Section 4- Information Policy
A. Privacy Policy
1. St Edward’s University complies
with all federal and state regulations regarding privacy. SEU
will not release non-directory personal data or information
to investigators, attorneys, or agencies unless directed to
do so by a valid court order. St. Edward's University respects
the privacy of users’ electronic files and communications
residing on the university’s computer system. The university
takes precautions to ensure privacy of personal data and information.
Personal data will be transferred and stored in a secure manner
according to industry practices.
2. Refer to the Roles and Responsibilities
section for detail. Individual users of the computer system
should be aware of the inherent limitations of shared network
resources. No computer security system can absolutely prevent
unauthorized persons from accessing stored information, and
the university can not and does not guarantee the privacy or
confidentiality of stored information or electronic communications.
3. Routine Collection of Electronically Recorded
Information:
a. Authorized Information Technology personnel
may actively scan any computer local to the SEU campus(es)
for the purpose of detecting security vulnerabilities on workstations/servers.
This is in order to protect Information Technology resources
from deliberate or accidental abuse. No other department/user
has authorization for this type of activity. The university
reserves the right to monitor and access a user’s communications,
files, and stored information under the following circumstances:
(1) When necessary to protect the integrity,
security, and proper functioning of the university’s
computing system or to protect the university from liability.
(2) When required by federal, state, or
local law or university policies or regulations as reflected
in this policy, Faculty Handbook, Student Handbook, and
Employee Handbook.
(3) When necessary to ensure that high
standards of maintenance are met. SEU does not monitor which
web sites users visit nor look at what users put in written
communications such as emails, news articles, or chat rooms
unless an abuse of such services is reported.
(4) When necessary to tune web server performance
and debug problems. Web server logs are primarily used by
system administrators and are deleted periodically. However,
they may be included on tape backups of the system. These
logs typically contain internet address of computer being
used, web pages requested, browser used, date and time,
and for some applications, user-identifiable information.
4. Use/Release of Electronically Recorded
Information:
a. St. Edward’s University does
not attempt to identify individuals or their usage habits.
Administration does watch for illegal attempts to upload
or alter information, to create conditions that would cause
a denial of service or other damage, or to launch attacks
on other sites. St. Edward’s reserves the right to
use web server logs, account records, and other system information
to identify the person(s) responsible. Any monitoring or
access to a user’s files or communications will be
no more extensive than is necessary to accomplish the purpose
for which it is authorized. Affected users will be notified
of such monitoring or access to the extent allowed by law
or university policy, provided that it will not compromise
the university’s investigation or the investigation
of any law enforcement organization.
b. Release of electronically recorded information
must be authorized by the appropriate Vice President, with
the concurrence of the Vice-President for Information Technology.
|
