The Nevada Office of Western Interstate Commission for Higher Education (WICHE)

Privacy Statement

1. Introduction

The Nevada Office of Western Interstate Commission for Higher Education (Nevada WICHE) is committed to protecting the privacy and security of personal information for students, staff, and all other individuals interacting with us. This privacy statement outlines how we collect, use, share, and protect personal data in compliance with applicable data protection laws and regulations.

This privacy statement discloses the privacy practices of Nevada WICHE. Please note that NSHE Institutions including NSHE System Administration and System Computing Services may have separate privacy policies specific to their scope of operations. By accessing and interacting with this website, you are consenting to our collection and use of information in accordance with this privacy statement.

Additional information pertaining to personal information practices may be provided in supplemental terms and conditions, supplemental privacy statements, or notices provided prior to or at the time of data collection.

2. How We Collect Data

We collect information from you when you interact with us through our website, phone, email, or in some cases paper forms. The State of Nevada participates in several WICHE programs. Through these programs we must collect data from applicants as it relates to the following programs:

Professional Student Exchange Program (PSEP)
Health Profession Education Program (HPEP)
HPEP Nevada WICHE/USU Veterinary School Stipend

3. Personal Data We Collect

The personal data we collect is limited to the information that the user (in most cases students) provides upon interaction with our online platforms and for the required submission of application forms for Nevada WICHE programs.

Sensitive PII (Personally Identifiable Information) that is collected is limited to your Driver’s License number or Nevada ID Card number.

Direct identifiers of PII which might also be shared with us are typically limited to the following:

Home address, Email address, Phone number, Date of Birth.

Indirect identifiers of PII which we may collect are limited to the following:

Usage Information: Website browsing data, IP addresses, device and browser information, session and location data, cookies, and communication data/time stamps. This data is typically anonymous, i.e. it cannot directly identify an individual.
Communication Preferences: Opt-in or opt-out preferences for receiving communications, including Email and SMS

4. How We Use Your Personal Data

We collect and process your personal data to support the administration of the Nevada WICHE programs. Specifically, we may use the personal information you provide for the following:

Program Eligibility and Application Processing: To evaluate your eligibility for Nevada WICHE programs (described at Section 2 above).
Identity Verification: To verify your identity and prevent fraudulent or duplicate applications.
Regulatory and Reporting Obligations: To fulfill legal and regulatory requirements imposed by federal, state, or accrediting agencies, which may include financial reporting, audit documentation, or compliance with education-related funding requirements.
Communication: To contact you to discuss the status of your application, request additional documentation, provide program updates, or deliver important information related to the services or support for which you have applied.
Recordkeeping: To maintain accurate records of your application and participation in these State of Nevada sponsored programs, in accordance with institutional policies and applicable data retention laws.
Security and Fraud Prevention: To safeguard our systems and services and detect, prevent, or investigate unauthorized access, misuse, fraud, or other harmful activities involving your data.

5. Sharing of Personal Data

We do not use your personal data for automated decision-making or profiling related to program eligibility. Your data is not sold and is only shared with authorized personnel to support the administration of Nevada WICHE programs.

We do not sell or share personal data for marketing purposes.

Third-Party Service Providers: We may share indirect identifiers of personal data to ensure we can operate, deliver and support our technical services. To detect fraud and protect our systems and network infrastructure, we may use service providers (cloud services, cybersecurity monitoring, platform providers) to assist us solely for the purpose of delivering services on our behalf and under their contractual obligation to us to safeguard personal data and not use it for any other purpose.
Legal and Regulatory Authorities: We may disclose personal information to comply with applicable laws or legal requests.

6. SMS Data Collection and Communication

While we rarely use SMS communications, in the event that we do, we comply with The Campaign Registry (TCR) requirements. Our SMS messaging is P2P (Person-to-Person) only. We ensure that the following safeguards are in place:

Opt-In Consent: We will only send SMS messages if you have explicitly opted-in to receive them. The phone numbers collected for SMS communications will not be shared with any third party.
Opt-out Mechanisms: Every SMS communication will include clear instructions on how to opt-out. You may also contact us at any time to revoke your consent for receiving SMS messages.
Data Usage for SMS: We will only use the phone number you provide to send SMS messages for the purposes specified in your opt-in consent. Your phone number and associated data will not be shared or sold to third parties, nor will it be used for any purpose outside of the agreed communications.

7. Data Protection and Security

In accordance with the NSHE Board of Regents Handbook (Title 4, Chapter 1, Section 24) sensitive data maintained or transmitted by a Nevada System of Higher Education (NSHE) Institution, the Chancellor’s Office (SA) or NSHE Computing Services (SCS) must be secure. Further, as data collectors, we are required to comply with Nevada Revised Statutes (NRS) 603A.010-603A.910 (Security of Personal Information). We have adopted the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) as the standard for information security controls.