Tulane Temporary Policy on Data Collection for COVID-19 Mitigation

Tulane collects basic transactional data through the wireless internet network (“Wi-Fi”), Splash Card system, and similar University infrastructure in order to enhance contact tracing and better inform the response to COVID-19. Basic transactional data, including location information, helps to identify groups of individuals who may be at greater risk of being exposed to COVID-19,  model how the  virus may be spreading on campus, and act more quickly and effectively to protect the health and safety of our community. Tulane’s use of personally identifiable transactional information for this purpose is limited to the minimum necessary.

The Information We Collect

The Tulane Wi-Fi network is maintained through access points strategically placed to provide coverage to faculty, staff, students, affiliates, and guests across Tulane’s campuses. Tulane collects IP addresses and other device identifiers when devices connect to or disconnect from Wi-Fi access points. The device authentication process allows Tulane to recognize and classify devices according to family (e.g., Apple) and type (e.g., personal computers, tablets, and smart phones). Username and timestamp data may also be collected when devices are linked to Wi-Fi access points. This information is collected through an automatic process.

Tulane faculty, students, staff, and guests who will be on campus for more than one week are required to carry campus identification cards (“Splash Cards”) and must authenticate them when accessing certain facilities. Splash Cards may also be used to purchase food, books, and other items at designated locations. The following information may be collected through Splash Card taps, swipes, and similar interactions: activity type (e.g., regular entry, guest entry, door access); timestamp (date and time); activity location (building or facility); and activity point (specific location within building or facility). This information is collected through an automatic process.

How We Use This Information

The basic transactional data Tulane collects cannot be used to determine or predict any individual’s precise location.  When a device has accessed multiple Wi-Fi access points, the physical locations of these access points may be collected to approximate the device’s movements within a specified timeframe. This data can help to identify devices (and associated user accounts) that may have a higher likelihood of coming into close proximity with an individual who has tested positive for COVID-19. Splash Card data, similarly, can enhance contact tracing by looking at card activities as one possible indication of recent social interactions.

Transactional data is intended to supplement, not replace traditional methods of contact tracing, such as interviews with individuals who have tested positive. Because this data is limited and imprecise, the use of Wi-Fi or a Splash Card does not ensure that the associated user will always be notified of a potential exposure. The use of Wi-Fi and Splash Cards is not a substitute for compliance with contact tracing and testing procedures. For more information of Tulane’s contact tracing protocols, please visit the Testing and Tracing page.

Aggregated transactional data helps to model how the virus is spreading within the campus community, identify broad categories of individuals who may be at greater risk based on these dynamics, and utilize testing and compliance resources in a more efficient and effective manner. Transactional data may be integrated with other personally identifiable (e.g., academic programs, residence halls, Greek life, etc.) or deidentified data to make the analysis of transmission more reliable and strengthen overall COVID-19 mitigation efforts.

How We Share This Information

During the COVID-19 pandemic, access to transactional data will be limited to those with a need to know for contact tracing, to study how the virus may be spreading, and identifying risks exposure as part of and to inform Tulane’s pandemic responses and consistent with Information Technology’s policies and guidelines. Tulane will periodically evaluate the effectiveness of this policy as the pandemic evolves. Once the COVID-19 pandemic ends, Tulane will no longer collect data as described in this temporary policy for COVID-19 mitigation.

Contact tracers do not disclose the identity of the individual who has tested positive when notifying others of potential exposure. Tulane does not disclose your transactional data without your consent unless necessary for a legitimate health and safety reason or required by law.

In some circumstances, Tulane’s technology vendors may have incidental access to transactional information, but such access is strictly limited to the performance of services as authorized by Tulane. Tulane vets the data privacy practices of its web service and other technology vendors for appropriate safeguards and requires that all personally identifiable information be maintained as confidential.

How We Manage This Information

Tulane maintains appropriate physical and technological safeguards against the inadvertent disclosure of location data. For more information on Tulane’s privacy practices, please refer to the Privacy Notice and Privacy Policy for Data Protected by the European Union General Data Protection Regulation.