(a) Each institution of higher education must protect the privacy and personal identifying information of members of the public who provide or receive information from or through the institution of higher education website.
(b) Each institution of higher education must publish a privacy notice that describes applicable provisions of its privacy policy on its home page and all key public entry points or its site policies page.
(c) The privacy notice:
(1) Must describe the practices employed by the institution of higher education to protect personal identifying information.
(2) Must conform to requirements of Chapters 552 and 559, Texas Government Code.
(3) Must be consistent with the State Website Linking and Privacy Policy published on the Department's website.
(d) Prior to providing access to information or services on a state website that requires personal identifying information, each institution of higher education must conduct a transaction risk assessment, and implement appropriate privacy and security safeguards that conform to requirements of Chapter 202 of this title.
(e) Any web based form on an institution of higher education's website that requests information from the public must have a link to the institution of higher education's website privacy notice.
(f) Web pages designed for children must comply with all applicable federal and state laws, including provisions of the Children's Online Privacy Protection Act of 1998 and Texas Penal Code Chapter 33, intended to protect minors.
Source Note: The provisions of this §206.72 adopted to be effective March 7, 2012, 37 TexReg 1487; amended to be effective February 15, 2018, 43 TexReg 753