Wichita State University Information Security Department Privacy Notice

Purpose 

This privacy notice describes the collection, use, and disclosure of your personal information by the Information Security Department (InfoSec), in order to protect electronic data and information technology from security threats while securing and protecting the confidentiality and privacy of your personal information.  

This notice does not cover how your personal information is collected, used, or disclosed by other departments or areas of the university,  nor does it cover data classified as FERPA data. For more information on WSU’s management of personal data under FERPA, please reference this website: Family Educational Rights and Privacy Act. 

It also does not cover how your personal information may be used by third parties who integrate with systems or services used by this department. For more information on third party data management, please visit the privacy notices or policies located on their websites. WSU is not responsible for the availability, content, or privacy practices of non-university sites.  

Systems Pertaining to this Notice 

This privacy notice only references personal information in WSU IT systems that are accessed and used by the InfoSec department for their legitimate business purposes. The types of WSU systems accessed in InfoSec include:

  • Identity and access management systems, 
  • Security monitoring and alert platforms,
  • IT asset management tools,
  • Authentication and authorization systems,
  • Security training and phishing simulation platforms, and
  • Enterprise resource planning systems. 

Information the Systems or Services Collects 

The following types of personal information are collected by the WSU systems or services referenced above through work-related and investigative functions completed by InfoSec. 

  • User Information: Student Information - Name, username, WSU ID, email address, and phone numbers. Faculty and Staff Information - Name, username, WSU ID, WSU email address, WSU phone numbers, and employment specific data such as department, manager or supervisor, and title. 
  • Logging Information: Date/time of login, training, or password change, duration of login, browser type, history files, folder names, applications ran, links clicked on, operating systems used, IP address, and country, city, or state of login origin, AD group membership, and/or authentication methods.
  • Investigation Information: Email content, attachments, file content, or other information accessed or stored on WSU owned devices.  

How InfoSec Collects this Information

  • Integrations: Through integration of these systems with other WSU systems and services.
  • Directly: Personal information input into emails or provided during incident response. 
  • Automatically: Data is automatically generated and logged when individuals interact with WSU’s web-based systems and services. 

How InfoSec Uses this Information  

This information is only accessed by individuals from InfoSec when there is a legitimate business need to do so as described in this section and the next section. In the case where use is necessary, the principle of data minimization is applied which stipulates accessing only the data required to fulfill the legitimate business need. 

  • To monitor and secure IT assets from potential viruses, malware, and application vulnerabilities.
  • To maintain the privacy or confidentiality of the sensitive or confidential information held in WSU systems.
  • To preserve the accuracy and integrity of information in the WSU systems. 
  • To audit and allow system access for individuals that have a legitimate need to access them.
  • To investigate or respond to possible data privacy or security incidents.  
  • To provide reporting required under certain compliance and legal requirements.
  • To comply with WSU policies or the law. 

When InfoSec Shares this Information  

  • With Service Providers: We share information with service providers who support or provide information technology or security services to WSU.  These providers should meet WSU’s data security requirements and use your personal information only in the ways agreed upon contractually.  
  • For Legal or Safety Obligations: Personal information may be shared to comply with legal requirements or to protect the safety, property, or rights of the university, its community members, and guests. Depending on the type of request, the approval of the Data Management Committee and/or legal counsel may be required. 
  • With Consent: Information may be shared for any purpose for which WSU InfoSec has obtained your consent. 

Privacy Contact  

For more information or to report a privacy concern, please reach out to the Chief Privacy Officer via email at privacy@wichita.edu or by phone at 316-978-4HIP (4447). 

Contact Regarding Information Under FERPA 

For more information or specific requests surrounding FERPA data, please reach out to the Office of Registrar at 316-978-3055 or visit WSU’s site entitled Family Educational Rights and Privacy Act.