63 SPEC Kit 360: Learning Analytics PENNSYLVANIA STATE UNIVERSITY LIBRARIES Policy UL-AD08 Confidentiality and Privacy of Patron Library Records https://libraries.psu.edu/policies/ul-ad08 Library Records: Records of the borrowing and use of library materials and equipment are considered to be confidential, as are the records of patron transactions of any type including, but not limited to, reference interactions, computer use logs, logs of Internet sites consulted, etc., as well as records of transactions regarding fees and fines. For library purposes, this covers all records related to the circulation or use of laptop computers, camcorders, digital cameras, and any other equipment loaned by the University Libraries as well as books, periodicals, and other formats of printed or electronic information available from the Libraries, including materials that are personally owned by a faculty member that have been placed on reserve for reading in a course. Reference or other service transactions, whether conducted in person, in writing, by telephone, via electronic mail or online interaction, are also considered confidential. Information will be disclosed to law enforcement officials upon request by court order or valid subpoena, or in compliance with appropriate federal law without prior notice. E-mail and Internet: E-mail and Internet connections are provided to assist and facilitate library communications. All user files and logs of user transactions on the University and Libraries’ systems are held to be confidential and will be kept as private as possible. Collection and analysis of data on usage of the licensed commercial online databases and materials offered by the Libraries through its system assists both the publisher and the University Libraries to understand the impact of this technology and service. We request that any such usage data compiled by the licensor will be collected by a method consistent with applicable privacy laws and written confidentiality requirements of the licensing agreement. Any usage data available, such as number of searches or articles downloaded, is reported at least quarterly by the licensor to the University and is confidential under this policy. Information will be disclosed to law enforcement officials upon request by court order or valid subpoena or under appropriate federal law without prior notice The University and Libraries reserve the right to inspect, view and access all data files, electronic messages, and logs of Internet sites consulted by any individuals if it is suspected that the system has been used outside of acceptable use as defined by University policy AD96 Acceptable Use of University Information Resources. [direct quote from AD96 section II. PRINCIPLES OF ACCEPTABLE USE:] All individuals' granted access to Penn State information technology resources must agree to and accept the following: Using only the information technology resources for which they are authorized by the University. Utilizing appropriate authentication mechanisms to access information technology resources. Not attempting to access information technology resources for which their authorization may be erroneous or inadvertent. Only using accounts, passwords, and/or authentication credentialsthat have been authorized to use consistent with their role at Penn State. Protecting, and not sharing, their account, password, and/or authentication credentials. Only sharing data with others as defined by applicable policies and procedures, and dependent on their assigned role. Not using Penn State information technology resources to represent the interests of any non-University group or organization unless authorized by an appropriate University department or office or that could be taken to representPenn State. Not using any hardware or software designed to assess or weaken security strength, unless authorized by the institutional CISO or his or her designee(s). Not engaging in disruptive "spamming" (i.e., sending unsolicited electronic communicationto groups of recipients at the same time), or acting in a way that will harm, damage, corrupt, or impede authorized access to information resources, systems, networks, equipment, and/or data. Not forging identities or sending anonymous messages, unless the recipient has agreed to receive anonymous messages. Not using Penn State information technology resources to alter, disrupt, or damage information technology resources of another person or entity. Not using Penn State information technology resources to upload, download or distribute copyrighted or illegal material which results in violation of law. Complying with all licenses and contracts related to information technology systems which are owned, leased, or subscribed to by Penn State, and complying with applicable local, state or federal laws, and institutional policies, rules, and guidelines as they relate to information technology resources.