Mitchell Hamline School of Law

Mitchell Hamline Policy Repository

Privacy Policy

Posted: August 5, 2024

Applies to: Faculty, Staff, Students

Policy Holder: Chief Information Officer

Responsible Office: Information Technology

Contact Information: Chief Information Officer

Effective Date: August 1, 2024

Last Review Date: August 1, 2024

1. Introduction

1.1. Purpose

This document establishes a privacy policy for Mitchell Hamline School of Law (MHSL or “the School”), focused on maintaining and protecting the confidentiality of visitor, applicant, student, and alumni sensitive information against unauthorized access, modification, and disclosure.

1.2. Scope

The MHSL Board of Trustees has sanctioned the creation of this document to ensure the confidentiality of sensitive data possessed by MHSL. The Chief Information Officer (CIO) has been granted the authority to establish, implement and enforce the requirements described in this policy.

1.3. Applicability

This policy and procedure document applies to MHSL, its employees, partners, business associates, vendors, contractors, and interns that handle MHSL information or make use of MHSL information technology (IT) assets.

This document will be distributed to all members of the MHSL Data Governance Committee, administrators, and MHSL leadership. This document will be available on viewing on the Summit.

1.4. Maintenance

The contents of this document will be managed by the CIO or an appointee. MHSL will conduct a full review of the policy at least annually or when significant changes occur, and document when the review occurred, what changes were made, and who made the changes in the Record of Changes table. Previous versions of this policy will be annotated as such and retained for archival purposes.

2. Policy

It is the policy of Mitchell Hamline to respect the privacy of all website visitors, alumni, students, and prospects who provide personal information to MHSL, to the extent permitted by law. This policy complements the online privacy statement which is available at mitchellhamline.edu.

2.1. What personal data we collect and why we collect it

Applicant Information
MHSL collects, processes, and retains the following data to provide services to MHSL applicants:

  • Personal identification information
    • Name
    • Social security number / TIN
    • Home address
    • Email address
    • Phone number
  • Education
  • Application date

Student/Alumni Information
MHSL collects, processes, and retains the following data to provide services to enrolled students and alumni:

  • Personal identification information
    • Name
    • Social security number / TIN
    • Home address
    • Email address
    • Phone number
  • Education information
  • Enrollment information
    • Coursework
    • Dates of enrollment
    • Grades / Performance
    • Graduation date
  • Financial information
    • Scholarships
    • Grants
    • Student loans
    • Bank account information
    • Credit card information
    • Invoices
    • Payments

Contact forms
If you utilize one of the contact forms available on the site, we collect identifiable information as part of your submission. Your personal information will not be shared with or sold to any third-party, except where required to fulfill your request, to provide a requested service to you, or as required by law.

Information Voluntarily Provided by You
In the course of using the MHSL website, visitors may choose to provide the School with information to help us serve your needs. For example, you may send us electronic mail (through a mailer or a Web form) to request information, you may sign up for a mailing list, or you may send us your address so we may send you an application or other material. Any personally identifiable information you send us will be used only for the purpose indicated. Requests for information will be directed to the appropriate staff to respond to the request and may be recorded to help us update our site to better respond to similar requests.

We will not sell, exchange, or otherwise distribute your personally identifiable information without your consent, except to the extent required by law. We do not retain the information longer than necessary for normal operations. Each Web page requesting information discloses the purpose of that information. If you do not wish to have the information used in that manner, you are not required to provide it. Please contact the person listed on the specific page, or listed below, with questions or concerns about the use of personally identifiable information.

Our website provides links to other World Wide Web sites or resources. We do not control these sites and resources, do not endorse them, and are not responsible for their availability, content, or delivery of services. In particular, external sites are not bound by our online privacy policy; they may have their own policies or none at all. Often you can tell you are leaving our website by noting the URL of the destination site.

Minn. Stat. 13.15 provides that electronic access data may be disseminated: (1) to the commissioner for the purpose of evaluating electronic government services; (2) to another government entity to prevent unlawful intrusions into government electronic systems; or (3) as otherwise provided by law.

If you have questions about the Mitchell Hamline website, its collection of information, and its online privacy statement, contact the site administrator.

Cookies
Cookies are pieces of information stored by your Web browser on behalf of a website and returned to the website on request. This site may use cookies for two purposes: to carry data about your current session at the site from one Web page to the next, and to identify you to the site between visits. If you prefer not to receive cookies, you may turn them off in your browser, or may set your browser to ask you before accepting a new cookie. Some pages may not function properly if the cookies are turned off. Unless otherwise notified on the site, MHSL will not store data, other than for these two purposes, in cookies. Cookies remain on your computer, and accordingly MHSL neither store cookies on our computers nor forward them to any external parties. Unless otherwise notified on the site, we do not use cookies to track your movement among different websites and do not exchange cookies with other entities.

Network traffic logs
In the course of ensuring network security and consistent service for all users, Mitchell Hamline employs software programs to do such things as monitor network traffic, identify unauthorized access or access to nonpublic information, detect computer viruses and other software that might damage our computers or the network, and monitor and fine-tune the performance of our network. In the course of such monitoring, these programs may detect such information as e-mail headers, addresses from network packets, and other information. Information from these activities is used only for the purpose of maintaining the security and performance of our networks and computer systems. Personally identifiable information from these activities is not released to external parties without your consent unless required by law, including Minn. Stat. 13.15.

Web Visit Logs
Our sites routinely collect and store information from online visitors to help manage those sites and improve service. This information includes the pages visited on the site, the date and time of the visit, the internet address (URL or IP address) of the referring site, the domain name and IP address from which the access occurred, the version of browser used, the capabilities of the browser, and search terms used on our search engines. This site makes no attempt to identify individual visitors from this information: Any personally identifiable information is not released to external parties without your consent unless required by law, including Minn. Stat. 13.15.

Anonymous traffic data
We collect anonymous data from each visitor to our website for traffic analytics and troubleshooting. This does not contain personal information but is collected upon each visit to our site. Anonymous traffic data may be shared with third-parties.

Analytics
Mitchell Hamline uses Google Analytics to understand site traffic. Google Analytics gives us information like the number of visitors to our site and specific pages along with aggregated information about location and general demographics of our visitors. Visitors may opt out of Google Analytics through a link provided on our website’s privacy page.

Advertising and Remarketing
Mitchell Hamline makes use of remarketing and “similar audience” tools to reach the most-relevant audiences in its digital advertising. Third-party vendors, including but not limited to Google and Facebook, use cookies to serve ads based on visits to our website.

2.2. How we collect data

Alumni, students, and applicants directly provide most of the sensitive information that we collect. MHSL may augment this information with data from third-party sources, as required to provide requested services. The School collects and processes data when:

  • An applicant applies for enrollment to the law school
  • A student or alumni complete a satisfaction survey or provide feedback on any of our coursework or services
  • A visitor visits our website

2.3. How we use data

The School collects alumni, student, and applicant data so we can:

  • Process admission applications
  • Process student enrollment requests
  • Manage student accounts and grades
  • Process payments and financial aid funding
  • Manage alumni membership and information
  • Mail, email, SMS, or call alumni about events or in response to requests
  • Mail, email, SMS, or call students about events or in response to requests
  • Mail, email, SMS, or call applicants about events or in response to requests

The School will not share your data with any partner companies.

When the School processes your payment or financial aid request, it may send your data to, and use the resulting information from credit reference agencies or financial aid agencies to prevent fraudulent requests.

2.4. How we store your data

The School securely stores your data in our datacenter at 875 Summit Ave, and in the Microsoft 365 Cloud.  Physical access to our data center is controlled by electronic key card access and digital access is restricted to authorized personnel on a least-privilege basis.

The School will keep your private data for 5 years. Once this time period has expired, we will delete your data by deprovisioning your account.

2.5. Marketing

The School would like to send you information about coursework and services that we think that you might like or are relevant.  This information will not be shared outside the school

If you have agreed to receive marketing, you may always opt out at a later date.

You have the right at any time to stop the School from contacting you for marketing purposes.

If you no longer wish to be contacted for marketing purposes, please contact us at:

Doug Belden
Director, Marketing and Communications
doug.belden@mitchellhamline.edu
651-290-6360

2.6. Your data protection rights

The School would like to make sure you are fully aware of all your data protection rights. Every user is entitled to the following:

The right to access: You have the right to request the School for copies of your personal data. We may charge you a small fee for this service.

The right to rectification: You have the right to request that the School correct any information you believe is inaccurate. You also have the right to request the School to correct the information you believe is incorrect.

The right to erasure: You have the right to request that the School erase your personal data, under certain conditions.

The right to restrict processing: You have the right to request that the School restrict the processing of your personal data, under certain conditions.

The right to object to processing: You have the right to object to the School’s processing of you personal data, under certain conditions.

The right to data portability: You have the right to request that the School transfer the data we have collected to another organization, or directly to you, under certain conditions.

If you make a request, we have up to one month to respond. If you would like to exercise any of these rights, please contact us:

Email us at: ithelp@mitchellhamline.edu

Call us: 651-227-9171

Or write us at: 875 Summit Avenue, Saint Paul MN 55105-3076

2.7. Privacy policies of other websites

The School web properties may contain links to other websites. Our privacy policy applies only to our website(s), so if you click on a link to another website, you should read their privacy policy.

2.8. Changes to our privacy policy

The School keeps its privacy policy under regular review and places any updates on this web page. This privacy policy was last updated on 08/01/2024.

2.9. How to contact us

If you have any questions about the School’s privacy policy, the data we hold about you, or would like to exercise one of your data protection rights, please do not hesitate to contact us.

Email us at: ithelp@mitchellhamline.edu

Call us: 651-227-9171

Or write us at: 875 Summit Avenue, Saint Paul MN 55105-3076

2.10. How to contact the appropriate authority

If you are a resident of the EU and wish to report a complaint or feel that the School has not addressed your concern in a satisfactory manner, you may contact the Information Commissioner’s Office.

Email us at: ithelp@mitchellhamline.edu

Call us: 651-227-9171

Or write us at: 875 Summit Avenue, Saint Paul MN 55105-3076

3.    Compliance

3.1. Exceptions

All exceptions to this policy shall be handled through the Executive Leadership Committee.

3.2. Non-Compliance

Violation of this policy may result in disciplinary action, up to and including termination of employment (see MHSL Employee Manual), termination of contract, or termination of association.

3.3. Reporting Incidents

All users are responsible for reporting any incident of unauthorized use or access of School information systems or any observed breach of MHSL information security policies.

4. Policy Attributes

4.1. Supersedes

This policy supersedes all previous information security policies, standards, and guidelines as well as any information security related controls contained in non-security specific policies, standards, or guidelines otherwise identified by Information Security and the Chief Information Security Officer (CISO).

4.2. Related Policies and Standards

  • Information Security Policy
  • Access Control Policy
  • Data Classification and Handling Policy
  • Data Governance Policy
  • Data Retention Guidelines

4.3. References

  • European Union General Data Protection Regulation (GDPR)
  • California Consumer Privacy Act
  • California Privacy Rights Act

5. Glossary

Data
Distinct pieces of digital information that have been formatted in a specific way.

Data Privacy
Protection of confidentiality and access to certain information about an entity. It also includes the freedom from intrusion into an individual’s private life or affairs when that intrusion is the result of illegal or undue data gathering and use.

Data Security
Protection of digital information from threats that endanger confidentiality, integrity, or availability due to a cyberattack or data breach.

Erasure
A data protection right that allows an individual to request the School to delete their personal data, under certain conditions.

Information
Any communication or representation of knowledge such as facts, data, or opinions in any medium or form, including textual, numerical, graphic, cartographic, narrative, or audiovisual.

Minimization
A privacy principle to limit the collection and retention of personal information to what is directly relevant and necessary to accomplish a specified purpose.

Personally Identifiable Information (PII)
Any information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other personal or identifying information that is linked or linkable to a specific individual.

Rectification
A data protection right that allows an individual to request the School to correct inaccurate personal information.