It is the intent of CSBS to protect the privacy of all of its users to the fullest extent within our means, University policy and State and Federal law. The following policies are pursuant to that intent. The purpose of this document is to outline the existing University policies and practices related to the privacy of sensitive data residing on and the individual use of University information technology resources. This document additionally clarifies College of Social and Behavioral Science (CSBS) privacy policies where necessary.
CSBS recognizes and respects the need for privacy of sensitive data and the privacy rights of individual users both within CSBS networks and in connection to other University networks. CSBS considers all electronic information accessed, stored, developed or retrieved via CSBS computers and networks to be private and confidential unless otherwise designated by the user.
It is important for all users of information technology resources to recognize that all electronic communications are traceable and no security system can absolutely prevent unauthorized access to sensitive data. Users must practice individual due diligence in protecting both their personal privacy and the privacy of sensitive data accessible to them.
The privacy of sensitive data and individual users is protected by the network administration in the following ways:
- Access to sensitive data is restricted to those with proper authorization.
- University policy requires that employees be notified prior to any monitoring of electronic communications related to job performance evaluation.
- The University and CSBS are bound by applicable state and federal laws relevant to the protection of sensitive data.
- Private information regarding individual users may not be disclosed to other parties except as allowed by public record laws and through a valid subpoena.
- Although IT Administrators have the ability to access all stored data and communications on CSBS networks, access is limited to that necessary for network administration and asset management.
- Any use of electronic services creates logs. These logs serve as important resources for IT staff in the management of network services including their forensic value in the event of a security violation. Nonetheless, it is the practice of the University to minimize the amount of data collected and the term that the logs are held.
- CSBS will maintain internal and external security practices designed to prevent the accidental or intentional disclosure of sensitive data.
- CSBS Computing will complete an annual audit using the Institutional Security Office to verify existing practices and identify weaknesses.
- CSBS requires that all computers purchased with University funds be configured with automated virus protection and automated OS updates before being used.
- CSBS requires that all non-University owned computers have automated virus update protection and automated OS updates prior to connecting to CSBS network resources.
- CSBS will routinely test password security for all user accounts within our networks and will lock accounts with weak passwords
Users also have a responsibility to help protect the security of the network and other users' privacy. These responsibilities include the following:
- All users are required to respect the privacy and access privileges of other users.
- All users are required to treat institutional data files as confidential.
- Users shall not access data files or data without proper authorization.
- Unauthorized monitoring of network traffic and electronic communications is forbidden.
- No rights or privileges granted to an individual user of CSBS resources may be transferred or provided to a secondary party without the express authorization of CSBS Computing.