56.50 - Authority & Purpose (AP)

Return to policies website

Policy Statement
TTUHSC El Paso shall identify the authority to collect Personally Identifiable Information (PII) and specify the purposes and/or activities for which PII is collected.

Reason for Policy
The purpose of the Data Authority & Purpose (AP) policy is that TTUHSC El Paso identifies the authority to collect Personally Identifiable Information (PII) and specifies the purpose(s) for which PII is collected.

Entities Affected by this Policy are any and all users of Information Resources at TTUHSC El Paso.

What is covered in this Policy?
The overall policy addresses the Institutional stance as it applies to Data Authority & Purpose in consideration of Personally Identifiable Information (PII).

It is the stance of TTUHSC El Paso to ensure that there are safeguards in place aligned with NIST 800-53 and TAC 202 to ensure the protection, integrity, and confidentiality of information resources at TTUHSC El Paso.

Who Should Read this Policy?
All individuals accessing, storing, viewing any TTUHSC El Paso information resources.

What happens if I violate this policy?
Any person(s) violating TTUHSC El Paso Information Technology policies are subject to penalty under Federal, state, and local legislation. Disciplinary actions are further outlined in HSCEP ITOP 56.50 Sanctions Policy.

 

AP-01: Authority to Collect

TTUHSC El Paso Information Security determines the legal authority that permits the collection, use, maintenance, and sharing of PII, either generally or in support of a specific program or system need.

Before colleting PII, business units are required to determine whether the contemplated collection of PII is legally authorized.

AP-02: Purpose Specification

TTUHSC El Paso Information Security describes the purpose(s) for which PII is collected, used, maintained, and shared in its privacy notices.

Data/process owners are responsible for describing the purpose(s) for which PII is collected, used maintained, and shared in its privacy notices.

 

All other IT Policies can be found at https://ttuhscep.edu/it/policies/

 

  1. Sanctions Policy
  2. TAC §202.71, §202.74, §202.75, §202.76

 

Revised May 2018