Topics Map > UW-Madison > Cybersecurity > Privacy

UW-Madison - IT - Collection of Personal Identity Information via Email Policy

Applies to UW-Madison faculty, staff, and contractors who are collecting information. Also relevant to alumni, applicants, parents, students, or anyone else from whom information is collected.


UW-Madison units and contractors may not collect personal identity information including restricted information and passwords via email.


Phishing scams continue to be a problem at UW-Madison. Despite various information security awareness programs, a significant number of students and staff still disclose personal financial or identity information in response to fraudulent emails and web sites.

The CIO's Office, in conjunction with a working group of the Madison Technical Advisory Group (MTAG), has put systems in place to minimize the risks associated with phishing scams. Part of the challenge, though, is that the phishing attempts often look like legitimate communications, with senders posing as University departments or other official businesses.

Awareness and education are critically important in our efforts to protect the UW-Madison community from phishing scams. We cannot tell campus users it's not okay to disclose their identity information in some places, but that it's okay to do it for the University. Not only does this send a mixed message, but it overlooks the fact that email scams can so convincingly spoof our efforts.

After coordinating with several campus leadership groups, the CIO's office has released a promotional campaign that informs the UW-Madison community that "The UW won't ask you to reveal personal identity information via email." (See:


Issued by the UW-Madison Vice Provost for Information Technology.


Failure to comply may result in disciplinary action up to and including termination of employment.


Please address questions or comments to


Effective:   Feb 11, 2009
Revised:    June 29, 2009
Reviewed:  Oct, 2017
Review in: Two years
Maintained by: Office of the CIO, IT Policy

History at:
Reference at:

Text in italics is not part of the official text. Please link to this page when referring to this document.

Keywords:policies definitions policy requirements definition requirement requirements, administrators faculty it-security-staff it-staff managers administration information-technology security, cloud-services security cloud cybersecurity, collection, education-and-training privacy education awareness training seta restricted-data restricted pii cioDoc ID:59199
Owner:Sara T.Group:IT Policy
Created:2015-12-29 13:18 CSTUpdated:2019-01-25 13:35 CST
Sites:IT Policy
Feedback:  2   0