84  Institution Privacy Policies INDIANA UNIVERSITY BLOOMINGTON Privacy of Electronic Information and Information Technology Resources https://policies.iu.edu/policies/it-07-privacy-it-resources/index.html Indiana University Policy: Privacy of Electronic Information and Information Technology Resources IT-07 This PDF created on: 10/02/2017 3 when prior notification is not appropriate or practical due to the urgency of the circumstances when such notice may result in destruction, removal, or alteration of data or when other circumstances make prior notice inappropriate or impractical. Where prior notification is not appropriate or practical, reasonable efforts will be made to notify the affected individual as soon as possible following access unless other circumstances make follow-up notification inappropriate. 3. Preservation of electronic information and of information technology resources The copying and secure storage of the contents of an individual's email, other computer accounts, office computer, or transient network traffic to prevent destruction and loss of information may occur a. upon receiving credible notification of a university or law enforcement investigation for alleged illegal activity or violations of university policy on the part of a member of the university community or b. upon receiving advice by the Office of General Counsel that such copying and storage is otherwise needed in order to comply with legal obligations to preserve electronic information or secure information technology resources or c. upon receiving authorization from the campus Chancellor, Provost, Vice President or equivalent indicating that such preservation reasonably appears necessary to protect university operations or d. when there is a reasonable belief illegal activity or violations of university policy have occurred, are occurring, or are imminently about to occur. Access to such copies and stored materials shall be in accordance with this policy. Preserved materials that are no longer needed must be destroyed in a secure manner. 4. Access by technicians and administrators that does not require further authorization Technicians or administrators do not require further authorization, within the scope of their legitimate university responsibilities, in any of the following circumstances: a. Emergency Problem Resolution - Technicians may access, and permit access to, information technology resources and electronic information in emergency situations, when the technician has a reasonable belief that a program or process active in the account or on the device is causing or will cause significant system or network degradation, or could cause loss/damage to a system or other users' data. This includes forensic and/or other analysis in response to a security incident, sensitive data exposure, or system/device compromise. b. Collaborative Information or Resources - Technicians may access, and permit access to, for legitimate purposes, information technology resources and electronic information that by their nature are not private, such as shared computers and shared document folders. c. System-generated,Content-neutral Information Technicians may access and use system-generated logs and other content-neutral data describing the use of technology for the purposes of analyzing system and storage utilization, problem troubleshooting, and security administration, and in support of audits. Technicians may not disclose or permit access to specific information technology resources assigned to, or electronic information associated with, an individual except as authorized under Section 1 above. d. Incident Response - The incident response function within the University Information Policy Office (UIPO) is responsible for investigating reports of abuse or misuse of university information technology resources. Incident response staff may use system-generated, content-neutral information for the purposes of investigating technology misuse incidents, and in support of audits. Incident response staff may not disclose or permit access to specific information technology resources assigned to, or electronic information associated with, an individual except as authorized under Section 1 above. e. Network Communications - Security engineers of the University Information Security Office (UISO) may observe, capture, and analyze network communications. "Network communications" may contain content
Previous Page Next Page