OVERVIEW

Lake Forest College values the privacy and confidentiality of its community members' personal information. The College is committed to upholding essential privacy practices, ensuring that personal data is collected, stored, and accessed responsibly, and is only available to authorized individuals for legitimate purposes. This policy establishes guidelines for managing access to user mailboxes, handling data requests, and protecting information gathered from the College website.

1. PURPOSE

The purpose of this Data Privacy Policy is to establish clear guidelines for the responsible handling, access, and protection of personal information at Lake Forest College. This policy aims to uphold individual privacy rights, ensure compliance with applicable regulations, and support transparency in data handling practices.

2. SCOPE

This policy applies to anyone who provides or has previously provided personal information to Lake Forest College, who authorizes Lake Forest College to obtain data from third parties (e.g., Common Application), or who accesses Lake Forest College IT systems.

3. GENERAL DATA COLLECTION AND USE

3.1 Lake Forest College collects data for a number of legitimate purposes, including:

• To enhance site functionality and service delivery or analyze patterns of access and use
• To fulfill requests for specific products or services, address inquiries, or offer support
• For internal marketing efforts, such as sending information and updates we believe may be of interest through newsletters and other communications
• For investigating incidents involving information security and data protection
• To review, refine, and improve our content, applications, and services
• To support the development of new content, applications, and services
• To comply with legal obligations or protect property rights

3.2 Voluntarily Provided Data: Prospective students, including those applying for admission or financial aid, voluntarily provide personal information, sometimes through online forms, that the College uses to evaluate applications, communicate about programs and events, and provide relevant resources. This data may include personal identifiers, contact information, and academic interests. This data is stored securely and used solely for legitimate purposes. By voluntarily sharing information with the College, prospective, currently or previously enrolled students consent to its use for legitimate purposes such as fulfilling contractual or regulatory obligations, processing financial aid, supporting programming, mandatory reporting, or research.

3.3 Employee and Volunteer Data: Lake Forest College collects, stores, and uses personal information about employees and volunteers to fulfill contractual obligations, comply with applicable laws, support reporting and research, and conduct internal audits. Staff involved in processing benefits and fulfilling employment obligations may have access to Protected Health Information (PHI), which will be managed to ensure privacy and security. Criminal, work history, and education background checks are conditions of continued employment at Lake Forest College.

3.4 Alumni, Donors, and Friends of the College: Lake Forest College’s Advancement division may collect and use personal information of alumni, donors, and friends of the College to support outreach, fundraising, and alumni relations activities. Personal information collected for these purposes is securely maintained and used only to further the College’s mission and maintain connections with its community. The following types of personal information may be collected, used, stored, or transferred between College systems or third party vendors with which the College maintains contracts for services:

• Contact and Personal Details – including addresses, phone numbers, email addresses, and social media profiles
• Demographic Data – such as names, gender, birth and death dates, photographs, religious affiliation, and ethnicity (religious and ethnic data are collected only if voluntarily provided)
• Academic Information from Lake Forest College Records – including degrees earned, majors, athletic involvement, honors, clubs, and other activities
• Employment Details – such as company names, job titles, and industry information
• Family Data – including spouse or partner names, names and birth dates of children, and other family relationships
• Alumni Engagement – including event participation, volunteer interests, organizational memberships, committee roles, awards, and recognitions
• Donor Contributions – details on donations, including wealth assessments and indicators of interest in supporting the College
• Analytical Data – aggregated information on website interactions, social media engagement, and email marketing responses

Lake Forest College values its lasting relationships with alumni, donors, and friends of the College. Accordingly, we maintain records to support ongoing engagement, unless you inform us that you no longer wish to receive communications. You may update your communication preferences at any time by contacting the Office of Advancement.

4. WEBSITE PRACTICES

4.1 Website Visitors: Lake Forest College utilizes Google Analytics to understand website usage patterns, guide content creation, improve accessibility or otherwise enhance the user experience, analyze traffic, and support digital marketing efforts. Analytical information generated by Google Analytics will be transmitted to and stored by Google and will be subject to Google’s privacy policies. Users who wish to opt out of Google Analytics may install the Google Analytics Opt-out Browser Add-on. This tool, available for most browsers, prevents Google Analytics from collecting data about their visits. Additionally, users can adjust their browser settings to block cookies, which can also limit data collection, though this may affect other website functionalities.

4.2 Online Forms and Site Activity: Data collected through online forms, including name, contact information, and academic interests, is stored securely and used for legitimate College purposes. The College website collects site activity data, including IP addresses, through cookies, tracking pixels, and data logs. This information is used to improve website functionality and analyze usage patterns.

4.3 Social Media, Digital Marketing, and Analytics: Lake Forest College uses social media platforms and digital marketing tools to communicate with prospective and current students, alumni, and the public. Data from these platforms is used for outreach and engagement and to analyze the effectiveness of marketing efforts. Digital marketing analytics may involve tracking user engagement and preferences but will not link individual identities to data collected without consent.

4.4 “Do Not Track” Disclosure: Due to frequent changes in technology, the College’s website may not always respond to “Do Not Track” signals from browsers. Visitors should adjust their browser settings if they wish to control data sharing through cookies.

5. DATA PROTECTION AND SECURITY

5.1 Information Security Practices: Lake Forest College employs comprehensive security measures to protect personal information against unauthorized access, alteration, or disclosure. Sensitive data is encrypted in transit and at rest, and access to personal information is restricted to authorized personnel with access appropriate to their job responsibilities. For more information, members of the College community may consult our Information Security Policy for more details. Certain activities conducted at Lake Forest College are subject to the Gramm-Leach-Bliley Act (GLBA) Safeguards Rule, which requires institutions handling non-public customer information to adopt an Information Security Program and develop, implement, and maintain safeguards to protect the security, confidentiality, and integrity of customer financial records and related non-public personally identifiable financial information. For more details, please see the College’s GLBA Compliance Policy.

5.2 Data Retention and Review: The College retains personal data only for as long as necessary to fulfill the purpose for which it was collected or as required by law. Data is reviewed periodically to ensure compliance with data retention policies and purged when no longer needed.

5.3 Third-Party Access and Disclosure: Lake Forest College may share information with third-party service providers to support its academic mission and operational needs. These providers are selected based on their ability to maintain adequate data protection standards. Information shared with third parties is limited to that which is necessary to fulfill the College’s mission and responsibilities. Contracts with service providers include safeguards to ensure compliance with data protection requirements.

6. DATA PRIVACY COMPLIANCE

6.1 Compliance with Privacy Laws: Lake Forest College adheres to federal regulations such as FERPA and COPPA, and international standards like the General Data Protection Regulation (GDPR) for applicable users as follows:

6.1.1 COPPA Compliance: The Children's Online Privacy Protection Act (COPPA) is a U.S. federal law designed to protect the privacy of children under the age of 13. COPPA imposes specific requirements on operators of websites, online services, and mobile apps that are directed at children under 13 or that knowingly collect personal information from children under 13. In alignment with COPPA, it is the College’s policy not to knowingly collect or retain personally identifiable information from individuals under the age of 13. If you are under 13, please do not provide any personally identifiable information through this site. If you are a parent or guardian of a child under 13 who has submitted personal information, contact us promptly using the information provided below, and we will remove this information from our records.

6.1.2 FERPA Compliance: The Family Educational Rights and Privacy Act (FERPA) is a U.S. federal law that protects the privacy of student education records. FERPA grants students certain rights regarding their education records, including the right to access their records, the right to request corrections to inaccurate or misleading information, and the right to control certain disclosures of their records. In alignment with FERPA, Lake Forest College requires consent from students before disclosing personally identifiable information from their education records, except in situations permitted by law, such as disclosures to College officials with legitimate educational interests, in response to lawful subpoenas, or for financial aid purposes. The College collects, uses, stores, and transfers student data as needed to fulfill academic and legal obligations while maintaining FERPA compliance. Student medical records, maintained by the Health & Wellness Center, are classified as Protected Health Information (PHI), treated as confidential, and will not be disclosed without written consent, except as allowed by law.

6.2 European Citizens and GDPR: Individuals residing in the European Union are entitled to General Data Protection Regulation (GDPR) protections and may exercise their rights to data access, rectification, deletion, and restriction of processing. Lake Forest College will respond to requests under GDPR as appropriate and may transfer data to secure servers in the United States for processing. Send specific GDPR requests to Information Technology Services (ITS) at servicedesk@lakeforest.edu.

6.3 Transfer of Data: Lake Forest College stores data on secure servers principally located within the United States, either on-campus or through third party cloud-hosted services. Individuals accessing or submitting personal data from locations outside the United States should be aware that their data will almost assuredly be transmitted to and maintained on servers located within the United States. By providing personal data to the College, individuals consent to its transfer, storage, processing, and use within the United States in accordance with applicable data protection standards.

7. USER RIGHTS AND OPT-OUT OPTIONS

7.1 Data Access and Correction: Individuals may request access to their personal data and request corrections to any inaccuracies. Requests should be directed to Information Technology Services (ITS) at servicedesk@lakeforest.edu.

7.2 Opt-Out of Data Collection: Users may opt out of specific data collection methods by adjusting browser settings to disable cookies or by contacting the College to limit the use of personal information. Requests may be sent to servicedesk@lakeforest.edu.

7.3 Opt-Out of Marketing Communications: Community members may request to be removed from marketing communications by following the unsubscribe instructions in digital communications or by contacting the Office of Communication & Marketing.

7.4 Contact Information for Privacy Inquiries: Individuals with questions regarding their data privacy rights or concerns about this policy may send questions or concerns to servicedesk@lakeforest.edu.

8. DATA OWNERSHIP AND ACCESS REQUESTS

In addition to the general privacy guidelines outlined above, the following provisions specifically apply to the personal data of Lake Forest College employees:

8.1 Data Ownership: Data created by employees is considered College property unless other individual employment contract terms applying to an individual override this policy. This data includes files created and email messages transmitted or received in the course of performing their job duties. Employee data is utilized to meet contractual employment obligations and to comply with any applicable legal requirements.

8.2 Voluntarily Provided Employee Data: Employees may at times volunteer sensitive information, such as race or ethnic origin, which may be used to support specific programming interests, for reporting, research, or internal audits. By voluntarily providing this information, employees consent to its use for these purposes by the College.

8.3 Employee Health Information: In the course of performing their duties, Human Resources or other College staff with related responsibilities may require access to Protected Health Information (PHI) to process benefits or fulfill other employment-related contractual obligations. All PHI, whether spoken, written, photographic, or electronic, will be handled in a manner that safeguards its privacy and security.

8.4 Access Requests by Supervisors: Supervisors may request access to a current or former employee’s files or email if such access is deemed necessary for business continuity or operational purposes. Such access requests must be approved by the department’s Vice President, the Associate Vice President of Human Resources (AVP-HR), and the Vice President for Information Technology and Chief Information Officer (VPIT/CIO).

8.5 Access to Student Mailboxes: Access to student files or email is strictly regulated and must be for legitimate reasons, such as to comply with a request from law enforcement, satisfy a court order, to protect the health or safety of other members of the College community, or to investigate violations of College policy. Any request for access to a student’s files or email must be authorized by both the Vice President of Campus Life (VP-CL) and the VPIT/CIO, to ensure that access complies with privacy and data protection standards.

8.6 Access to a Deceased Individual’s Mailbox: In the event of an individual’s death, access to their files or email may be granted under limited and legitimate circumstances, such as the need to retrieve essential information relevant to College operations. Access requests for a deceased faculty or staff member’s mailbox must be approved by the AVP-HR and the VPIT/CIO. For student mailboxes, access requests must be jointly approved by the VP-CL and the VPIT/CIO.

RELATED POLICIES:

• GLBA Compliance Policy
• Information Security Policy

Document Control: