Return To Campus Advisor Security & Privacy

Notre Dame takes the responsibility of protecting the University’s data seriously and views the privacy and security of your personal information as an equal responsibility.  The Office of General Counsel and the Office of Information Technologies Information Security team completed a thorough review of the Return to Campus Advisor (RTCA) contract and suite of software to ensure the protection of individuals and the University from legal, security, and privacy risks.

The University provides the RTCA vendor, IBM, with the minimum personal information required to leverage the RTCA while also protecting the University community from COVID-19.  In addition to the symptoms you disclose in the application, the University supplies your name, role, address, and your University NDID (the “9 number”).  IBM follows accepted best practices to secure this information and has an independent audit that confirms those best practices.  

The contract between Notre Dame and IBM governs any use of the data by IBM as noted in the RTCA terms of use.  Notre Dame may request a sample of data from IBM to ensure compliance with those terms of use. IBM may only house Notre Dame’s information for as long as the service agreement remains active. At such time as the service agreement ends, IBM is required to return and/or destroy the data to Notre Dame’s satisfaction.  Notre Dame’s own use of the data in the RTCA is governed by the principles agreed upon by University leadership.

All access to the IBM suite that includes RTCA is protected by multi-factor authentication and undergoes periodic reviews. All health data is encrypted in transmission and in storage. The Return to Campus Advisor service is hosted in IBM’s secure platform to provide the highest standards of privacy and security.