The University of Wisconsin – Milwaukee values the privacy rights of all members of its community. In furtherance of this value, and pursuant to UW System Administrative Policy 1040, Information Security: Privacy Policy, as well as applicable law, UWM has expectations regarding the collection, maintenance, and use of personal data. 

Definitions 

Data Subject: An identified or identifiable natural person to which Personal Data applies. 

Personal Data: 

  • Information which can be used to distinguish or trace the identity of an individual alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual. 
  • Any information about health status, provision of health care, or payment for health care that is created or collected by a Covered Entity (or a Business Associate of a Covered Entity) under the Health Insurance Portability and Accountability Act (HIPAA) and can be linked to a specific individual. This includes any part of a patient’s medical record or payment history. 

UWM: The University of Wisconsin – Milwaukee and all employees and agents acting under its authority. 

General Privacy 

UWM limits the collection, use, sharing, and storage of Personal Data to that which reasonably serves the institution’s academic, research, administrative functions, or other legally permitted purposes. Such collection, use, sharing, and storage shall comply with applicable federal and state laws and regulations, and with the policies, standards, and procedures of UW System or any individual institution within UW System. 

Prior to collection of Personal Data, UWM shall make available to the Data Subject a notice that describes: 

  1. the Personal Data that will be collected,  
  2. how it will be processed, and  
  3. with whom the Personal Data will be shared. 

If Personal Data is to be collected or processed for reasons that do not otherwise serve UWM’s academic, research, administrative functions, or other legally required purposes, UWM shall make available to the Data Subject processing preferences and the ability for the Data Subject to opt in to such collection or processing. 

Exceptions to this notice and consent requirement are permitted to the extent allowed under federal and state laws and regulations (such as in situations where human subject research occurs pursuant to a waiver of HIPAA’s authorization requirement). 

Access to Personal Data 

Data Subjects may review their own Personal Data collected and/or processed by UWM and request corrections of the data if inaccuracies are found. These processes may be initiated by contacting one of the following to obtain the relevant data: 

  • If the individual is a student or former student seeking their student records, by contacting the UWM Registrar
  • If the individual has voluntarily submitted data via a webform, by reaching out to the contact identified on that webform. 
  • If the individual is a research subject, by contacting the Primary Investigator (PI) for the research study or, if such individual is no longer available, by contacting UWM’s Institutional Research Board (IRB). 
  • If the individual is an employee or former employee seeking data related to their employment, by contacting the UWM Department of Human Resources (which may redirect the individual to the UW Human Resource/Shared Services or other entity as appropriate). 
  • For all other requests, by contacting the UWM Records Custodian

Though an individual/unit may be designated as the initial point of contact for this purpose, that entity may redirect the request as appropriate. 

If an individual seeks to correct data in UWM’s possession, the individual must contact the unit maintaining such data to initiate that request and must follow any procedures established by that unit for processing correction requests. 

Privacy Roles 

UWM’s Chief Information Security Officer shall be the primary party responsible for addressing privacy-related questions or concerns and will also serve as the liaison between UWM and the UW System Chief Privacy Officer on privacy-related matters and initiatives. 

Expectation of Privacy 

UWM recognizes the reasonable privacy expectation of employees, affiliates, business partners and students in relation to Personal Data maintained in any format, subject only to applicable state and federal laws and UW System policies and procedures. UWM cannot guarantee absolute privacy of Personal Data. Data Subjects can expect Personal Data to be used by UWM under the following conditions: 

  • For system maintenance or business necessity, including security measures; 
  • When consent is received from the Data Subject to monitor their data; 
  • To investigate suspected violations of laws or policy; 
  • To fulfil obligations under Wisconsin Public Records Law or other laws, regulations, or institutional policies, rules, or guidelines; or 
  • As permitted by applicable law or policy. 

Suspected Violations or Breaches of Privacy 

If, at any time, an individual or department suspects or confirms that any Personal Data maintained by UWM been subject to unauthorized access and/or disclosure, the incident must be reported in accordance with UW System Administrative Policy 1033, Information Security: Incident Response. Notification to affected Data Subjects shall be made in accordance with applicable law. 

Website Privacy Statement 

UWM maintains a website privacy statement describing the type of information UWM collects, how the information is used, and with whom the information is shared when users visit the UWM’s primary public website.

Read UWM’s website privacy statement: