Privacy Compliance for BYU Websites
Privacy Standards for Websites
- Public facing websites displays a Cookie Banner (see below)
- Public facing websites have a link to the BYU Privacy Notice privacy.byu.edu (normally a link in the footer)
- Public facing sites allow visitors to edit cookie preferences (normally a link in the footer)
Website handles personal data correctly:
- Public facing websites by default display the department contact information of faculty/employees, when they are listed on the site. (Employees may opt-in to having their direct work contact information listed.)
- Public-facing websites do not contain any student contact information without the student’s consent.
- Internal sites available to the entire campus community only may list faculty/employee direct contact information but should not list student contact information without their consent.
How to ensure compliance with standards 1-3 by Platform/Theme:
| Platform | Action Needed |
| BrightSpot | No Action Needed. Automatically updated by BYU Brightspot Team |
| Mendix | Download theme and follow documentation. See Tab. |
| CDN/Common Web Components Theme | No Action Needed. Updated by OIT. |
| Other Sites | See Tab. |
BYU Subdomains
For all sites with web addresses that end in .byu.edu
To comply with privacy laws, all BYU.edu domain websites that interact with students, employees or website visitors need to meet the following requirements:
- Display a Cookie Banner
- Link to the BYU Privacy Notice privacy.byu.edu
- Allow visitors to edit cookie preferences
To implement these requirements, please complete the following tasks:
Update your Mendix Theme to the latest version
Version 4.0.8 of the BYU Theme Module has been published to the Marketplace (4/22/2025)
Add the HTML Code to the header
Once you have updated the BYU Theme Module and it is working you will need to add the below code to the header in the index.html file of your project.
<script async type="text/javascript" src="https://consent.trustarc.com/v2/notice/3p3tmg?pcookie"></script>
<script type="text/javascript" src="https://consent.trustarc.com/v2/autoblockasset/core.min.js?cmId=3p3tmg"></script>
<script type="text/javascript" src="https://consent.trustarc.com/v2/autoblock?cmId=3p3tmg"></script>To show the cookie consent banner, you'll need to add a <div> to your page. You can add it anywhere you want, but it probably makes the most sense to add it inside or after the footer.
<div id="consent-banner"></div>Non-BYU Domains
For non-BYU.edu domain sites managed by BYU personnel, please email privacy@byu.edu and provide the site url and the contact's name and email address. Sites outside of the BYU.edu domain will be logged and addressed as needed.
Additional Resources
We discuss implementation in our users meeting on Apr 15, 2025. View recording here. You will need to update your BYU theme from the marketplace. If you have more questions after viewing the recording, please reach out to Abigail Egan
Note: If you are using a Tag Manager (such as Google Tag Manager, Adobe Tag Manager, or Tealium) please go to that Tab
BYU Subdomains
For all sites with web addresses that end in .byu.edu
To comply with privacy laws, all BYU.edu domain websites that interact with students, employees or website visitors need to meet the following requirements:
- Display a Cookie Banner
- Link to the BYU Privacy Notice privacy.byu.edu
- Allow visitors to edit cookie preferences
To implement these requirements, please complete the following tasks:
Add the BYU Cookie Banner script links and HTML element
Place this HTML in your page code somewhere after Google Tag Manager code (if you happen to be using that). If you're not using GTM, place it anywhere in your page code.
<script async type="text/javascript" src="https://consent.trustarc.com/v2/notice/3p3tmg?pcookie"></script>
<script type="text/javascript" src="https://consent.trustarc.com/v2/autoblockasset/core.min.js?cmId=3p3tmg"></script>
<script type="text/javascript" src="https://consent.trustarc.com/v2/autoblock?cmId=3p3tmg"></script>To show the cookie consent banner, you'll need to add a <div> to your page. You can add it anywhere you want, but it probably makes the most sense to add it inside or after the footer.
<div id="consent-banner"></div>Add the BYU Privacy Notice and Cookie Preferences links to the site footer
The site footer should have the following links at the bottom.
Privacy Notice | Cookie Preferences
These link to https://privacy.byu.edu and https://privacy.byu.edu/cookie-prefs. The footer links should follow the same format as the links in the footer of this website.
Non-BYU Domains
For non-BYU.edu domain sites managed by BYU personnel, please email privacy@byu.edu and provide the site url and the contact's name and email address. Sites outside of the BYU.edu domain will be logged and addressed as needed.
BYU Subdomain Sites with a Tag Manager
For all sites with web addresses that end in .byu.edu
For sites that use a tag manager please reach out to Haley Dunkley, haley_dunkley@byu.edu to get the documentation for setting that up.
HTML Script to be placed on site for those using Tag Managers
Place this HTML anywhere in your page code.
<div id="consent-banner"></div>
<div id="teconsent">
<script type="text/javascript" async="async" src="https://consent.trustarc.com/v2/notice/3p3tmg?pcookie"></script>
</div>Non-BYU Domains
For non-BYU.edu domain sites managed by BYU personnel, please email privacy@byu.edu and provide the site url and the contact's name and email address. Sites outside of the BYU.edu domain will be logged and addressed as needed.
BYU Subdomains
For all sites with web addresses that end in .byu.edu
To comply with privacy laws, all BYU.edu domain websites that interact with students, employees or website visitors need to meet the following requirements:
- Display a Cookie Banner
- Link to the BYU Privacy Notice privacy.byu.edu
- Allow visitors to edit cookie preferences
To implement these requirements, please complete the following tasks:
Add the HTML Code to the header
Add the below script right after the beginning (<head>) tag:
<!-- TrustArc Cookie Consent Banner Code -->
<script async type="text/javascript" src="https://consent.trustarc.com/v2/notice/3p3tmg?pcookie"></script>
<script type="text/javascript" src="https://consent.trustarc.com/v2/autoblockasset/core.min.js?cmId=3p3tmg"></script>
<script type="text/javascript" src="https://consent.trustarc.com/v2/autoblock?cmId=3p3tmg"></script>
<!-- End TrustArc Cookie Consent Banner Code -->And this anywhere within the body of the HTML before (</body>) tag:
<!-- TrustArc Cookie Consent Banner -->
<div id="consent-banner"></div>
<!-- End TrustArc Cookie Consent Banner -->Then make sure on your page there are links to the Privacy Notice and to the Cookie Preferences page.
Non-BYU Domains
For non-BYU.edu domain sites managed by BYU personnel, please email privacy@byu.edu and provide the site url and the contact's name and email address. Sites outside of the BYU.edu domain will be logged and addressed as needed.
Non-BYU Domains
For non-BYU.edu domain sites managed by BYU personnel, please email privacy@byu.edu and provide the site url and the contact's name and email address. Sites outside of the BYU.edu domain will be logged and addressed as needed.
Frequently Asked Questions
Please let us know (privacy@byu.edu) if you have any questions you think should be added here!
-
Toggle ItemI have a question. Who do I talk to?
Howard Loos is the Privacy Officer for BYU if you have any questions please reach out to him. If you have questions specific to the technical side of Cookie Banner Migration or TrustArc please reach out to Haley Dunkley or Dan Brandt.
-
Toggle ItemWhy do only some of the cookie categories show up when I go to change preferences?
The preferences modal uses what is called Dynamic Tracker Display. It will only show the category for the cookies on the site. However this will be changing soon under the decision of the Privacy Officer. We will update here when that change has been made.
-
Toggle ItemOne of my cookies has been mis-classified. How do I change that?
Reach out to Haley Dunkley (haley_dunkley@byu.edu) to discuss cookie categorization.
-
Toggle ItemThe banner isn't working/there are issues with the cookies on my site now, what do I do?
Reach out to Haley Dunkley (haley_dunkley@byu.edu), Dan Brandt (dan_brandt@byu.edu) or Ben Holmes (ben_holmes@byu.edu) and they will work with you to solve the issue.
-
Toggle ItemI'm using a tag manager. How do I get the TrustArc documentation for that?
Reach out to Haley Dunkley (haley_dunkley@byu.edu) to get a copy of the TrustArc documentation.
-
Toggle ItemWhere can I find the TrustArc Implementation Guides?
Reach out to Haley Dunkley (haley_dunkley@byu.edu) for a copy of the TrustArc Implementation Guide.
-
Toggle ItemWhat if my site's domain is not BYU.EDU?
All additional domains will be going on a list to be discussed later. Please reach out to Haley Dunkley who can get it added.
-
Toggle ItemWhat if we don't use cookies?
Having a cookie banner is a legal requirement and assists in building user trust through transparency. Therefore, banners are required on all BYU sites.
-
Toggle ItemWhat if we use BYU's common footer?
The code was updated to include the banner. If your code does not see the banner, then we will need to know more about the hosting of your footer code. Please contact Dan Brandt
-
Toggle ItemWhat if we use Wordpress?
We are compiling instructions and will update a tab once we have more information. Please contact Dan Brandt
-
Toggle ItemWhat cookie model is BYU using? Opt-In or Opt-Out?
Currently we are opt-in for all of Europe, and everywhere else we are opt-out. The priority is to migrate off of the Merudata platform and maintain existing functionality. The CES Privacy Center and Office of General Counsel will periodically review our consent configuration so this may change in the future.
-
Toggle ItemWhat are the different cookie categories?
- Required (no ability to decline)
- Functional (on until selected off for Non-European countries)
- Advertising (on until selected off for Non-European countries)
-
Toggle ItemWhat privacy software are we using now?
We are using TrustArc (trustarc.com), a privacy platform that is used by the Church and other affiliates. We are using it for 4 main privacy operations, one of which is cookie compliance.