File code: TECH.DATASEC.POL
Approval Date: 05/31/11
Approved By: President
Data Security Policy
The university and all members of the university community are obligated to respect and to protect university data. There are, however, technical and legal limitations on our ability to protect confidentiality. For legal purposes, electronic communications are no different than paper documents. Electronic communications are, however, more likely to leave a trail of inadvertent copies and more likely to be seen in the course of routine maintenance of computer systems. The university does not regularly monitor the content of personal web pages, e-mail or other on-line communications. However, the university must reserve the right to examine computer records or monitor activities of individual computer users (a) to protect the integrity or security of the computing resources or protect the university from liability, (b) to investigate unusual or excessive activity, (c) to investigate apparent violations of law or university policy, and (d) as otherwise required by law. In limited circumstances, the university may be legally compelled to disclose information relating to business or personal use of the computer network to governmental authorities or, in the context of litigation or a served subpoena.
All university areas accepting, working with, or transmitting sensitive data (defined in the Sensitive Data Chart, Adobe PDF, login required) are required to take appropriate measures, as defined in the Administrative Procedures under Sensitive Data Handling Procedures, to protect sensitive data under their care.