The MIT Office of Security Operations does collect information outlining the locations, dates, and times where ID cards have been used but this information is held in the strictest of confidence. This data is only stored for 14 days before it erased. Within that 14-day period, information may only be used only in the following ways:
- The MIT Office of Security Operations may use card tracking information to troubleshoot problems with card access security equipment or problems with the ID cards themselves.
- MIT Police may request tracking data as part of a criminal investigation. The MIT Police is the only group that may request such information, and to receive this data, the Chief of the MIT Police must present a signed, written request to the MIT Security Office.
Under no circumstances whatsoever is the Office of Security Operations actively tracking the movements of any individual or group at MIT.
MIT values diversity and strives to promote a workplace of inclusion that welcomes people with varying life experiences. As needed for some employee and volunteer positions, the Institute may conduct a Criminal Offender Record Information (CORI) and will generally follow these practices and procedure.
To prevent unauthorized use of your MIT ID card for building access or purchases, the MIT Office of Security Operations has taken many precautions to protect the data that resides on an MIT ID card. In order to protect you, the MIT Office of Security Operations has instituted:
- Secure card readers and controllers in buildings, on secured lines of communication to the MIT Office of Security Operations;
- Randomly-generated secure access numbers for all ID cards produced (This practice all but eliminates the possibility of generating a working card using reverse engineering techniques. Randomly-generated access ID numbers make predicting the correct information necessary to encode a card next to impossible.);
- Automatic deactivation of old ID cards whenever replacement ID cards are produced.
Recognizing that specific items of information about current and former members of the MIT community must be maintained for institutional purposes, it is MIT policy that such information be collected, maintained, and used by the Institute only for appropriate, necessary, and clearly defined purposes. No data collected by or provided to the MIT Office of Security Operations will be used or exchanged within or outside the MIT community for purposes other than those stated or legitimate purposes that would be reasonably expected. Safeguards are provided to protect personal information against accidental or intentional misuse or improper disclosure within or outside the Institute.
The MIT Police department may request access to specific photo data as part of a criminal investigation. MIT Police is currently the only group that may request such information, and to receive this data, the Chief of the MIT Police must present a signed, written request to the MIT Office of Security Operations.
The Dean for Undergraduate Education has announced the following:
"Your photograph will be used to create your student ID card and will be stored in digital form by the MIT Security Office. It will not be released outside the Institute (except in response to a subpoena or other legal process; in which case, you will be informed, in advance if possible, that such a request has been made). It will not be released within MIT in digital form without the permission of the Dean for Undergraduate Education who may authorize limited and controlled use for academic purposes.
"It will be distributed in hard copy format to: Undergraduate Academic Affairs and your Freshman Advisor during your freshman year; a copy will be attached to your folder which will be forwarded to your department at the end of your first year; the Academic Department in which you are enrolled during your upper-class and graduate years and to faculty teaching subjects you are registered for; Counseling and Student Support for the Dean's office files; your Housemaster if you are a dormitory resident; and you—you are entitled to request a single hard-copy or digital image of yourself.
"You may request that your photograph not be distributed as described above. In that case, it will remain in the MIT Security Office data archive so that your ID card may be replaced as necessary without the need to take another picture but it will not be distributed. A notation that the picture has been removed at your request will appear in the MIT Security Office database instead. Forms for making this request are available when your picture is taken and at the MIT Security Office."
Employees and Others
Your photograph will be used to create your MIT ID card and will be stored in digital form by the MIT Office of Security Operations. It will not be released to anyone within or outside of the Institute without your written permission, except in response to a subpoena or other legal process. In such cases, you will be informed, in advance if possible, that such a request has been made.
The Office of Security Operations works to provide safe work environments to the entire MIT Community. The use of ID cards aids in preventing unauthorized people from accessing MIT property. The Office of Security Operations collects data from the Access Card readers throughout MIT. The data collected details the ID card numbers and locations where the card has been used. This information is kept confidential and is only available for a brief period of time. Within this period, ID card information may be used in the following ways:
The Office of Security Operations and the MIT Card Office may need to use card tracking information to troubleshoot problems with ID card equipment and/or specific ID cards.
At times, it may become necessary to use tracking data during the course of a criminal investigation. MIT Police is the sole entity that may request and use this information in the context of an ongoing investigation. In order to access this information, a written request must be signed and presented by the Chief of MIT Police to the MIT Office of Security Operations.
The cardholder information maintained in the MIT Card database includes: MIT identification number, last name, first name, photo, registration or employment status, department, position or affiliation with the Institute, office address (for employees), and in the case of affiliate ID card holders, date of birth.
All information is absolutely confidential (with the expressed, limited exception of photos–see below) and is acquired directly from the Registrar or Personnel Office or captured directly by the MIT Office of Security Operations. This information is not available to anyone except MIT Office of Security Operations staff. No information about race, religion, nationality, ethnic background, or gender is maintained in the MIT Office of Security Operations database.
MIT is committed to protecting the personal privacy of all members of the MIT community. The Institute believes that the mutual trust and freedom of thought and expression essential to a university rest on a confidence that privacy will be respected. The MIT Office of Security Operations understands the privacy issues raised through the use of modern electronic security systems. Within the context of this technology, the MIT Office of Security Operations is committed to maintaining the privacy and security of each individual member of the MIT community.
To ensure the safety of Institute personnel and resources surrounding the use of MIT vehicles, the Institute has created a Vehicle Use Policy. The policy will govern the use and responsibilities of any person using an MIT vehicle.
In accordance with the Vehicle Use Policy, a motor vehicle request (MVR) check must be done prior to a person being eligible to drive an MIT owned or controlled vehicle. Instructions for obtaining an MVR can be found on the MIT Insurance website, including actions both the DLC administrative person and the individual driver must take. The individual driver must provide authorization for a motor vehicle request.
To ensure the consistent and authorized installation, alteration and export of all video recording devices and/or files.
The scope of this policy shall apply to the installation, control and maintenance of all video recording devices administered and maintained by the MIT Office of Security Operations. Installation of all video recording devices will be for security and law enforcement purposes only, thus preserving the long standing expectation of privacy and dignity for the faculty, students and staff of the Institute.
Applicability and Procedure
The Director of Security of the Massachusetts Institute of Technology (Director) or his designee is the only person authorized to approve the installations, capabilities and/or alterations of video recording devices under the control of the Office of Security Operations. This will include those licensed by the Institute or maintained by outside vendors and/or subcontractors (e.g. ATM machines). Prior to the installation or alteration of a recording device, its components or capabilities, a written request will be submitted outlining any and all work to be performed by an outside contractor to work on such projects. All video recording devices will be programmed to record video for no longer than 14 days cumulative and all audio capabilities will be disabled in accordance with federal and state law. If a request is made for the export of video information, such request will be made to the Director or his Designee in writing. When a request is received every effort will be made by the Office of Security Operations personnel to export and save the requested video until a determination is made by the Director or his Designee that said video meets the criteria of this policy (security and law enforcement purposes only). If the request is deemed not to be in accordance with this policy, said video will be deleted with no further appeal available for its release.