EIU Biometric Policy
Overview
Eastern Illinois University (“EIU” or “the University”) may use biometric identification systems to increase security, control access to certain campus facilities, and other specialized uses.
The University recognizes the sensitivity of Biometric Data, as defined below, and takes seriously its obligations to maintain the confidentiality of this data and protect its security in accordance with various regulatory obligations and in fulfillment of its stewardship of information provided to it by students, employees, and other constituents.
Policy Statement
Wherever the University implements systems utilizing Biometric Data, it will implement suitable controls and take other appropriate steps to protect the security and privacy of this data in accordance with appropriate regulatory and other relevant obligations.
Entities Affected By This Policy
University students, faculty, staff and all other individuals or entities using University IT Resources.
Definitions
- Biometric Identifier. A retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry.
- Biometric Information. Information, regardless of how it is captured, converted, stored, or shared, based on an individual’s biometric identifier used to identify an individual.
- Biometric Data. A collective term for biometric identifier and biometric information.
Principle
I. Consent
An individual’s Biometric Data will not be collected or otherwise obtained by Eastern Illinois University without prior written consent of the individual. The consent form will inform the individual of the specific reason the Biometric Data is being collected and the length of time the data will be stored.
II. Disclosure
In circumstances where Eastern Illinois retains Biometric Data, the University will not disclose or disseminate any Biometric Data to any third party unless:
- Disclosure is required by state or federal law or municipal ordinance;
- Disclosure is required pursuant to a valid warrant or subpoena issued by a court of competent jurisdiction;
- The disclosed data completes a financial transaction requested or authorized by the student, employee, or other constituent; or
- The student, employee, or other constituent has consented to such disclosure or dissemination.
III. Storage
In circumstances where Eastern Illinois retains Biometric Data, the University will use a reasonable standard of care to store, transmit and protect from disclosure any paper or electronic Biometric Data collected. Storage, transmission, and protection from disclosure shall be performed in a manner that is the same as or more protective than the manner in which the University stores, transmits and protects from disclosure other confidential and sensitive information that is used to uniquely identify an individual.
IV. Retention Schedule
In circumstances where Eastern Illinois retains Biometric Data, the University will permanently destroy an individual’s Biometric Data within twelve (12) months of when the initial purpose for collecting or obtaining such Biometric Data has been satisfied, such as:
- The employee’s employment is terminated;
- The student graduates or otherwise leaves the University;
- The employee transfers to a position for which the Biometric Data is not used; or
- The University no longer uses the Biometric Data.
V. Vendors and/or Licensors
If any of the University’s vendors and/or licensors require access to Biometric Data from the University in order to satisfy any contractually obligated performance on behalf of the University, the University will require that they shall protect the data in a manner that is the same as or more protective than the above defined disclosure, storage and retention schedule sections, unless other specific arrangements are necessary to satisfy contractual and legal obligations.
Contacts
EIU Information Security - 217-581-1939
Related Documents
Biometrics Privacy Act - https://www.ilga.gov/legislation/ilcs/ilcs3.asp?ActID=3004&ChapterID=57
Supporting Policies, Procedures and Guidelines
Acceptable Use: https://www.eiu.edu/auditing/igp/129
Identify Policy: https://www.eiu.edu/panthertech/policies_identification.php
Last Date Reviewed: 06/13/2024