Data Security Terms and Conditions

Our terms and conditions are uniform for all clients, no matter how they access or otherwise consume our data. Each DSA and their DDDH who approves their assignment must read and agree with these terms annually. Estimated reading time is 5 minutes.

Are you a DDDH for a unit whose DSA term expires in April, and you received an email from that directed you to this page? You must read and agree to these terms. After these conditions, a Terms Agreement Statement is provided to help you quickly and correctly complete your approval and provide it to our Help Desk.

Terms and Conditions


These shorthand terms are used throughout these terms and conditions:

  • The use of “our,” “us,” and “we” refers to i-card Programs.
  • The acronym “DSA” indicates an i-card Programs’ Data Security Administrator.
  • The term “DDDH” indicates a direct supervisor of any title to whom a DSA reports. Often, a DSA’s supervisor serves as a Dean, Director, or Department Head.

Reservation of rights

  • We reserve the right to change or revoke access to its data for any user, DSA, or unit without notice. Access is usually revoked due to disregard for these terms and conditions, non-use, a position or employment change, or misuse of data.
  • We reserve the right to limit the number of DSAs assigned to a unit.
  • These terms are subject to change without notice.

General conditions

  • The DSA and the DDDH who authorizes their DSA assignment are responsible for reading all the terms and conditions provided on this page.
  • A DSA assignment is valid only so long as the named DSA is an active employee for the client unit they agreed to serve.
  • A DSA assignment (“term”) expires in 12 months, or by April 30 of the next calendar year, or when the DSA is no longer employed by the unit they agreed to serve, whichever is sooner. Failure to renew a DSA assignment before its expiration date can result in all access to our data being terminated, for the DSA and the department. This access may be revoked without notice.
  • DSAs who serve as a dean, director, or department head may not approve their own DSA assignment. All DSAs without a chancellor title must have their DSA term approved by their supervisor.

Communications requirements

  • Email requests. All requests for information, data extracts, access to data, and technical assistance must be emailed only to
  • Information sharing. The DSA accepts the responsibility to read all event notices and mass communications emailed from our Help Desk. In addition, the DSA is responsible for forwarding our event notices, release notes, and other mass communications to the users in their unit who access our data.
  • DSA change notices. The DDDH who approves the DSA’s assignment or renewal agrees to email when a DSA leaves the employment of their unit.

Scope and limits for use and storage of data

  • Exclusivity. The DSA agrees that their unit will not share aggregate data, including photos, from i‑card Programs with other university units or personnel.
  • Card data. The DSA must obtain approval from i-card Programs before collecting or using data from any card, ID, key fob, mobile application, or other token produced by i-card Programs. Such data includes, but is not limited to, the UIN, magnetic stripe data, contactless chip data, and mobile credential data.
  • University Identification Numbers (UINs). The DSA agrees that the UIN will not be used, alone or in conjunction with publicly available information, to obtain services or nonpublic information about an individual. The DSA also agrees that a UIN may not be used as any kind of password or as any part of a login.

Security rules

  • Student data and FERPA Compliance. All data received from i-card Programs is potentially student data, with handling requirements subject to Federal law. The DSA is obligated to familiarize themself with the relevant U of I System and university FERPA and Compliance policies and procedures. The DSA accepts responsibility for ensuring that anyone to whom they grant access to student data follows relevant FERPA procedures.
  • Confidentiality and high-risk data. The data that we provide may contain confidential and/or high-risk data, including but not limited to registration information and Social Security numbers. The DSA accepts all responsibility for the storage, handling, and disposal of the data to which they have access or to which they permit others access, particularly high risk, sensitive, and confidential data. If any hard copy of our data is produced and is no longer in use, the DSA is responsible for disposing of it in a secure manner, such as shredding.
  • SSN access. The DSA for users who may access SSNs in our database is responsible for ensuring these users have read and understand the university’s Social Security Number policy. SSN access may be subject to additional approvals.
  • Information security. The DSA must read the University's Information Security Policy, which is referenced on U of I System Cybersecurity’s Policy webpage. DSAs accept responsibility for ensuring they comply with this policy and any relevant policies to which it refers. The DSA must also ensure that any employees to whom they give data access also read and understand all relevant policies listed on this form.

Access management

  • Access requests. The DSA is responsible for requesting access to our data on behalf of their unit. The DSA may only request access for employees of their unit, and they must provide employees’ University Identification Numbers. By emailing a request for data, the DSA indicates they authorize the requested access.
  • Contractors. The DSA agrees to inform us immediately any time they want a contractor or other person working under contract with the University of Illinois to have access to our data. Additional requirements and agreements may be required, in accordance with system, university, and/or our policies. The DSA and DDDH understand that all our terms and conditions for employees also apply to contractors.
  • Changes to users of data. The DSA is obligated to email when an employee who has access to our data longer needs access to it. Such cases include, but are not limited to: an employee’s job duties change, the employee exits the unit, or the employee exits the U of I System.

This sentence marks the end of i-card Programs’ data security terms and conditions.

Terms Agreement Statement

If you are a DDDH who has received an email that directed you to this page, you must read the preceding terms and conditions and then prepare an email to as follows:

  1. Create an email from your university mail account.
  2. Copy the following agreement statement and paste it into your email: 

I have read i-card Programs’ Data Terms and Conditions, and by emailing you this text I certify that I fully understand and agree to abide by them.

  1. Sign your email, including your signature file (with title and unit).
  2. Send the email to

This will complete your unit’s tasks for requesting to renew a DSA’s term.