Appropriate Use of TAMU Directory Services Data Policy

TAMU Directory Services provides applications and services at the Texas A&M University with demographic, role and contact data to support identity management, provisioning, authentication, and authorization. The following guidelines are designed to ensure judicious and compliant use of that information, protecting the security and privacy of that data where necessary.

1. TAMU Directory Services data use must be authorized by the appropriate data custodians for student, employee or other data using the TAMU Directory Services authorization request form. This form specifies what data elements are needed for what purpose. TAMU Directory Services data consumers (applications or services that use data from TAMU Directory Services) will be contacted annually to verify continued need for data access. The data obtained must be used only for the specific purpose identified on the request form (doc|pdf) and not for any other purpose, and must not be supplied to other applications.
   
   
2. TAMU Directory Services data use must comply with the applicable State of Texas and Federal laws and regulations concerning privacy and security as well as complying with University policy. TAMU Directory Services data use is specifically bound by the University FERPA Policy and University Acceptable Use Guidelines.
   
   
3. TAMU Directory Services data may be used for purposes of providing identity management, which includes, for example, directory authentication and authorization services, provisioning services, and contact information.
   
   
4. TAMU Directory Services consumers must provide details on what TAMU Directory Services data they store locally.
   
   
5. TAMU Directory Services consumers must take all necessary precautions to secure TAMU Directory Services data in transmission and in storage. This includes utilizing security best practices as posted at http://security.tamu.edu/.
   
   
6. Consumers of TAMU Directory Services data responsible for any security breach traceable to their use or specific authorization will be reported to Networking & Information Security.
   
   
7. Periodic and random audits will be performed on use of TAMU Directory Services data by Networking & Information Security.
   
   
8. Consumers of TAMU Directory Services data must provide access logs and access to systems containing TAMU Directory Services data upon request to Networking & Information Security.