Policy for Departmental and Organizational Websites
Information Technology maintains web servers that may be used by departments, programs, institutes, and other entities, for publishing information and creating applications on the web. Departmental web managers are responsible for creating content that meets web usability and accessibility standards, ensuring the accuracy and timeliness of the information presented, publishing pages that represent professional design and quality, ensuring that web materials comply with university policy and copyright, privacy, information security, intellectual property, and libel laws, and responding to inquiries and comments directed at the published material.
Anyone maintaining websites must be aware of web standards which support usability and accessibility. Departmental web editors are responsible for making certain types of adaptations in the design of their web content.
W&M departments have a responsibility to create websites that positively represent the university while safeguarding the privacy of any data they collect via web forms. If a website collects personally identifiable information the site must disclose to the end-user the purpose of the collection and how the data will be used. Furthermore, the data cannot be used for purposes other than those stated on the website. Unless granted an exception by IT, all websites will communicate securely (via https:). Please [[support,contact IT]] if your department is unsure about the acceptability of particular web applications, or to consult about the most secure way to collect and maintain data on the web. If directed, IT may delete or make inaccessible files that contain material that is in violation of state and federal law or W&M policy.
The following are not permissible uses of W&M web space:
- Departments must not collect, store or present any sensitive or personally identifiable information without prior approval by the Director of Information Security in the Department of Information Technology. For a detailed definition of sensitive and/or personally identifiable information please reference the university's Data Classification Policy.
- Departmental webpages cannot be used for commercial, non-university purposes. They cannot be for the personal or private gain of an individual or group of individuals promoting a private or commercial cause.
- Credit card transactions are not permitted on any web servers maintained by Information Technology. Specifically, departments are not permitted to collect credit card numbers for payments via a webpage or form. The current W&M web environment cannot securely store and protect credit card customers and companies. Departments should contact the Director of Information Security in the Department of Information Technology if online credit card transactions are essential for departmental business.
- Advertising space on the website cannot be sold by departments or other units. "Advertising" refers to any instance in which the unit receives payment or in-kind gifts in exchange for a link or brand placement on a university webpage. Links or information about commercial vendors may be made in the following specific situations:
- In recognition of partners and approved sponsors of the university
- For a licensed software required for web viewing (e.g., Adobe Acrobat Reader, RealAudio, VeriSign)
- For separately contracted vendors who provide services to the university (e.g., TIAA, Sodexo)
- For educational or other mission-related purposes and the university has received no consideration for incorporating that link.