Business provides computer, email, network, internet, and telephone access to users for the purpose for conducting business only. While incidental and occasional personal use of such systems is permissible, personal communications and data transmitted or stored on business information technology resources are treated as business communications, and are subject to automated surveillance by security systems managed by the Information Technologies and Services (ITS).
Automated surveillance systems do not generally inspect content of data, but will flag data that appear malicious in nature (e.g. viruses, spyware) for further investigation. All users should not expect that personal communications will remain private and/or confidential. While the business permits generally unhindered use of its information technology resources, those who use information technology resources do not acquire, and should not expect, a right of privacy.
Reason for Policy
Business recognizes that an information technology environment built on mutual trust and freedom of thought is essential to the business. Business additionally recognizes that as users create and store data in electronic form, there is growing concern that the data a user might consider private may be more available to view or use than initially expected. This policy is intended to clarify some general principles and define expectations of privacy within the business.
Who Should Read this Policy
All users of the Business.
Business reserves the right to access, review, and release electronic information that is stored or transmitted using information technology resources. Requests for access, review, quarantine or release of electronic information may originate from, or on behalf/approval of the business owner.
These requests will be initiated and fulfilled only under one or more of the following circumstances:
- When requested by a court order or other entity with legal authority to do so.
- When fulfilling the legal, regulatory, or other applicable duties of the Business.
- When responding to an electronic or physical security issue or incident.
- In the event of a health or safety concern.
- In order to ensure the security, confidentiality, integrity, and availability of data stored or transmitted by Business information technology resources.
- In cases where more stringent controls, such as state regulations for psychiatric data, maintain a higher standard for authorized access, review, or release of data, the more stringent control will always take precedent.
- As requested by the Business Owner in conducting investigations.
Whenever access, review, or release of Business data is necessary, care will be taken to treat the event with sensitivity and respect.