Employee Privacy and Responsibilities
The Privacy Program is grounded in our privacy principles and rooted in regulation. Each faculty and staff member has a crucial role to play in protecting the privacy of our university community members.
Follow Policies and Laws
A key aspect of working at Ohio State is reading, understanding and incorporating the Ohio State privacy principles into your work. The privacy principles are important because they summarize Ohio State’s commitment to key areas of privacy such as notice, choice and access. Ohio State also has several guidelines related to data privacy. For example, if part of your work has you thinking about texting faculty, staff or students, be sure to follow Ohio State’s texting guidelines and be familiar with our SMS terms and conditions.
You may also work in an area of the university where your job requires your knowledge and commitment to following laws and Ohio State policies related to data privacy such as FERPA, HIPAA and the TCPA. If your job requires it, you will receive training about various laws, regulations and university policies such as FERPA, HIPAA and the Institutional Data Policy. Make sure to complete these trainings carefully and incorporate what you learn into you daily work.
Know What is Considered Public Records
As a state-supported institution, Ohio State is subject to Ohio’s Public Records Act also known as Ohio Sunshine Laws. These laws are in place to promote transparency by providing public access to records that document public businesses. The overall idea is that Ohio State holds public records in trust for the people we serve. Ohio State has a Public Records Policy to help facilitate our compliance with public records laws.
As an employee of Ohio State, information about you may be subject to release under Ohio’s Public Records act. Some information that you may expect to be private is not necessarily private due to public records laws in place to promote transparency in government. For example, your job application and annual reviews are considered public records and may be released in whole or in part subject to a public records request. There are exceptions to Ohio’s Public Records act. One exception for example, is Ohio State removing social security numbers from a record before it is released to protect constitutional privacy rights.
Another example of public records is what you put in your email. Email sent related to Ohio State business are also subject to public records requests. Therefore, you should be careful to be professional in your emails knowing that these may be made public at some point in the future. Again, there are exceptions where Ohio State may redact limited information from emails in compliance with the public records laws, but be aware how these laws may affect your privacy while working at OSU.
Ohio State has a process for releasing public records that balances employee privacy with the legal requirements of public records laws. If you have any questions about public records requests and how it relates to working at Ohio State, contact the Public Records Office.
Understand Your Activities May Be Monitored
As an employee at Ohio State, your activities may be monitored as part of Ohio State’s overall work in data and physical security. Ohio State has data security and physical security policies and practices consistent with industry standards.
Industry standards in information security include monitoring Ohio State information systems to detect potential threats affecting the security of Ohio State’s information. This monitoring may include collecting and reviewing logs of user activity as well as keeping logs of wireless activity to detect high risk behaviors.
Industry standards in physical security involves the use of cameras across campus and in some public spaces in the hospital. These cameras are in place for the greater good of protecting the physical safety of our faculty staff and students. Use of such cameras follow Ohio State’s privacy principles while balancing the need for public safety throughout the university.
Understand the Confidentiality of Your Medical Information
As a faculty or staff member, you may be required to give information to your employer about your health conditions if you need to take advantage of Family Medical Leave Act (FMLA). Under the FMLA, confidentiality of medical information is a right and information may be shared for limited purposes. To learn more about medical documentation and employment, check out the Family and Medical Leave FAQ (PDF) document.
Many employees have questions about the Health Plan’s wellness program. You can read more about privacy and your participation in Your Plan for Health on the wellness program website. Overall, identifying medical information that you provide to participate in the wellness program is not provided to your supervisors or managers and will never be used to make decisions about your employment.
Faculty and staff members can learn more about the university's response to COVID-19 on the Safe and Healthy Buckeyes website.