Privacy & Data Security

The successful protection of our community's health and safety on campus involves the collection of personal data, including symptoms, contacts and location information. In developing and selecting the software used to collect and store this information, we have attended carefully to the recommended best practices regarding minimal information collection, encryption, firewalled storage and regular systematic deletion of data that is no longer relevant. Should someone test positive for SARS-CoV-2, we are mandated to report this information to the Denver Department of Public Health & Environment (DDPHE) and we are required to report all test results to CDPHE. In addition, we are sometimes required to report symptom information for the purpose of tracking symptom clusters. We report the information required by public health authorities and provide total tests and positives on our dashboard.

The University of Denver has selected Everbridge a digital application for smartphones, to support our efforts to mitigate the spread of COVID-19 on campus. With Everbridge, DU will conduct quicker and more effective symptom monitoring and contact tracing to identify and contact community members potentially exposed to someone confirmed positive for COVID-19. The quick and thorough symptom monitoring and contact tracing we can achieve through Everbridge will go a long way toward helping us meet our goal to be in person all year round. Information on how to download the software is available here.

DU will not require students, faculty and staff to use Everbridge, nor will they be required to use all of the features; however, to realize the full benefits of Everbridge, more than 60 percent of the DU community who plan to be on campus need to participate in using the app. Current adoption rate is 70%.

Privacy, security and data safety are central in our planning to combat the spread of COVID-19 at DU. We selected Everbridge because of its data security and privacy features, including earning six third-party security certifications. Symptoms (EverBridge, PioneerWeb), positive tests (PNC), and  proximity tracing (EverBridge) are the three data sets DU will use to monitor infections, conduct contact tracing, and communicate with community members who may need to isolate or quarantine.

  • We created a working group comprised of students, faculty and staff to focus on issues of privacy and address our use of data.
  • DU and Everbridge will store and protect all health information, including the identities of DU community members who have tested positive for COVID-19, in accordance with applicable privacy laws and University privacy policies. During contact tracing, individual identities are not shared with those who may have been exposed.
  • The data related to contact tracing will be stored in secure servers hosted by EverBridge, and within DU’s medical record software, PNC

DU will employ two methods of contact tracing: manual contact and proximity tracing completed by trained staff members and digital tracing done through the Everbridge app. The most significant benefit of wide community usage of Everbridge’s GPS- and Bluetooth-enabled tracing is that our efforts will not rely upon the memories of those who test positive. DU community members can opt in and out of the Bluetooth proximity tracing for the Everbridge app as frequently as they like.

  • On Android phones, to allow the Everbridge app to contact trace, user will need to run the Everbridge app in either the background or foreground in addition to enabling Bluetooth on their phones.
  • On Apple phones, you will need to download two apps, one for receiving push notifications and the other for contact tracing purposes. To allow the Everbridge contact tracing app to contact trace, user will need to run the Everbridge app in either the background or foreground in addition to enabling the Bluetooth option for the Everbridge app on their phone settings.
  • To turn off contact tracing just close or end the app on your phone.
  • Please do not uninstall the app as it will remove all contact tracing tokens exchanged residing on the phone.
  • The app needs to be running in the background or foreground for contact tracing options to work and exposures to be reported.

When the Everbridge app is running in the foreground or background on the phone (Bluetooth enabled), it will collect and store information essential for thorough contact tracing. When a community member comes in contact with another member who has enabled the Everbridge app with the Bluetooth option, tokens will be exchanged and stored on the members’ phones. The token is only exchanged between phones that are within 6 feet of each other for at least 15 minutes within 24 hours. This information will not be shared with any third parties. When a community member self-reports a COVID-19 positive test through the Everbridge app, the COVID response team will be notified. The COVID response team will validate test results and then, using information collected via contact tracing interviews individual’s building access records and contacts indicated by tokens, the team will notify all community members who have come in contact with the individual with a positive test. That person’s identity will remain confidential.

To ensure community members’ privacy, Bluetooth proximity tracing does not report location to DU. When a member with the Bluetooth-enabled Everbridge app self-reports a positive test, the COVID response team receives a report with the names of all DU community members who have exchanged tokens with the positive person’s phone in the previous 14 days. However, because the location is NOT collected through proximity tracing, the COVID response team is not privy to the location where tokens were exchanged.

The Everbridge app will make the twice-daily symptom reporting more efficient. Using Everbridge for contact tracing is optional, but reporting symptoms is mandatory. If you opt not to use Everbridge, you can report your symptoms here.