Privacy Notice

Towson University is committed to protecting your privacy and personal information.

This privacy statement primarily addresses ways Towson University (鈥淭U鈥) collects and manages both personally identifiable and non-personally identifiable information for users of its various websites and online portals.

TU complies with both federal and state law regarding privacy rights. For example, as a state agency, TU does not create personal records unless there is a legitimate University need for the information. Such records must be relevant to the purposes for which they are collected, be accurate and current, and not be obtained by fraudulent means.

Student Information

TU collects and retains relevant information, including 鈥渆ducation records鈥 as defined under the Family Educational Rights and Privacy Act (20 U.S.C. 搂 1232g; 34 C.F.R. Part 99) (鈥淔ERPA鈥), for both prospective and enrolled students. Its purpose is to further its mission, including providing successful academic opportunities throughout a student鈥檚 academic journey. Students鈥 education records are protected and not disclosed to third parties unless the student consents to the disclosure or a FERPA exception applies. Learn more about . 

General Information

TU鈥檚 websites may collect connection related information such as date and time, IP addresses, location and type of browser. This information is primarily used for analyzing trends, troubleshooting and information security monitoring.

Data Collection Forms

TU鈥檚 websites allow users to do things like request information, opt-in to receive messages/updates, register for events, purchase goods, and complete various tasks. To do so, TU uses electronic forms which collect necessary information, such as first and last name, address, phone number, and email address. This information is provided voluntarily and can be inspected and updated at a user鈥檚 request.

Cookies

TU uses various user-tracking technologies, including cookies, which allow it to collect and analyze user data. Information collected in this way includes how often a user visits a site, where users enter the site (e.g., by clicking on an advertisement or link on another web page), and what actions users take while on TU鈥檚 websites. TU utilizes this aggregate and user-level site data to benchmark performance of websites, to inform marketing strategies, and assist with enrollment related predictive analytics.

Individual web browsers provide instructions on rejecting or deleting cookies. Please note some website pages and applications may not function properly if cookies are rejected or deleted.鈥

Advertising

TU uses display advertising on other websites and search engines which measure performance and user behavior as it relates to those ads. Third parties, such as Google, Facebook, and YouTube, show TU ads to various audiences. These third parties then provide data to TU which helps it evaluate performance and assess user interactions before, during, and after visiting a TU website. To do so, TU places tags or pixels on its websites to capture information and inform interest-based advertising.

Security

Protecting personal information is our priority. TU takes appropriate and necessary actions to safeguard user information and personal records. It employs reasonable practices to help prevent the loss or misuse of data. Learn more about the university鈥檚 data privacy practices

Maryland鈥檚 Public Higher Education Privacy Law

Under Maryland law you have certain rights when it comes to your data.  You have the right to request access to any personally identifiable information (鈥淧II鈥) about you in our Systems of Record. Additionally, you have the right to request correction and or deletion of any of your PII stored in our Systems of Record. Finally, you have the right to ask if your PII was or is currently being shared with a third party.  

To learn more about these rights under Maryland law please review the .

The University has designated the following as 鈥淪ystems of Record:鈥 

  • Human Resources Information System
  • Relationship Management System
  • Student Admissions System
  • Student Information System

For more information see Systems of Record and our Data Privacy Program in support of the Maryland Law.

In addition to the Maryland Higher Education Privacy Law, additional state, national, and international laws may apply to your information such as the following.  

  • COPPA 鈥 Children's Online Privacy Protection Rule
    • COPPA includes certain requirements for operators of websites and/or online services in order to protect the privacy and online safety of children under 13 years of age. The University does not knowingly collect or use PII from children on our website or online services. .
  • GDPR 鈥 General Data Protection Regulation
    • If you are located in the European Economic Area, you may have additional data protection rights under laws and regulations such as GDPR, which requires TU to protect the personal data of EU residents. Protected personal data includes IP address, email address, and other device identifiers. TU is committed to processing personal data in compliance with GDPR. .
  • GLBA 鈥 Gramm-Leach-Bliley Act

Privacy Updates

This statement has been updated as of October 2024. Additional updates will be added to this page. TU reserves the right to revise this statement at any time.

Contact Information/Data Privacy Requests

Requests related to academic records information can be found on the Registrar鈥檚 website.

The University鈥檚 Office of Information Security and Privacy is available to assist with privacy requests for access, correction, deletion, and opting out of sharing with third parties. To initiate your request, please email . Once your request is received and reviewed, you may receive a request to complete a Privacy Request form for additional information. 

For security reasons, any privacy request MUST be made by the data subject (the individual to whom the PII relates) and will be reviewed and verified by the University. Currently, the University does not have the capability to process requests from third parties such as data removal services. Any request not directly made by the data subject will be denied.