Eastern Illinois University (“EIU” or “the University”) may use biometric identification systems to increase security, control access to certain campus facilities, and other specialized uses.
The University recognizes the sensitivity of Biometric Data, as defined below, and takes seriously its obligations to maintain the confidentiality of this data and protect its security in accordance with various regulatory obligations and in fulfillment of its stewardship of information provided to it by students, employees, and other constituents.
Wherever the University implements systems utilizing Biometric Data, it will implement suitable controls and take other appropriate steps to protect the security and privacy of this data in accordance with appropriate regulatory and other relevant obligations.
University students, faculty, staff and all other individuals or entities using University IT Resources.
An individual’s Biometric Data will not be collected or otherwise obtained by Eastern Illinois University without prior written consent of the individual. The consent form will inform the individual of the specific reason the Biometric Data is being collected and the length of time the data will be stored.
In circumstances where Eastern Illinois retains Biometric Data, the University will not disclose or disseminate any Biometric Data to any third party unless:
In circumstances where Eastern Illinois retains Biometric Data, the University will use a reasonable standard of care to store, transmit and protect from disclosure any paper or electronic Biometric Data collected. Storage, transmission, and protection from disclosure shall be performed in a manner that is the same as or more protective than the manner in which the University stores, transmits and protects from disclosure other confidential and sensitive information that is used to uniquely identify an individual.
IV. Retention Schedule
In circumstances where Eastern Illinois retains Biometric Data, the University will permanently destroy an individual’s Biometric Data within twelve (12) months of when the initial purpose for collecting or obtaining such Biometric Data has been satisfied, such as:
V. Vendors and/or Licensors
If any of the University’s vendors and/or licensors require access to Biometric Data from the University in order to satisfy any contractually obligated performance on behalf of the University, the University will require that they shall protect the data in a manner that is the same as or more protective than the above defined disclosure, storage and retention schedule sections, unless other specific arrangements are necessary to satisfy contractual and legal obligations.
IT Security Officer 217-581-1942
Biometrics Privacy Act - https://www.ilga.gov/legislation/ilcs/ilcs3.asp?ActID=3004&ChapterID=57
Acceptable Use: https://castle.eiu.edu/auditing/129.php
Identify Policy: https://www.eiu.edu/panthertech/policies/identification.php