What data does Dispatch collect?

Dispatch allows users to enable engagement tracking on email campaigns. When event tracking is enabled, Dispatch collects event data when an email message is read and collects event data when a link in the email is clicked on. This event data includes the following information:

• The email address of the person the email message was sent to.
• Information about the email campaign the email message was sent from.
• Date and time of the event (email read, link click).
• The URL of the link that is clicked on.
• Networking information about where the event came from (the user’s IP address).
• Information about the email client / web browser used to read the message.

This event data is only collected if the sender has turned on the collection of event data in their email campaign. If the email campaign doesn’t turn on this collection when the email is sent, then none of this data is collected for that email campaign. The collection of email read events and link interactions can be enabled independently.

How is that data used?

Primarily, the data is used to track engagement with the email message. Dispatch provides engagement reports to the sender of the message showing what percentage of recipients have read the email message and the frequency of link clicks within the message. This data is typically provided in aggregate, showing percentages and summaries of interactions. The detailed event data is also available to allow senders to send follow up campaigns to individuals who either engaged or didn’t engage with a previously sent email.

The data is also occasionally used by:

• by Dispatch support staff to troubleshoot problems or answer support questions
• by ISPO to investigate security incidents

How does Dispatch collect this data?

Dispatch uses standard email marketing practices to collect this data. It places a small image within the email that records an email read event when loaded. Dispatch tracks links by rewriting the links in the email sending the user first to Dispatch to record the link clicked event, and then redirecting the user to the link’s web url.

These techniques are inaccurate, many email clients will block image retrieval or otherwise load images independent of a user reading the email. Likewise, email clients will sometime try to pre-load links in email messages for performance reasons. Email senders are cautioned on these limitations and must factor these limitations into their engagement analysis.

Who uses Dispatch and has access to the data?

Dispatch is available to University of Iowa departments. Users can request access through a workflow form and must acknowledge that they have had FERPA training and will follow applicable University of Iowa policies. Users are given access to departmental clients and these clients contain the template and campaigns sent by that department. Users can only see the engagement data of email campaigns within the departments they have access to. Engagement data is not shared across departments or otherwise made available outside of Dispatch. Dispatch IT support staff are the only staff who have access to all the Dispatch event data.

How long is the data retained?

Currently, the event data is retained for 2 years so that year over year analysis of email campaigns can be done. Information about the email campaigns, such as the content of emails and who the emails were sent to is kept for up to three years. See Dispatch's Data Retention document for more details.

Can I opt out of receiving emails from Dispatch?

There is not a global way to opt-out of emails from Dispatch as Dispatch is used to send critical emails from UI leadership as well as compliance emails from various systems and departments.

Dispatch does support an opt-out feature for individual email campaigns and senders can choose to enable opt-out lists on a per campaign basis or can setup an opt-out list for a suite of email campaigns.

Can I opt out of having my data collected?

Currently, there is not an industry standard “do not track” for email campaigns in the same way there is for web viewing. Email clients are building in features that will prevent event collection by blocking images in emails.

Can I have my data removed from Dispatch

Yes, as part of GDPR compliance, we can remove any identifiable user generated event data associated with your email account. These requests are handled manually by Dispatch support staff and a request to remove data can be made by sending an email to ui-gdpr@uiowa.edu

Additional Information

In addition to the data privacy practices described here, additional privacy policies may apply and are linked to below:

• Operations Manual
• Ch. 19 – Acceptable Use of Information Technology Resources
• Ch. 19.3 – Security and privacy
• IT Privacy Policy
• University of Iowa Websites – Privacy Policy