Access to Accounts and Information Policy
Purpose
Consistent with 亚洲情色鈥檚 Computing Resources Policy, the University has the right to access, inspect, monitor, and preserve any information created with, stored on, or transmitted through, its Network or Technology Resources (collectively, 鈥淚nformation Systems鈥) for safety, security, and other lawful reasons. In doing so, the University endeavors to afford reasonable privacy for users, and will not access such information without a legitimate reason.
Scope
This Access to Accounts and Information Policy applies to any information created, stored, or transmitted by members of the University community, including current and former faculty, staff, students, contractors, and affiliates, as well as visitors, guests, and others who use (or have used) the University鈥檚 Information Systems.
Definitions
Network: A non-exhaustive list of the University鈥檚 wireless networks includes 鈥樠侵耷樯, 鈥樠侵耷樯 Guest鈥, 鈥榚duroam鈥, and 鈥楳oravian Book Shop鈥. Wired network access is when an ethernet or fiber optic cable is plugged into a device to obtain network and/or internet access and is available in buildings across campus.
Technology Resources: A non-exhaustive list of technology resources at 亚洲情色 includes physical devices such as desktop computers, laptops, tablets, cell phones, classroom podium computers, projectors, document scanners, televisions, Apple TVs, and Raspberry Pis. Software platforms are also considered a Technology Resource and include, but are not limited to, websites such as Canvas, AMOS, Okta, Gmail and G Suite, and payment platforms such as Cashnet and Heartland.
Policy
Reasons for Access
The University may access user accounts and information when, in the University鈥檚 sole judgment, doing so is necessary to address a legitimate University interest. Examples of such interests include, but are not limited to:
- evaluating or responding to health, safety or security risks;
- ensuring continuity of operations during the unavailability of a user unexpectedly or for a prolonged period, or after the departure or death of a user;
- identifying, diagnosing or correcting Information Systems security vulnerabilities and problems, or otherwise preserving the integrity of the University鈥檚 Information Systems;
- investigating a possible violation of law or University policy; and
- complying with federal, state, or local laws or regulations or legal service of process, including subpoenas and warrants.
Procedures for Access
Except for instances in which a specific University protocol has been developed and approved in advance by the Chief Operating Officer/Executive Vice President for University Life for reasons of safety, the University will implement the following procedures when there is a need to access, inspect, monitor, or preserve a user account or information:
If access to information is necessary to accomplish a legitimate business interest and the information is unavailable or unable to be accessed without IT assistance, an administrative leader for the affected area (department chair, director, or equivalent) must submit a written request for access to the authorized University official, as follows:
- For faculty issues and student academic issues, an email is sent to the Provost and Vice President for Academic Affairs;
- For student safety or security concerns, an email is sent to the Dean for Community Wellness or Chief of Police;
- For employee safety or security requests, an email is sent to the Director of Human Resources or the Chief of Police;
- For legal issues, an email is sent to Counsel; and
- For all other reasons, an email is sent to the cabinet officer responsible for the requesting office.
The request must contain the following information:
- The name of the account holder whose information is to be accessed;
- The reason why the access and information is needed; and
- A precise description of the information needed, in the most limited scope possible (e.g. - between these people, in this time frame, regarding this topic).
Once the request has been approved by the above-listed official, it will be sent to the Chief Operating Officer/Executive Vice President for University Life for final approval before being assigned to IT staff. If the request pertains to information related to the Chief Operating Officer/Executive Vice President for University Life, it will be sent to the President for final approval.
IT staff will work with the administrative leader for any necessary clarification and to provide access to the requested information. IT will provide access in the form it determines to be most appropriate for each unique request or situation.
If a potential violation of law or University policy is discovered while accessing information through a properly submitted request, such information must be provided to the Chief Information Officer/ Executive Vice President and/or the President for appropriate review and/or processing.
Notification
The University will determine, in its sole discretion, whether an individual whose information was accessed through this process will be notified.
Additional Records
The University has access to video camera footage (installed for the safety and security of our community) and card swipe/tap information. Campus Police regularly view this information in the normal course and scope of their work, and their review is outside the scope of this Policy. Campus Police may provide this information to other authorized University officials to the extent necessary to address health/safety concerns or other legitimate University interests.
Approved by University Council on 2/6/2024.
Questions about this policy or its content may be directed to compliance@moravian.edu.