As commercial transactions over the Internet have soared over the past decade, so too have the risks increased to personal data, such as credit card numbers. As a result, the University’s Data Security Task Force has instituted safeguards to protect the safety of personal data. The Task Force, in conjunction with faculty and staff, and headed by Senior Vice President Spiros Demolitsas, has developed an interim policy outlining how departments and individuals are permitted to conduct commercial transactions, and collect credit card information, over the Internet at Georgetown.
The policy applies to any person or department that “sells goods or services, or conducts other business over the Internet with credit or debit card payments or electronic funds transfers.” Examples of such transactions include selling tickets to a campus event, selling published works such as books, or registering for conferences.
However, the policy does not apply to business transactions “where the university purchases goods and services from businesses or other institutions”, such as purchasing office supplies. The policy also does not apply to personal purchases, such as if a person wants to purchase a computer online.
Some of the main points of the policy are:
• If any department, school, or organization at Georgetown wants to conduct business over the Internet, they must first be approved by Treasury Operations and UIS. Once approved, they must use a pre-approved third-party vendor to handle their commercial transactions.
• Any entity conducting business over the Internet is referred to as a “merchant”. The policy outlines merchant responsibilities, and specifies some of the types of Internet transactions a merchant can conduct.
• Internet business activity must be related to the University’s mission and be consistent with (include, but not limited to) the following policies:
o Computer Systems Acceptable Use Policy
o Advertising and Sponsorship Policy
o Intellectual Property/Technology Transfer Policy
o Conflict of Interest Policy
• Failure to comply with the policy can result in suspension of a Merchant ID and University support for the activities.
If you have any questions or concerns about the policy, send e-mail to uispolicy@georgetown.edu.