Skip to main content

OM 9.1.5 - Data Privacy Policy

 

Effective Date: January 2023
Last Updated: April 24, 2023
Responsible University Office: Office of Information Technology
Responsible University Administrator: Chief Information Officer


Policy Contact:

Office of Information Technology
helpdesk@clarkson.edu

1 Introduction

Clarkson University respects the diversity of values and perspectives inherent in an academic institution and is therefore respectful of intellectual freedom and freedom of expression. The University does not condone censorship, nor does it endorse the routine inspection of electronic files or monitoring of network activities related to individual use.

At times, however legitimate reasons exist for persons other than the account holder to access computers, electronic files, or data related to use of the University network, including but not limited to: ensuring the continued confidentiality, integrity and availability of University systems and operations; securing user and system data; ensuring lawful and authorized use of University systems; providing appropriately de-identified data for institutionally approved research projects; and responding to valid legal requests or demands for access to University systems and records.

2 Scope

This policy applies to any individual or entity using University information systems.

3 Policy

In general, users may expect privacy in their individual files and data, electronic mail, and voice-mail as long as they are using University information technology resources in a manner consistent with the purposes, objectives, and mission of the University and in accordance with law and University policy. However, the University cannot guarantee absolute security and privacy of its information technology resources. To the contrary, various uses of information technology resources or access in general, may not always be private. In specific circumstances, an individual's data may be exposed to a University employee or agent without the individual's explicit consent. These circumstances include but are not limited to:

3.1 Accessing Information to Provide Services

In the course of their normal job duties and the operation of the University, authorized employees will have access to data, including stored data, about you. This data may not have been communicated directly to those employees by you, but appropriate employees will have access as a regular part of their employment. They will only use this data for work related purposes, which may include sharing it with appropriate individuals outside the University and as otherwise allowed here.

3.2 Monitoring and Maintenance of Information Technology Resources

The University, as a regular part of its business, monitors its information technology resources in an effort to ensure they are used in accordance with law and University policy, that they are operating efficiently, that there are no threats to them, and that they are regularly maintained and updated. This

includes email and communications you send or receive and files or software you have placed on the University’s information technology resources. The University may retrieve, copy, and distribute information contained on University information technology resources if such actions are taken by an employee as a regular and necessary part of his/her job duties.

3.3 Access of Information Technology Resources

The University may retrieve, copy, and distribute information contained on University information technology resources if such actions are determined to be in the best interests of the University by the Chief Information Officer and another cabinet-level University official, with notification of such action being made to the Executive Director of Human Resources for faculty/staff or the Dean of Students for students. This may occur, for example, in the event there are reasonable grounds to believe:

  • There is a threat to the University’s information technology resources, or if such access is needed to ensure the efficient operations of any University information technology resources
  • That a violation of University policy or an illegal act has occurred or may occur
  • There is a threat to University property or the rights of the University
  • There is an emergency affecting the safety of persons or property
  • Litigation involving the University or its agents or employees is possible or ongoing
  • A work document, to which a department needs access, is on an employee’s computer but the employee is absent

The University’s monitoring and access may occur without notice to you; however the Chief Information Officer will maintain a log of such activities which shall be made available for inspection by any member of the President’s cabinet. The fact that any information technology resource is password protected will not prevent monitoring and access by the University. Monitoring and access may include physically accessing information resources wherever located.

3.4 Responding to Compulsory Legal Requests

The University will comply with all lawful orders for access to information when required under the terms of a valid subpoena, warrant, other legal order, or an applicable law, regulation or University policy. All legal requests or demands for access to information technology resources or electronic information should be handled according to the procedure outlined in the “Information Technology Requests from Law Enforcement” flowchart that accompanies this policy. In accordance with this procedure, all such warrants or other orders should be reviewed by University Counsel prior to releasing any information to law enforcement. In the event that a law enforcement agency seeks to execute a search warrant or other order immediately and will not wait for review by University Counsel, individual system technicians or other persons receiving such orders should not obstruct the execution of the warrant or order, but should document the actions by law enforcement, notify the Chief Information Officer as soon as possible and take reasonable steps whenever possible to preserve a copy of any data being removed for appropriate University use.

4 Revision History

 

Version

Date

Author

Revisions

1

3/14/2023

B. Huntley

Initial Draft - Data Privacy Policy

2 4/24/2023 L. Perry Presidential Approval