The University now has an official and standard privacy statement for mass e-mail recipients, complete with approval from the Office of the General Counsel. You can view a copy of the statement but should not link to it as it's behind X.500 authentication (this is not its permanent home).
Our hope is to put in place for mass e-mail a structure much like what is already in place for the Web, which includes both a privacy statement and a policy. The statement itself is to be referenced in mass e-mail sent by the University and informs recipients of the data collected and its use at the University and by "associated third parties," such as the University of Minnesota Foundation and Minnesota Medical Foundation. This statement is what has been completed.
• Provide the statement in a common location for all to use (watch for a revamp of http://www.privacy.umn.edu).
• Update the existing eCommunications standards to require inclusion of the statement.
• Determine through feedback if statements for individual units, that meet minimum requirements, may be used in lieu of the standard statement.
• Prepare and seek approval for the policy.
It should be noted that the approved privacy statement was written only with consideration for Lyris ListManager, the centrally supported software that the University uses to send mass e-mail. This statement may not be appropriate for users of Constant Contact, Exact Target, and other systems.