Compliance Chatter

Privacy Considerations When Purchasing Software

Protecting data and complying with the Family Educational Rights and Privacy Act (FERPA) are top priorities for UConn. That’s why we must be cautious when purchasing software and cloud services, especially those that handle student data and information. 

Use HuskyBuy to Purchase Software and Cloud Services

Employees should request software and cloud service purchases through HuskyBuy rather than making these purchases on University pro-cards to ensure UConn signs a service agreement with the provider. This allows UConn to exercise control over our data that will be shared with the platform, especially student data. 


Purchases made with University pro-cards do not require a service agreement, so UConn cannot control how the provider will use, share, and store the data.
UCONN'S SOFTWARE PURCHASING PROCEDURES
HOW TO REQUEST NEW SUPPLIERS IN HUSKYBUY

Consider This Example

A UConn department plans to use an email platform like Constant Contact to communicate with students. The platform requires access to student email addresses - considered non-directory student information protected under FERPA (read more about directory and non-directory information).


If the email platform subscription is purchased by the department on a University pro-card, no service agreement is created between UConn and the provider.


Without a service agreement in place, the provider may use, share, and store the student data according to their own practices without adhering to UConn's requirements and those set forth by FERPA.


The department should instead request the purchase through HuskyBuy. 

UConn Business Services (UBS)

For questions, or more information about the purchase of software or cloud services, contact UConn Business Services.
CONTACT UBS

Have an idea for a future Compliance Chatter topic?
SHARE YOUR IDEA WITH US

REPORT A CONCERN

CONTACT US

CONNECT ON LINKEDIN