These privacy practices apply to Colorado School of Mines students and employees. These practices also apply to anyone who is physically on Mines campus including but not limited to Colorado School of Mines Foundation employees, independent contractors, and volunteers.

Mines community members will use Mines-supported technology platforms to register for screening, testing, and reporting. We will obtain personal information in the following ways:

• Health Screening questionnaire. This is a commonly recommended tool and may be implemented from time to time through various platforms.  Only the minimum amount of data will be collected in order to fulfill the goals of maintaining a healthy and safe campus. All data will be deleted or destroyed as soon as the immediate purpose for the questionnaire is achieved (e.g., “allowed/not allowed on campus”) or applicable local or state health requirements are met.
• COVID Response Initiators Team (CRIT) information. The Mines COVID reporting tool collects your name, email, cell phone, affiliation, your COVID-19 status, name of COVID-19 person exposed to (as applicable), last date on campus, and places visited while on campus. COVID testing data, administered through the third-party CovidCheck Colorado and provided to Mines, collects name, CWID, date of birth, phone number, email, COVID-19 test result, date of testing, and testing location. Personal Data collected through CRIT or CovidCheck Colorado will be used only by Mines’ CRIT, Residence Life, the Student Health Center, and Mines’ personnel performing data analysis to promote campus safety and guide the university’s pandemic response. Your data will be securely destroyed at the end of the required three-year retention period.
• COVID-19 vaccination information. To achieve a safe return to campus for the 2021-22 academic year and in compliance with the requirements of the Presidential Executive Order and subsequent Safer Federal Workforce Task Force requiring vaccination for all federal contractor employees, Mines requires all students and employees to submit proof of COVID-19 vaccination or a signed COVID-19 vaccine exemption form.  For proof of COVID-19 vaccination, we collect name, CWID, date of vaccination and copy of COVID-19 vaccine card or immunization record.  For vaccine exemptions, we collect name, date of birth, CWID, gender, parent name (if under 18) and relationship to student, and medical contraindications to the vaccine or documentation in support of a religious belief, practice, or observance, as applicable.  This information will be used by Mines to determine an overall vaccination rate for campus that will help determine appropriate safety protocols for campus as a whole, or for specific programs such as athletics. The vaccination and exemption data may be used by Mines’ CRIT as necessary for contact tracing and promoting campus safety, and may also be used to determine eligibility to participate in non-educational programs and activities.  Vaccination and exemption data may be shared with federal, state and local public health agencies tracking immunization rates, to facilitate COVID contact tracing and pandemic response efforts, or as necessary for compliance with applicable federal and state laws, regulations, and orders.  Any disclosures of this data will be consistent with applicable privacy (e.g., FERPA) regulations and Mines will take reasonable precautions to de-identify or aggregate the data before disclosure, where possible.  Student Covid-19 vaccination data will be stored as part of the student’s medical record and subject to the applicable retention period for such data.  Employee COVID-19 vaccination data will be securely stored and retained by Mines until such time it is no longer needed.  Any documentation submitted in support of a medical or religious exemption will be stored and retained pursuant to applicable federal and state law.

Secondary uses of these data are not permitted.

We will only share or disclose Covid-19-related personal data as described below or as required or permitted by law.

Mines’ shares your personal data internally for legitimate public health needs in support of campus health and safety, and as necessary for compliance with state and federal laws, regulations, and orders.  This may include sharing information with departments such as Human Resources if there is an employee need, Student Health Center for student needs, Residence Life for students living on campus, Mines’ CRIT, as necessary for promoting health and safety on campus, Athletics, and other departments as necessary for university pandemic response efforts or compliance with state and federal laws, regulations, and orders.  Mines will endeavor to provide the least amount of information necessary for the purpose for which it is shared.

Additionally, de-identified or non-sensitive data is used for research purposes, and aggregate data will be used for executive leadership reporting and campus communications, and may be shared with federal, state, and local officials.

Mines may provide your personal data externally to public health officials, as applicable.

All Covid-19 related health records will be treated as confidential, and measures will be taken to securely handle your data. Personal data will be housed on Mines secured systems with limited access to authorized personnel only. All authorized personnel who have access to your sensitive personal data are trained in privacy and security obligations.

For student health information protected under FERPA, please refer to the Mines FERPA policy. Additional FAQ’s around FERPA and COVID-19 have been published by the Student Privacy Policy Office are available here.

Questions or concerns can be directed to the Office of Policy, Compliance, and Risk Management at privacy@mines.edu.