University of Illinois System
Skip Sidebar Navigation
Last item for navigation

Data Security Terms and Conditions

Estimated reading time: 5 minutes.

Each Data Security Administrator (DSA) must read and agree with these terms annually.

Terms and Conditions

Terminology

These shorthand terms are used throughout these terms and conditions:

  • The use of “our,” “us,” and “we” refers to i-card Programs.
  • The acronym “DSA” indicates an i-card Programs’ Data Security Administrator. Please note: the role of DSA is not interchangeable with that of a "USC" (Unit Security Contact).

General conditions

  • These terms are subject to change without notice. 
  • We reserve the right to change or revoke access to its data for any user, DSA, or unit without notice. (Access is usually revoked due to disregard for these terms and conditions, non-use, a position or employment change, or misuse of data.)
  • We reserve the right to limit the number of DSAs assigned to a unit. 
  • The DSA is responsible for reading all the terms and conditions provided on this page. 
  • A DSA assignment is valid only so long as the named DSA is an active employee for the client unit they agreed to serve.
  • A DSA assignment (“term”) expires in 12 months, or by April 30 of the next calendar year, or when the DSA is no longer employed by the unit they agreed to serve, whichever is sooner. Failure to renew a DSA assignment before its expiration date can result in all access to our data being terminated, for the DSA and the department. This access may be revoked without notice.
  • Establishing or renewing a DSA's term is a required, administrative records task, distinct from renewing access. Requests for access must be emailed separately from other conversations with our Help Desk.

Security rules

  • Student data and FERPA Compliance. All data received from i-card Programs is potentially student data, with handling requirements subject to Federal law. The DSA is obligated to familiarize themself with the relevant U of I System and university FERPA and Compliance policies and procedures. The DSA accepts responsibility for ensuring that anyone to whom they grant access to student data follows relevant FERPA procedures.
  • Confidentiality and high-risk data. The data that we provide may contain confidential and/or high-risk data, including but not limited to registration information and Social Security numbers. The DSA accepts all responsibility for the storage, handling, and disposal of the data to which they have access or to which they permit others access, particularly high risk, sensitive, and confidential data. If any hard copy of our data is produced and is no longer in use, the DSA is responsible for disposing of it in a secure manner, such as shredding.
  • Information security. The DSA must read the cybersecurity policy for the campus with which their unit is associated. The cybersecurity policies are as follows:
  • SSN access. The DSA for users who may access SSNs in our database is responsible for ensuring these users have read and understand the university’s Social Security Number policy. SSN access may be subject to additional approvals.

Scope and limits for use and storage of data

  • Exclusivity. The DSA agrees that their unit will not share aggregate data, including photos, from i‑card Programs with other university units or personnel.
  • Card data. The DSA must obtain approval from i-card Programs before collecting or using data from any card, ID, key fob, mobile application, or other token produced by i-card Programs. Such data includes, but is not limited to, the UIN, magnetic stripe data, contactless chip data, and mobile credential data.
  • University Identification Numbers (UINs). The DSA agrees that the UIN will not be used, alone or in conjunction with publicly available information, to obtain services or nonpublic information about an individual. The DSA also agrees that a UIN may not be used as any kind of password or as any part of a login.

Requesting access to applications and managing access

  • Access requests. Only the DSA may grant or request access to our data. The DSA may only grant or request access to data for employees of their unit. When requesting access to data, DSAs must provide employees’ University Identification Numbers (UINs). By emailing a request for data, the DSA indicates they authorize the requested access.
  • Contractors. The DSA agrees to inform us immediately any time they want a contractor or other external affiliate working with the University of Illinois to have access to our data. Additional agreements may be required in accordance with system, university, and/or our policies. The DSA and DDDH understand that all our terms and conditions for employees also apply non-employees.
  • Changes to users of data. The DSA is obligated to email icardhelp@uillinois.edu when an employee (or contractor) who has access to our data longer needs access to it. Such cases include, but are not limited to: an employee’s job duties change, the employee exits the unit, or the employee exits the U of I System.

Communications requirements

  • Email requests. All requests for information, data extracts, access to data, and technical assistance must be emailed only to icardhelp@uillinois.edu.
  • Information sharing. The DSA accepts the responsibility to read all event notices and mass communications emailed from our Help Desk. In addition, the DSA is responsible for forwarding our event notices, release notes, and other mass communications to the users in their unit who access our data.
  • DSA change notices. The DDDH who approves the DSA’s assignment or renewal agrees to email icardhelp@uillinois.edu when a DSA leaves the employment of their unit.

This sentence marks the end of i-card Programs’ data security terms and conditions.

Terms Agreement Statement

To establish or renew a DSA's agreement/term, the unit's DSA must complete these steps:

  1. Read the preceding terms and conditions and the related policy links.
  2. Create an email from your university mail account.
  3. Copy the following agreement statement and paste it into your email. If you serve as a DSA or DDDH for multiple units, list their names as well. The agreement text to use is: "I have read i-card Programs’ Data Terms and Conditions, and by emailing you this text I certify that I fully understand and agree to abide by them."
  4. Include your University Identification Number (UIN) and the UIN and NetID of your direct supervisor.
  5. Include your signature block that includes your work phone number, unit name, and job title.
  6. Send the email to icardhelp@uillinois.edu.

This will complete your unit’s tasks for requesting to establish or renew a DSA’s term.