The University deals with a great deal of sensitive, private or confidential information that must be protected and used properly. This website serves as a resource on a wide range of privacy issues affecting the members of the University community.
Privacy Compliance Programs
The following compliance programs are managed by the Office of Compliance, Ethics, and Regulatory Affairs. Click each box for additional information.
EU General Data Protection Regulation (GDPR)
GDPR affects organizations worldwide, including The University of Alabama.
Health Insurance Portability and Accountability Act (HIPAA)
HIPAA protects a patient’s right to privacy.
Identity Theft Prevention Program (Red Flags Rule)
This program protects information associated with covered accounts.
Children’s Online Privacy Protection Act (COPAA)
COPPA protects kids’ identifying information online by requiring parental consent.
CAN-SPAM Act Requirements
Overview of the CAN-SPAM requirements for external email and marketing communications.
Additional Privacy Resources
- UA Web Privacy Statement: The University of Alabama respects your privacy and collects no personally identifiable information about you unless you affirmatively choose to make such information available to us.
- Family Educational Rights and Privacy Act of 1974 (FERPA): Review The University of Alabama FERPA information and resources online.
University of Alabama Privacy Policy
The UA Privacy Policy sets guidelines for the management of personal data.
Generally Accepted Privacy Principles
General guidance on privacy standards.
Things to Remember
- All employees are responsible for protecting the personal information that UA gathers and uses – this includes information that UA faculty and staff compile, store and access regularly. It only takes a few details about an individual for a criminal to steal an identity.
- Whenever you gather information (especially sensitive or private information), make sure you understand and clearly note the purpose(s) for which that information is being gathered. That way, you can ensure the information is used and secured appropriately in the future – not only by you, but by others who may have access to it.
- As a general rule, you should only be accessing information or records when you have a legitimate need to access that information – for instance, only accessing student records when there is a legitimate educational purpose, and only accessing UA business records when there is a legitimate business purpose.
- All employees are responsible for organizing their work-related records so that they are accessible to those others in the University with a legitimate business need to access that information and are not accessible by others.
- You should never access the personal or scholarly records of another employee unless you have their permission, or some extenuating circumstances require it.
- Please remember that privacy regulations may apply to personal information that is stored or transmitted via any type of media – electronic, paper, cell phones, and even verbal communication.