In connection with its administration of the DukeCard program, Duke University collects data including the locations, dates, and times where DukeCards are used to access doors and buildings as well as when cards are used to “swipe” or “tap” in for attendance. This data is stored for 60 days. You may request data for access which occurred within the previous 60-day period. DukeCards are also used for financial transactions. Individuals may request an accounting of their transactions by visiting the DukeCard eAccounts portal. Financial transactions are kept on record for 7 years and are not provided to Duke departments or others without the express approval of the Executive Vice President or his/her designee.
Data Request Process and Approvals
The Office of Information Technology DukeCard Office is the data custodian responsible for DukeCard access data and for adherence with these standards. Complete and submit the DukeCard Data Request form to initiate your request.
Data access requires approval by Duke’s Executive Vice President (EVP). All data access requests are received by the DukeCard office and sent to the CISO and CIO to begin the approval process. The EVP has delegated to the ITSO approval for certain data requests that are unambiguously within the narrow scope of the Data Collection Use and Practice. All other requests received by the CISO and CIO are review with the EVP.
Special Note about Event Attendance Reports: You must have an opt-out process in place the day of your event along with a notice to attendees of how the data being collected will be used. Attendance requests without an opt-out process and communication about data use will not be approved.
More detailed information is available:
DukeCard Access Control and Data Practices for Access Information
Known Approved Uses of DukeCard Access Control Data
Questions? Contact us at dukecard_data_requests@duke.edu