Skip to end of metadata
Go to start of metadata

1.0 Overview

Clarkson University respects the diversity of values and perspectives inherent in an academic institution and is therefore respectful of intellectual freedom and freedom of expression.  The University does not condone censorship, nor does it endorse the routine inspection of electronic files or monitoring of network activities related to individual use.

At times, however legitimate reasons exist for persons other than the account holder to access computers, electronic files, or data related to use of the University network, including but not limited to: ensuring the continued integrity and availability of University systems and operations; securing user and system data; ensuring lawful and authorized use of University systems; providing appropriately de-identified data for institutionally approved research projects; and responding to valid legal requests or demands for access to University systems and records.

This policy seeks to balance individual freedom and privacy with the need for access by persons other than the account holder when necessary to serve or protect other core values and operations within the University or to meet a legal requirement.  

2.0 Purpose

The University has established this policy so that users are aware of the privacy which surrounds their use of University information technology resources and the information and communications they send and receive therein.

3.0 Scope

This policy applies to all users of University information technology resources and the data stored thereon. 

4.0 Policy

In general, users may expect privacy in their individual files and data, electronic mail, and voice-mail as long as they are using University information technology resources in a manner consistent with the purposes, objectives, and mission of the University and in accordance with law and University policy.  However, the University cannot guarantee absolute security and privacy of its information technology resources.  To the contrary, various uses of information technology resources or access in general, may not always be private.

Accessing Information to Provide Services

In the course of their normal job duties and the operation of the University, authorized employees will have access to data, including stored data, about you. This data may not have been communicated directly to those employees by you, but appropriate employees will have access as a regular part of their employment.  They will only use this data for work related purposes, which may include sharing it with appropriate individuals outside the University and as otherwise allowed here.

Monitoring and Maintenance of Information Technology Resources

The University, as a regular part of its business, monitors its information technology resources in an effort to ensure they are used in accordance with law and University policy, that they are operating efficiently, that there are no threats to them, and that they are regularly maintained and updated. This includes email and communications you send or receive and files or software you have placed on the University’s information technology resources.  The University may retrieve, copy, and distribute information contained on University information technology resources if such actions are taken by an employee as a regular and necessary part of his/her job duties.

Access of Information Technology Resources

Additionally, the University may retrieve, copy, and distribute information contained on University information technology resources if such actions are determined to be in the best interests of the University by the Chief Information Officer and another cabinet-level University official, with notification of such action being made to the Executive Director of Human Resources for faculty/staff or the Dean of Students for students.  This may occur, for example, in the event there are reasonable grounds to believe:

  • There is a threat to the University’s information technology resources, or if such access is needed to ensure the efficient operations of any University information technology resources
  • That a violation of University policy or an illegal act has occurred or may occur
  • There is a threat to University property or the rights of the University
  • There is an emergency affecting the safety of persons or property
  • Litigation involving the University or its agents or employees is possible or ongoing
  • A work document, to which a department needs access, is on an employee’s computer but the employee is absent

The University’s monitoring and access may occur without notice to you; however the Chief Information Officer will maintain a log of such activities which shall be made available for inspection by any member of the President’s cabinet.  The fact that any information technology resource is password protected will not prevent monitoring and access by the University.  Monitoring and access may include physically accessing information resources wherever located.

Responding to Compulsory Legal Requests

The University will comply with all lawful orders for access to information when required under the terms of a valid subpoena, warrant, other legal order, or an applicable law, regulation or University policy.  All legal requests or demands for access to information technology resources or electronic information should be handled according to the procedure outlined in the “Information Technology Requests from Law Enforcement” flowchart that accompanies this policy.  In accordance with this procedure, all such warrants or other orders should be reviewed by University Counsel prior to releasing any information to law enforcement.  In the event that a law enforcement agency seeks to execute a search warrant or other order immediately and will not wait for review by University Counsel, individual system technicians or other persons receiving such orders should not obstruct the execution of the warrant or order, but should document the actions by law enforcement, notify the Chief Information Officer as soon as possible, and take reasonable steps whenever possible to preserve a copy of any data being removed, for appropriate University use.

5.0 Enforcement

Failure to follow this policy will result in the offender(s) being subject to disciplinary action up to and including termination of employment.

6.0 Definitions

Information technology resources —all University owned and operated computers, software, hardware, and infrastructure. It further includes all University services and programs such as email, course management systems, and web pages. It also includes:

  1. Data and other files, including electronic mail, stored in or located or residing on (temporarily or otherwise) University-owned centrally-maintained systems, departmentally-maintained systems, and University-owned systems or computers.
  2. University data and other files stored off campus in systems owned or operated by other entities.  These systems may be subject to their own terms and conditions related to privacy and other matters.
  3. Data communicated over University networks.