10.6 MGA Privacy Policy

MGA POLICY NUMBER: Records: 10.6


Added: 12/19/2019
Revised: 12/19/2019
Last Reviewed: 12/16/2019
Effective: 01/19/2020

POLICY: In compliance with Federal and State laws and the policies and procedures of the Board of Regents of the University System of Georgia, Middle Georgia State University (MGA) will take all necessary precautions to maintain privacy expectations and obligations within the sphere of all University operations.


This policy applies to

  • All MGA units
  • All MGA University employees, students, and third parties employed by or doing business with, Middle Georgia State University.

As directed by the USG IT Handbook, the Chief Privacy Officer is responsible for the implementation of and adherence to this privacy policy.

Privacy policies, standards and procedures must be approved by the Chief Privacy Officer. Additional approvals are required for standards and policies. The Functional Data Governance Committee must approve standards. The cabinet must approve policies.


  • Short Title: “Privacy”
  • Original Draft Date: 11/25/19
  • Previous Version: N/A
  • Oversight: Chief Privacy Officer and Legal Counsel

Additional Resources:

  • University System of Georgia Board of Regents Policy Manual: Privacy Policy
  • USG Business Procedures Manual Section 12
  • University System of Georgia Business Records Management and Archives Policies
  • University System of Georgia Board of Regents Policy Manual: Cybersecurity
  • University System of Georgia Board of Regents Policy Manual: Ethics Policy
  • Board of Regents' Academic & Student Affairs Handbook, 3.10 "Social Security Number"
  • University System of Georgia Information Technology Handbook
  • Board of Regents' Information Technology Handbook, 5.15 "Identity Theft Prevention Standard “Red Flags Rule"
  • Federal Privacy Act of 1974
  • Georgia’s Open Records Act O.C.G.A. § 50-18-70
  • Family Education Rights and Privacy Act (FERPA)
  • U.S. Department of Health and Human Services Health Information Probability and Accountability Act (HIPAA)
  • Gramm-Leach-Bliley Act (GLBA)
  • General Data Protection Regulation (GDPR)

Associated MGA Policies and Procedures:

  • MGA Cybersecurity Plan
  • MGA Data Classification Procedures
  • MGA Records Management Policy
  • MGA Data Governance Charter
  • MGA Open Records Procedures
  • MGA FERPA Policy
  • MGA HIPAA Procedures
  • MGA GLBA Standard
  • MGA GDPR Procedures
  • MGA Privacy Standard