II. ELEMENTS OF THE MCARD
To identify the cardholder clearly, Mcards will contain, at minimum, the following elements:
The name (first and last) of the cardholder prominently displayed.
A headshot of the cardholder taken within the last five years.
The name of the department sponsoring the individual or an appropriate description that best describes the university affiliation of the cardholder.
A system-generated unique identification number (UMID number). This number is assigned to individuals upon their initial association with the university.
An expiration date that shall not exceed five calendar years from the issuance date of the Mcard.
Indicator of affiliation location (e.g., Ann Arbor, Hospitals & Health Centers, etc.) where the identified person is appointed or is a member.
A bar code to access university library resources.
A magnetic stripe or other similar card technology to facilitate entry through card-reader controlled doors and access to other university-sponsored or supported services and resources.
III. USE, REPLACEMENT AND RETURN OF MCARDS
Units shall develop specific procedures to ensure that individuals other than faculty, staff, students, and retirees, such as visitors, contractors and vendors obtain Mcards when appropriate at the start of their relationship with the university.
Since Mcards can be used for financial transactions, such as an ATM card, cardholders shall not be asked to relinquish their cards as a deposit.
Mcards are to be used only by the person to whom they are issued and are non-transferable. An individual’s use of an Mcard may be revoked at any time and at the university’s sole discretion.
Units are responsible for collecting and returning Mcards to an ID Issuing Station when Mcard holders terminate their employment or relationship with the university.
Mcards shall not be defaced or modified in any way. The university will replace at no cost Mcards that have expired, are unusable due to normal wear and tear, or for department/name changes for faculty, staff, and students when the current Mcard is exchanged. Otherwise, the cardholder will bear the cost to replace Mcards. Lost, outdated, damaged, defaced, modified, or malfunctioning cards shall be replaced as soon as possible at an authorized ID Issuing Station. Cardholders shall immediately report stolen Mcards to the Department of Public Safety and Security or appropriate police agency.
University units are prohibited from issuing their own identification cards for local access or identification purposes.
University units must seek approval in advance from Mcard Administration for any local usage of the card, including but not limited to, its magnetic stripe, bar code, proximity chip, or other similar technology.
IV. IDENTIFICATION PHOTOS AT U-M
Identification photos are considered an institutional data element and shall be managed according to the Institutional Data Resource Management Policy (SPG 601.12). Please refer to that policy and associated references for more information on rights and responsibilities related to institutional data, including Mcard photos.
Identification photos are required for the issuance of Mcards and are used for other university purposes. Concerns about misuse of any identification photos should be directed immediately to Mcard Administration.
When a photograph is taken for an Mcard or submitted electronically by the cardholder, it will be stored electronically by the university unless the individual requests that the photo not be stored. Stored Mcard photos will be used for identification, security, and other approved internal business purposes.
Mcard digitized photographs may be released from the Mcard ID Card database to university units without a cardholder’s written or electronic authorization for approved, internal, non-public use. Such photos may not be shared with anyone outside of the university or made public within the university, for example through websites, social media or department rosters, without the permission from the cardholder, except as required by law.
In order to use Mcard digitized photographs for internal university business use other than identification, security purposes, class rosters and seating charts, a written request must be made to Mcard Administration. The request will be directed through the appropriate channels, including the appropriate Data Stewards (see SPG 601.12) for approval. If the request is approved, the new university business use shall be communicated to the appropriate members of the university community to provide cardholders with an opportunity to withdraw consent of the use of their Mcard digitized photograph for that and other purposes.
Individuals wishing to revoke their authorization to have the university store their digital Mcard photo or other identification photo may do so at any time. Cardholders can have their Mcard photo deleted by completing a form available at www.finance.umich.edu/treasury/mcard/formsand presenting the completed form in person to an ID Issuing Station.
Non-Mcard Identification Photos
A unit may occasionally find it necessary to take a non-Mcard identification photo. Any individual or organization outside of the central Mcard process that takes an identification photo of any faculty member, staff, student or other person acting on behalf of the university shall obtain written/electronic authorization from the individual before using the photo for that specific purpose.
The individual or organization taking the photo may release the photograph for other purposes only in the following cases: (1) in compliance with written/electronic authorization from the individual; (2) to comply with valid legal requests or orders to produce the photograph as approved by the Office of the General Counsel; (3) to otherwise comply with applicable federal, state or local laws or regulations as approved by the Office of the General Counsel.
Individuals wishing to change their original authorization to store or release a non-Mcard photo have the option to withdraw their authorization at any time. The individual or organization taking the non-Mcard photo must communicate this option and provide a process for individuals to withdraw their authorization.
|Printable PDF of SPG 601.13, Identification and Access Control Cards/Identification Photos||235.56 KB|
Hard copies of this document are considered uncontrolled. If you have a printed version, please refer to the University SPG website (spg.umich.edu) for the official, most recent version.