March 12, 2013,
Volume 59, No. 24
Today Penn publishes an important new policy pertaining to the privacy of applicant data,which will take effect as of April 1, 2013. It has been developed through extensive reviews by and input from constituencies across the University, including the Councils of Deans, Graduate Deans, Undergraduate Deans and the Offices of General Counsel and Undergraduate Admissions.The goals of this policy are to provide essential privacy protections–such as transparency, security, and appropriate use–and to advance awareness of the importance of protecting the privacy of applicant data. We encourage all members of the Penn community to study this policy and to recognize our shared responsibility to protect the privacy and security of personal information.
—Vincent Price, Provost —Andrew Binns, Vice Provost for Education
University of Pennsylvania Policy on the Privacy of Applicant Data
I. General Privacy Statement
The University of Pennsylvania (“University” or “Penn”) understands the importance of protecting the privacy of personal information, especially in today’s increasingly electronic environment. The University seeks to serve individuals interested in learning about and/or applying to Penn in a manner that respects their privacy, while allowing the University to effectively conduct its admissions process. Penn has therefore adopted the following policy and related procedures to protect the privacy and security of applicant data.
This statement applies to personally identifiable information about applicants and prospective applicants (“applicant information” or “applicant data”) maintained, used and/or shared by Penn. Applicant information of students who are in attendance at the University is covered by Penn’s Policy on the Confidentiality of Student Records.
III. Use and Sharing Restrictions
Penn may use and share applicant data consistent with the written consent of the applicant. In addition, Penn may use and share applicant data without the consent of the applicant in the circumstances described below.
a) Admissions Purposes.
Penn may use and share applicant data for the purposes of Penn’s admissions process, including but not limited to the following:
i. General Operational Use. Applicant information may be used by Penn faculty and staff (including temporary and student workers and volunteers) for admissions-related processes such as collecting application materials, reviewing applications, and communicating with applicants and prospective applicants regarding Penn, the admissions process and their status. It also may be used for institutional research.
All Penn faculty and staff with access to applicant data must protect such information consistent with this policy.
Applicant information may be shared with an approved external entity such as a contractor or agent, for the purposes of advancing Penn’s admissions process when that entity has strong measures in place to protect the privacy and security of applicant data.
External Sharing to Facilitate Complete and Accurate Application. There are many individuals involved directly or indirectly in ensuring a complete and accurate application. Penn may communicate with third parties in order to facilitate the completion of an application and/or to verify its accuracy. For example, Undergraduate Admissions may share applicant data with high school guidance counselors as necessary to achieve a complete application. For another example, programs may verify information in an application, such as the authors of letters of recommendation or the completion of academic degrees, and other information that could be material to an admissions decision.
ii. Parents and Guardians. In general, Penn communicates only with applicants themselves about their application. In exceptional cases, communications with a parent or guardian of an applicant may occur when the applicant indicates such communication is desired, when necessary to properly complete the admissions process, and in emergency circumstances (see “d” below).
iii. Role of Alumni. Applicant information may be shared with alumni volunteers or partners as necessary for the alumni interviewing program, the alumni ambassador program, and other sanctioned admissions programs involving alumni. Such alumni will agree to protect such information consistent with this policy. See Appendix A, a sample confidentiality statement, available on the Privacy website: www.upenn.edu/oacp/privacy/
iv. Role of Students. Student workers may be involved in operational tasks in support of admissions processes and have access to personal information of applicants. In such cases, students must agree in writing to protect the privacy and security of the information they access. See Appendix A. Undergraduate students (currently pursuing their bachelor’s degree) should not be provided applications or supporting materials and/or be included in the selection decision of undergraduate applicants. Similarly, graduate and professional school students should not be provided applications or supporting materials and/or be included in the selection decision for applicants to their graduate and professional programs. Notwithstanding the above, students may be provided access to limited demographic and contact information for recruitment purposes and may provide feedback on such applicants.
b) Other Activities Sanctioned by the University.
Applicant data may also be used by Penn officials or an approved external entity such as a contractor or agent in support of University business as sanctioned by the University. Penn may only share such data with approved entities when such contractors or agents have strong measures in place to protect the privacy and security of applicant data.
c) Required Disclosures.
Applicant data may be disclosed when required by law, required by certain associations in which Penn is a member when approved by the senior dean for admissions, or if, in the sole discretion of Penn, disclosure is necessary to protect the institution.
d) Emergency Circumstances.
Applicant data may be used and disclosed to third parties, including to parents and guardians, if, in Penn’s sole judgment, such disclosure is necessary to protect the health, safety or property of any person.
e) Compelling Purpose and Leadership Approval.
Applicant information may be shared in other cases when there is a compelling purpose regarding benefit to Penn or members of the Penn community and when approved by the senior dean for admissions in consultation with the Office of the Provost.
Penn faculty and staff must have in place appropriate physical, technical and administrative safeguards to minimize the risk of unauthorized access to applicant data, to maintain data accuracy and to ensure the appropriate use of information. Special attention must be given to the security of applicant data accessed remotely and/or from mobile devices. See www.upenn.edu/computing/security and www.upenn.edu/privacy for policy and guidance on keeping data secure.
V. Privacy Inquiries
If applicants or others have concerns or questions about the privacy of applicant data, they may contact email@example.com