MSC Privacy and Security Policy

Modified 3/29/2002
10/2/2008 - Organization identities updated (e.g. MSC changed to MSCC)
7/9/2009 - Organization identities updated (e.g. MSCC changed to MSC)

MSC Computer Operations provides web services for the Memorial Student Center at Texas A&M University and its members. The following is the privacy policy for this site (msc.tamu.edu) and sites of its member resource areas and committees and service areas (those not listed as "other").

Members of the MSC that maintain their own web site content may have additional privacy policy disclosures provided on their web sites.

Information Collected and Stored Automatically

We do not use "cookies" to collect information. In the few cases where cookies are used, they are used solely for the duration of a transaction to identify the session to ensure accurate handling of the transaction. Any information that may be afforded by the use of cookies beyond this purpose is ignored and not stored.

For site management functions, information is collected for analysis and statistical purposes. This information is not reported or used in any manner that would reveal personally identifiable information, and will not be released to any outside parties unless legally required to do so in connection with law enforcement investigations or other legal proceedings.

We use log analysis tools to create summary statistics, which are used for purposes such as assessing what information is of most interest, determining technical design specifications, and identifying system performance or problem areas. The following information is collected for this analysis:

User Client hostname - The hostname (or IP address if DNS is disabled) of the user/client requesting access.
HTTP header, "user-agent" - The user-agent information includes the type of browser, its version, and the operating system it's running on.
HTTP header, "referer" - The referer specifies the page from which the client accessed the current page.
System date - The date and time of the user/client request.
Full request - The exact request the user/client made.
Status - The status code the server returned to the user/client.
Content length - The content length, in bytes, of the document sent to the user/client.
Method - The request method used.
Universal Resource Identifier (URI) - The location of a resource on the server.
Query string of the URI - Anything after the question mark in a URI.
Protocol - The transport protocol and version used.
Information Collected from E-mails and Web Forms

If you send us an electronic mail message with a question or comment that contains personally identifying information, or fill out a form that provides us this information, we will only use the personally-identifying information to respond to your request and analyze trends. We may redirect your message to another University department, agency, or person who is in a better position to answer your question.

Exceptions to this practice may occur in cases where a web form provides a clear description of how personally-identifiable information will be used differently (such as for a public on-line guestbook, inclusion in an e-mail mailing list, or for conference registration where your name and similar information may be used to print nametags or delegate lists).

Disclosure of Information

As a department within an agency of the State of Texas, information kept on record by the Memorial Student Center may be subject to Open Records requests.

Upon your request, with few exceptions, you are entitled to be informed about the information that the MSC collects about you. Under the "Open Records Act" you are also entitled to receive and review this information. You are entitled to have the MSC correct any information about you in our possession that is incorrect. If you determine that the MSC has recorded information about you incorrectly, you may request a correction.
Paragraph added 3/29/2002

Security, Intrusion, or Detection Monitoring and Investigation

For site security purposes and to ensure that service remains available to all users, this government computer system employs software programs to monitor network traffic to identify unauthorized attempts to upload or change information, or otherwise cause damage. Except for authorized law enforcement investigations, no other attempts are made to identify individual users or their usage habits.

Unauthorized attempts to upload information or change information on this service are strictly prohibited and may be punishable under the Texas Penal Code Chapters 33 (Computer Crimes) or 33A (Telecommunications Crimes).

Changes to Privacy Policy

In the event changes are made to this policy that might reduce privacy by allowing personal information to be used in ways not described above, the additional purposes may only use information obtained after the revised policy is published on the MSC web site. Past information will continue to be protected in accordance with the policy in effect at the time the information was obtained.

Be part of something