Back to Top
Skip to Content
Home :: Policies :: Privacy Policy

Privacy Policy

Responsible Department
University Wide
Effective Date
  1. .

    Policy Purpose

    1. The purpose of this policy is to set forth requirements regarding information entrusted to the University by the public and members of the University of North Georgia (the “University”).

    2. It applies to all units in their handling of data, information and records in any form (paper, digital text, images, audio, video, microfilm, etc.) created, collected, accessed, used, handled, stored, managed or disposed of during the course of conducting University business (administrative, financial, instruction, research or service).

    3. This is a new policy.
  2. .


    Private Information:  Includes all information protected by state and/or federal law or that the University is obligated to protect. Private Information also includes information designated by the University as Controlled Unclassified Information (confidential or sensitive) through the creation of standards, procedures and guidelines. Access to these data must be tightly monitored.

    Examples of Private Information include, but are not limited to the following:

    1. Nondirectory student records as defined by FERPA and the University Student Education Records Policy

    2. Financial aid and scholarship records

    3. Individually identifiable personnel records

    4. Personal information utilized to verify identity, including but not limited to Social Security numbers (SSN) and University ID numbers (UNG ID)

    5. Passwords and PINS

    6. Digital Signatures

    7. Individually identifiable health information protected by state or federal law (including but not limited to “protected health information” as defined by the Health Insurance Portability and Accountability Act (HIPAA)

    8. Individually identifiable information created and collected by research projects

    9. Credit card numbers and financial transactions covered by the Payment Card Industry (PCI) Standard

    10. Information resources with access to confidential or sensitive data

    11. Information covered by nondisclosure agreements

    12. Any information relating to an identified or identifiable person, or personal data, as defined in the General Data Protection Regulation (GDPR) Privacy Notice.
  3. .

    Policy Statement

    1. UNG Commitment to Privacy

      The University of North Georgia is committed to safeguarding all Private Information entrusted to the University by the public and members of the Univerity community. This notice describes the University’s general privacy policy as it relates to the collection, protection and disclosure of such information.

    2. Collection and Protection of Information

      1. Information may be collected in a variety of ways, paper or electronic, including but not limited to, web sites, surveys, email, information requests, databases, etc., as required to support University activities.

      2. Information collected, regardless of the method of collection or format, may be used only to carry out the authorized business of the University. The University shall make reasonable efforts to limit the Private Information it collects to only that information strictly relevant to accomplish a clearly defined institutional purpose.

      3. Every unit is responsible for maintaining the necessary confidentiality, integrity and availability of the information it handles. Every unit is responsible for granting to assigned individuals within the unit the reasonable, minimum access to Private Information needed to accomplish the necessary institutional purposes. All University employees are required to abide by state and federal laws and University policies, procedures and guidelines regarding the handling and protection of Private Information.

      4. Employees who become aware of a breach of the privacy or security of Private Information must report such breach immediately to the UNG IT Helpdesk at 706-864-1922 or The Information Services Customer Service Center will notify the UNG IT Security Officer.

      5. Additional University policies, procedures and guidelines apply to specific types of information. Further, individuals for whom the University collects, maintains, or processes their personal data are directed to review the supplementary Privacy Notice, provided here in accordance with European Union General Data Protection Regulation (GDPR) available at

    3. Disclosure of Information

      Private Information may be disclosed only to the extent that is permitted or required by law. Disclosure must comply with applicable requirements regarding consent or authorization for disclosure.

    4. Legally Mandated Disclosure of Information

      The University may be required to release information, including Private Information, where required by state or federal law or upon receipt of a subpoena, search warrant or other court order.

    5. University Employee Privacy When Using University Resources

      1. The University supports a climate of trust and respect, and the University does not ordinarily read, monitor or screen employees’ routine use of information resources.  UNG Employees should have no express or implied expectation of privacy related to their use of University provided information resources.

      2. For additional information about the appropriate use of University resources, refer to the University Information Technology Acceptable Use Policy.

    6. Violations of this policy may result in disciplinary action, up to and including dismissal of employees. Employment actions will be conducted under the advice and guidance of Human Resource Management and the Office of the General Counsel.
  4. .


    Any related operating procedures must comply with and should reference this policy.

UNG follows Section 508 Standards and WCAG 2.0 for web accessibility. If you require the content on this web page in another format, please contact the ADA Coordinator.

Back to Top