Data Privacy

Tufts values privacy.

Together, we all share responsibility for protecting personal information entrusted to us by our students, faculty, colleagues, alumni, donors, and friends. The University has adopted policies and guidelines to support this important work.

Questions about data privacy at Tufts?

Data Privacy Day 2020January 28 is Data Privacy Day!

Data Privacy Day is an international effort to empower individuals and encourage organizations to respect privacy, safeguard data and enable trust.

Learn more about Data Privacy and tips you can use to ensure you are safe online.

Privacy Policies & Statements

Privacy as Information Stewardship. The University’s information stewardship policies provide direction and principles for the use and protection of personal information:

Maintaining Confidentiality and Privacy is one of the University’s Standards of Professional Conduct and Integrity. See Professional Standards.

Online Privacy. For the University’s online privacy practices for tufts.edu and other websites, see the Privacy Statement and Terms and Conditions of Use.

European Economic Area (EEA) and United Kingdom (UK) Privacy. The Global Privacy Statements provide information about how Tufts collects, uses, and otherwise processes personal data and about rights provided under the EEA and UK General Data Protection Regulations (GDPRs).

Student Privacy. The University’s Family Education Rights and Privacy Act (FERPA) Policy is designed to help students and, in some cases, their parents, understand how to access their education records, how to amend them, and, if they wish, how to prevent their disclosure to third parties. Tufts University complies with FERPA through this policy and other school-specific practices. For further information, contact your school’s Registrar.

Alumni Privacy. The Tufts University Alumni Association has adopted the Privacy Policy for Alumni Data.

Additional Information. Additional privacy statements have been prepared by individual University departments and offices and are available directly from them.

Protecting Personal Information

Learn more about protecting personal information

Contact the TTS Information Security team at infosec-team@tufts.edu.

Privacy Laws & Regulations

Among the laws and regulations that protect personal information at Tufts are:

Massachusetts Data Privacy Laws and Regulations and Tufts Policy

  • Protects Sensitive Personal Information (SPI), including Social Security numbers, other government ID numbers, credit and debit card numbers, financial account numbers, and biometric indicators of identity
  • See the Tufts Security and Privacy Program

Family Education Rights and Privacy Act (FERPA)

  • Protects students’ Personally Identifiable Information (PII) in educational records 

Health Insurance Portability and Accountability Act (HIPAA)

  • Protects Protected Health Information (PHI) used by departments covered by HIPAA
  • Information is available from the University’s schools and departments operating as covered entities: the School of Dental Medicine, Medford Health and Wellness, Athletics Training, and Human Resources Benefits Administration

European Economic Area (EEA) and United Kingdom (UK) General Data Protection Regulations (GDPRs)

  • Protects the Personal Data of persons in the EEA and the UK
  • Learn more

Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act (GLBA)

  • Protects consumers’ personal financial information held by financial institutions, including universities who administer loans and other financial aid
  • More information is available in student handbooks and from financial aid offices

The “Red Flag” Rules issued by the Federal Trade Commission pursuant to the Fair and Accurate Credit Transactions Act

Payment Card Industry Data Security Standards (PCI DSS)