Data Privacy

Tufts places a high value on privacy.

Together, we all share responsibility for protecting personal information entrusted to us by our students, faculty, colleagues, alumni, donors, and friends. The University has adopted policies and guidelines to support this important work.

Questions about data privacy at Tufts?

Privacy Policies & Statements

Privacy as Information Stewardship. The University’s information stewardship policies provide direction and principles for the use and protection of personal information:

Maintaining Confidentiality and Privacy is one of the University’s Standards of Professional Conduct and Integrity. See Professional Standards.

Online Privacy. For the University’s online privacy practices for tufts.edu and other websites, see the Privacy Statement and Terms and Conditions of Use.

European Economic Area (EEA) Privacy. The EEA Privacy Statements provide information about how Tufts collects, uses, and otherwise processes personal data and about rights provided under the General Data Protection Regulation (GDPR).

Student Privacy. Policies under the Family Education Rights and Privacy Act (FERPA) may be found at:

Alumni Privacy. The Tufts University Alumni Association has adopted the Privacy Policy for Alumni Data.

Additional Information. Additional privacy statements have been prepared by individual University departments and offices and are available directly from them.

Protecting Personal Information

Learn more about protecting personal information

Contact the TTS Information Security team at infosec-team@tufts.edu.

Privacy Laws & Regulations

Among the laws and regulations that protect personal information at Tufts are:

Massachusetts Data Privacy Laws and Regulations and Tufts Policy

  • Protects Sensitive Personal Information (SPI), including Social Security numbers, other government ID numbers, credit and debit card numbers, financial account numbers, and biometric indicators of identity
  • See the Tufts Security and Privacy Program

Family Education Rights and Privacy Act (FERPA)

  • Protects students’ Personally Identifiable Information (PII) in educational records 
  • See the links above for each school’s FERPA Policy

Health Insurance Portability and Accountability Act (HIPAA)

  • Protects Protected Health Information (PHI) used by departments covered by HIPAA
  • Information is available from the University’s schools and departments operating as covered entities: the School of Dental Medicine, Medford Health and Wellness, Athletics Training, and Human Resources Benefits Administration

European Economic Area (EEA) General Data Protection Regulation (GDPR)

  • Protects the Personal Data of persons in the EEA
  • Learn more

Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act (GLBA)

  • Protects consumers’ personal financial information held by financial institutions, including universities who administer loans and other financial aid
  • More information is available in student handbooks and from financial aid offices

The “Red Flag” Rules issued by the Federal Trade Commission pursuant to the Fair and Accurate Credit Transactions Act

Payment Card Industry Data Security Standards (PCI DSS)

Did you find what you were looking for on this webpage?