Acceptable Use Policy Statement of Expanded Use of Data during COVID-19
Duke University has long placed high value on the privacy of personal information, including that in electronic form, as described in Duke’s Acceptable Use Policy (AUP). On occasion, Duke determines that a review of information records is necessary to support campus health and safety. To best monitor the health of our community during the COVID-19 pandemic, we are giving notice of temporarily expanded use of electronic information and other institutional data to support symptom monitoring, pandemic testing, and contact tracing, all as part of Duke’s pandemic response (further stated in the Duke Compact. This information includes location data collected in Duke facilities and self-reported symptom monitoring information. Expanded access to these data will be strictly limited to those with a need to know for pandemic response including Employee Occupational Health and Wellness, Student Health, and others as explicitly authorized under Duke’s Acceptable Use Policy.
These expanded data uses are temporary, and will be limited to the end of 2021.
To maintain transparency, details about data use and access will be disclosed to and discussed with the University’s Information Technology Advisory Council, our primary voice of faculty and student governance over information technology issues. Specific examples of data use will be made available on the Duke United website.
1. What type of data will be collected and used as part of Duke’s pandemic response?
Duke already manages enterprise data in support of campus operations. These data sources include:
- Access data (DukeCard access to Duke buildings and parking facilities)
- Duke WiFi data which can associate wireless access points to the phone or computer a user connects to, and the building location of that access point
- Financial transaction locations (DukeCard transactions at stores and dining locations)
- On campus housing assignments
- Class roster assignments
- COVID vaccine status
Additionally, as described in the privacy notices posted on technologies used for collection of symptom monitoring information, Duke will collect responses from symptom monitoring surveys for Duke employees and students.
2. What expanded uses will be made of this data?
Beyond its normal operations, Duke will use this data to support Duke’s COVID-19 response efforts primarily in the form of:
- Symptom monitoring and Duke Compact compliance
- Contact tracing initiated by Employee Occupational Health and Wellness (EOHW) or Student Health
- Building density modeling
- Data modeling for asymptomatic pool testing
- Aggregate trend reporting on positive test, and temporary isolation numbers
- COVID vaccine compliance and outreach
3. How will the data be protected?
The data will be protected in accordance with the IT Security Office’s standards for Sensitive data.