Policy for Departmental and Organizational Websites

Information Technology maintains web servers that may be used by departments, programs, institutes, and other entities, for publishing information and creating applications on the web. Departmental web managers are responsible for creating content that meets web usability and accessibility standards, ensuring the accuracy and timeliness of the information presented, publishing pages that represent professional design and quality, ensuring that web materials comply with university policy and copyright, privacy, information security, intellectual property, and libel laws, and responding to inquiries and comments directed at the published material.

Anyone maintaining websites must be aware of web standards which support usability and accessibility. Departmental web editors are responsible for making certain types of adaptations in the design of their web content.

W&M departments have a responsibility to create websites that positively represent the university while safeguarding the privacy of any data they collect via web forms. If a website collects personally identifiable information the site must disclose to the end-user the purpose of the collection and how the data will be used. Furthermore, the data cannot be used for any other purposes other than the stated purpose on the website. In certain instances, secure connections (https:) are required. Please [[support,contact IT]] if your department is unsure about the acceptability of particular web applications, or to consult about the most secure way to collect and maintain data on the web. If directed, IT may delete or make inaccessible files that contain material that is in violation of state and federal law or W&M policy.

The following are not permissible uses of W&M web space:

  • Departments must not collect, store or present any sensitive or personally identifiable information without prior approval by the Director of Information Security in the Department of Information Technology. For a detailed definition of sensitive and/or personally identifiable information please reference the university's Data Classification and Protection Policy.
  • Departmental webpages cannot be used for commercial, non-university purposes. They cannot be for the personal or private gain of an individual or group of individuals promoting a private or commercial cause.
  • Credit card transactions are not permitted on any web servers maintained by Information Technology. Specifically, departments are not permitted to collect credit card numbers for payments via a webpage or form. The current W&M web environment cannot securely store and protect credit card customers and companies. Departments should contact the Director of Information Security in the Department of Information Technology if online credit card transactions are essential for departmental business.
  • Advertising space cannot be sold at any level of the website. "Advertising" refers to any instance in which the university or one of its units receives payment or in-kind gifts in exchange for a link or brand placement on a university webpage. Although advertising cannot be sold at any level, links to commercial vendors may be made in the following specific situations:
    • A logo or graphic for licensed software required for web viewing (e.g., Adobe Acrobat Reader, RealAudio, VeriSign)
    • A logo or link to a separately contracted vendor who provides services to the university (e.g., TIAA, Sodexo)
    • A link provided for educational or other mission-related purposes and the university has received no consideration for incorporating that link.