Policies & Standards
    
    
17. Lamar University Data Glossary.
    
    
18. Lamar University IT Data Classification Policy 15.01.02
    
    
19. Lamar University Education Records and Student Rights, Office of the Registrar
    
    

REVIEW AND RESPONSIBILITY

Oversight Responsibility: Privacy Policy Committee

Review Schedule: Every three years

Last Review Date: 02/11/2026

Next Review Date:  02/11/2029

SIGNED POLICY COPY

The policy content is provided on this webpage to support accessibility standards.

If you require a copy of the official signed version of this policy,  please email datagovernance@lamar.edu.