COVID Privacy Statement


The Colorado School of Mines has implemented a COVID-19 health and safety program to protect campus community members based on best practices and guidance from the Federal Government, State, and Local health officials. Under the Oredigger Promise, individuals on campus are asked to comply with measures that may include daily health checks, routine testing, contact tracing, quarantine/isolation and vaccination. (See These activities will generate personal data about students and employees and use of this data requires balancing a need to ensure the public health of the Mines community while respecting the privacy of our individual community members. In general, data related to enrolled students is protected under the Family Educational Rights and Privacy Act (FERPA). Employee data is protected under several state and federal laws enforced by the Equal Employment Opportunity Commission as well as state authorities. Both FERPA and employment regulations allow limited use of student and employee information, including the COVID-19 monitoring data, as needed to promote health and safety.

This document describes the steps Mines will take to protect the privacy of your Covid-19-related health data. Given the rapidly changing nature of the pandemic, implementation of protocols, policies and technologies may change from time to time with relatively short notice – you are encouraged to review this statement for updates regarding use of Covid-19-related data.

Who do these privacy practices apply to?

These privacy practices apply to Colorado School of Mines students and employees. These practices also apply to anyone who is physically on Mines campus including but not limited to Colorado School of Mines Foundation employees, independent contractors, and volunteers.

The Personal Data We Collect and Why

Mines community members will use Mines-supported technology platforms to register for screening, testing, and reporting. We will obtain personal information in the following ways:

  • Health Screening questionnaire. This is a commonly recommended tool and may be implemented from time to time through various platforms.  Only the minimum amount of data will be collected in order to fulfill the goals of maintaining a healthy and safe campus. All data will be deleted or destroyed as soon as the immediate purpose for the questionnaire is achieved (e.g., “allowed/not allowed on campus”) or applicable local or state health requirements are met.
  • COVID Response Initiators Team (CRIT) information. The Mines COVID reporting tool collects your name, email, cell phone, affiliation, your COVID-19 status, name of COVID-19 person exposed to (as applicable), last date on campus, and places visited while on campus. COVID testing data, administered through the third-party CovidCheck Colorado and provided to Mines, collects name, CWID, date of birth, phone number, email, COVID-19 test result, date of testing, and testing location. Personal Data collected through CRIT or CovidCheck Colorado will be used only by Mines’ CRIT, Residence Life, the Student Health Center, and Mines’ personnel performing data analysis to promote campus safety and guide the university’s pandemic response. Your data will be securely destroyed at the end of the required three-year retention period.
  • COVID-19 vaccination information. To achieve a safe return to campus for the 2021-22 academic year and in compliance with the requirements of the Presidential Executive Order and subsequent Safer Federal Workforce Task Force requiring vaccination for all federal contractor employees, Mines requires all students and employees to submit proof of COVID-19 vaccination or a signed COVID-19 vaccine exemption form.  For proof of COVID-19 vaccination, we collect name, CWID, date of vaccination and copy of COVID-19 vaccine card or immunization record.  For vaccine exemptions, we collect name, date of birth, CWID, gender, parent name (if under 18) and relationship to student, and medical contraindications to the vaccine or documentation in support of a religious belief, practice, or observance, as applicable.  This information will be used by Mines to determine an overall vaccination rate for campus that will help determine appropriate safety protocols for campus as a whole, or for specific programs such as athletics. The vaccination and exemption data may be used by Mines’ CRIT as necessary for contact tracing and promoting campus safety, and may also be used to determine eligibility to participate in non-educational programs and activities.  Vaccination and exemption data may be shared with federal, state and local public health agencies tracking immunization rates, to facilitate COVID contact tracing and pandemic response efforts, or as necessary for compliance with applicable federal and state laws, regulations, and orders.  Any disclosures of this data will be consistent with applicable privacy (e.g., FERPA) regulations and Mines will take reasonable precautions to de-identify or aggregate the data before disclosure, where possible.  Student Covid-19 vaccination data will be stored as part of the student’s medical record and subject to the applicable retention period for such data.  Employee COVID-19 vaccination data will be securely stored and retained by Mines until such time it is no longer needed.  Any documentation submitted in support of a medical or religious exemption will be stored and retained pursuant to applicable federal and state law.

Secondary uses of these data are not permitted.

We will only share or disclose Covid-19-related personal data as described below or as required or permitted by law.

Who We Will Share Your Personal Data With

Mines’ shares your personal data internally for legitimate public health needs in support of campus health and safety, and as necessary for compliance with state and federal laws, regulations, and orders.  This may include sharing information with departments such as Human Resources if there is an employee need, Student Health Center for student needs, Residence Life for students living on campus, Mines’ CRIT, as necessary for promoting health and safety on campus, Athletics, and other departments as necessary for university pandemic response efforts or compliance with state and federal laws, regulations, and orders.  Mines will endeavor to provide the least amount of information necessary for the purpose for which it is shared.

Additionally, de-identified or non-sensitive data is used for research purposes, and aggregate data will be used for executive leadership reporting and campus communications, and may be shared with federal, state, and local officials.

Mines may provide your personal data externally to public health officials, as applicable.

How We Protect Your Data

All Covid-19 related health records will be treated as confidential, and measures will be taken to securely handle your data. Personal data will be housed on Mines secured systems with limited access to authorized personnel only. All authorized personnel who have access to your sensitive personal data are trained in privacy and security obligations.

Knowing Your Choices and Rights

For student health information protected under FERPA, please refer to the Mines FERPA policy. Additional FAQ’s around FERPA and COVID-19 have been published by the Student Privacy Policy Office are available here.

Questions or concerns can be directed to the Office of Policy, Compliance, and Risk Management at

Last Updated: November 16, 2021