Policy for Access to and Use of University Data by Internal Constituencies - The University of Tulsa
Close Menu
Close Menu

Policy for Access to and Use of University Data by Internal Constituencies

The University of Tulsa is committed to safeguarding the confidential information of students, faculty, staff, alumni, friends, donors, prospects and other members of the university community.

The University will disclose data to other University units, departments, and offices only upon the demonstration of a legitimate university-related business reason. Such access will only be granted after a formal request is submitted and any and all employee(s) who will access or use the data sign and return the University Data Use Agreement and Request. Data may not be transmitted, published, or distributed to any other University employees, contractors, departments, offices or units unless authorized in writing by the University.

Requests by employees for access to University data will be reviewed by the Office of Strategic Marketing & Communications. Access may be granted only if the request is approved by the Senior Executive Director of Marketing & Communications and the appropriate approving officer or designee, as provided below:

Recipient Group Approving Officer
Students Dean of Students or Senior Vice Provost
Faculty Provost
Staff Chief Human Resources Officer
Alumni Vice President for Advancement & Alumni
Trustees President
  1. University data may only be used for the specific purpose identified in the formal written request. University units, departments, and offices that receive University data may not use the data for subsequent communications or purposes without seeking further approval from the University.
  2. Employees must exercise reasonable effort to secure and protect from disclosure any confidential information downloaded to or stored on any type of electronic device (e.g., computer, mobile device, etc.) or peripheral device (e.g., memory card, external hard drive, etc.). University data may not be stored on any unencrypted peripheral devices and must be deleted when no longer needed.
  3. Employees must exercise reasonable effort to secure and protect from disclosure any confidential information in hard copy. All hard copy confidential information marked for disposal must be shredded.
  4. All use of University data must be consistent with University policies, including The University of Tulsa Information Technology Policies and Guidelines: https://utulsa.edu/information-technology/policies-guidelines
  5. University data shall be used for sanctioned university business purposes only, as approved by TU leadership. This includes approval of all messaging to recipient lists compiled from University data.
  6. Individuals who have been authorized to receive University data will NOT use such data:
    1. In connection with surveys, contests, pyramid schemes, chain letters, junk email, spamming, or any duplicative or unsolicited messages (commercial or otherwise);
    2. For the transmission of commercial or personal advertisements, solicitations, promotions, destructive programs, political material, or any other unauthorized or personal use;
    3. To send harassing or defamatory material;
    4. To send fraudulent, harassing, obscene, indecent, profane, intimidating, or other unlawful messages;
    5. To defame, abuse, harass, stalk, threaten or otherwise violate the legal rights (such as rights of privacy and publicity) of others;
    6. To distribute or disseminate any inappropriate, profane, defamatory, obscene, indecent or unlawful topic, name, material or information;
    7. To transmit, or otherwise make available, files that contain images, photographs, software or other material protected by intellectual property laws, including, by way of example, and not as limitation, copyright or trademark laws (or by rights of privacy or publicity) unless you own or control the rights thereto or have received all necessary consent to do the same; or
    8. To advertise or offer to sell or buy any goods or services for any business purpose, unless such communication services specifically allow such messages.
  7. Violations of this policy may result in disciplinary action.

Please read and note the following important information:

  • All associated exclusionary mail rules will be applied to every data request (e.g. no mail, GDPR)
  • Mailing list requests may take up to ten business days to process. Please allow five business days to re-process changed requests. All data will be returned electronically.
  • Requests may be denied based on criteria within this policy.