The university is required to comply with the Arkansas Freedom of Information Act
(FOIA) (Ark. Code Ann. § 25-19-101 et seq.) and may be required to disclosure records
maintained in the daily operations of the university unless such records are exempt
from disclosure under federal or state law. Therefore, some data collected through
university websites may be subject to disclosure upon receipt of a valid FOIA request.
Additionally, at times, the university may be legally required to disclose information
collected through university websites in response to a valid subpoena or court order
or to comply with a legally permitted inquiry by a governmental agency.
Subject to governing law and other applicable university policies, the university
reserves the right to disclose information collected on its websites to governmental
authorities in connection with suspected unlawful activity or to aid an investigation
into suspected unlawful activity. In addition, the university reserves the right to
release information collected on university websites to appropriate governmental authorities
if university officials determine, in their sole judgement, that university policies
have been violated, or that release of information is necessary to protect the rights,
health, safety or property of persons or the university to protect the integrity of
university computer networks. Further, the university reserves the right to disclose
information as university officials believe necessary to exercise the university’s
legal rights, to defend against actual or potential legal claims, or as otherwise
permitted or required by university policy.
The European Union General Data Protection Regulation (GDPR) places additional obligations
on organizations that control or process personally identifiable information about
people in the European Union. Some UAFS activities may be covered by the GDPR, and
the University has updated its policies on how it collects, stores, and processes
certain types of data. Further details, as well as a description of protective measures
undertaken by the University, data retention, and breach notification are available
in the campus GDPR policy.