Skip to main content
Eastern Illinois University

Panthertech

EIU Biometric Policy

Overview

Eastern Illinois University (“EIU” or “the University”) may use biometric identification systems to increase security, control access to certain campus facilities, and other specialized uses.

The University recognizes the sensitivity of Biometric Data, as defined below, and takes seriously its obligations to maintain the confidentiality of this data and protect its security in accordance with various regulatory obligations and in fulfillment of its stewardship of information provided to it by students, employees, and other constituents.

Policy Statement

Wherever the University implements systems utilizing Biometric Data, it will implement suitable controls and take other appropriate steps to protect the security and privacy of this data in accordance with appropriate regulatory and other relevant obligations.

Entities Affected By This Policy

University students, faculty, staff and all other individuals or entities using University IT Resources.

Definitions

Principle

I. Consent

An individual’s Biometric Data will not be collected or otherwise obtained by Eastern Illinois University without prior written consent of the individual. The consent form will inform the individual of the specific reason the Biometric Data is being collected and the length of time the data will be stored.

II. Disclosure

In circumstances where Eastern Illinois retains Biometric Data, the University will not disclose or disseminate any Biometric Data to any third party unless:

  1. Disclosure is required by state or federal law or municipal ordinance;
  2. Disclosure is required pursuant to a valid warrant or subpoena issued by a court of competent jurisdiction;
  3. The disclosed data completes a financial transaction requested or authorized by the student, employee, or other constituent; or
  4. The student, employee, or other constituent has consented to such disclosure or dissemination.

III. Storage

In circumstances where Eastern Illinois retains Biometric Data, the University will use a reasonable standard of care to store, transmit and protect from disclosure any paper or electronic Biometric Data collected. Storage, transmission, and protection from disclosure shall be performed in a manner that is the same as or more protective than the manner in which the University stores, transmits and protects from disclosure other confidential and sensitive information that is used to uniquely identify an individual.

IV. Retention Schedule

In circumstances where Eastern Illinois retains Biometric Data, the University will permanently destroy an individual’s Biometric Data within twelve (12) months of when the initial purpose for collecting or obtaining such Biometric Data has been satisfied, such as:

  1. The employee’s employment is terminated;
  2. The student graduates or otherwise leaves the University;
  3. The employee transfers to a position for which the Biometric Data is not used; or
  4. The University no longer uses the Biometric Data.

V. Vendors and/or Licensors

If any of the University’s vendors and/or licensors require access to Biometric Data from the University in order to satisfy any contractually obligated performance on behalf of the University, the University will require that they shall protect the data in a manner that is the same as or more protective than the above defined disclosure, storage and retention schedule sections, unless other specific arrangements are necessary to satisfy contractual and legal obligations.

Contacts

EIU Information Security - 217-581-1939

Related Documents

Biometrics Privacy Act - https://www.ilga.gov/legislation/ilcs/ilcs3.asp?ActID=3004&ChapterID=57

Supporting Policies, Procedures and Guidelines

Acceptable Use: https://www.eiu.edu/auditing/igp/129

Identify Policy: https://www.eiu.edu/panthertech/policies_identification.php

Last Date Reviewed: 06/13/2024

CONTACT THE DEPARTMENT

Technology Support

217-581-4357
support@eiu.edu