J. Electronic Information Systems
Privacy Issues and Statement of Ethics
1. User
Responsibility for Security of Stored Information. The user is responsible for
correct and efficient use of the tools each electronic information system
provides for maintaining the security of stored information.
a.
Individual users to whom computer accounts, passwords, and other types of
security authorizations have been assigned must obey any express restrictions
on disclosure of such authorizations to others. No otherwise authorized
disclosure may be made until the proposed recipient of the disclosure has
demonstrated familiarity with the security requirements for usage of the
authorizations and agreed to comply with them.
b. The user
must strive to understand the level of protection each electronic information
system automatically applies to files and supplement that protection, if
necessary, for sensitive information.
c. The
microcomputer user must be aware of computer viruses and other destructive
computer programs, and take steps to avoid being either their victim or
propagator by using up-to-date anti-virus software (
d. Use of
computers by individuals implies that they accept responsibility for protecting
any information (processed and/or stored under directories or accounts assigned
to them) which is derived from restricted, licensed, or proprietary
information.
2.
Confidentiality of Stored Information
a.
Information stored on electronic information systems is considered
confidential, whether protected by the computer system or not, unless the owner
intentionally makes that information available to other groups or individuals.
The University assumes that computer users wish the information they store on
central and campus shared computing resources to remain confidential.
b. Requests
for the disclosure of confidential information outside the University will be
governed by the provisions of law, including but not limited to the Family Educational
Rights and Privacy Act of 1974, the State Records Act, and the Illinois Freedom
of Information Act. All such requests will be honored only when approved by
university officials who are the legal custodians of the information requested,
or when required by state or federal law, or court order. A current statute
which protects the electronic mail users is the federal Electronic
Communications Privacy Act of 1986. This law basically protects messages while
in transmission on a public mail service as well as after messages are received
and stored on that service.
3.
Inappropriate Usage
Computing
and networking resources may be used only in accordance with accepted
University practice. Examples of inappropriate and unacceptable use of
computing and networking resources include:
a.
harassment of other users;
b. destruction of or damage to equipment, software, or data belonging to the
University or other computer and networking users;
c. disruption or unauthorized monitoring of electronic communications;
d. violations of computer system security;
e. unauthorized use of computer accounts, access codes, or network
identification numbers assigned to others;
f. use of computer and/or network facilities in ways that impede the computing
activities of others;
g. use of computing facilities for personal or business purposes unrelated to
the mission of the University;
h. violation of copyrights and software license agreements;
i. violation of the usage policies and regulations of the networks of which the
University is a member or which at least has authority to use;
j. violation of another user's privacy;
k. academic dishonesty such as plagiarism or cheating;
l. accessing, or attempting to access, another individual's or entity's data or
information without proper authorization regardless of the means by which this
access is attempted or accomplished;
m. giving another individual the means to access data or information they are
not authorized to access;
n. obtaining, possessing, using, or attempting to use passwords or other
information about someone else's account;
o. inspecting, modifying, distributing, or copying data, mail messages, or
software without proper authorization, or attempting to do so;
p. tapping phone or data lines.
4.
Electronic Mail. The University considers electronic mail to be a confidential,
direct communication between sender and receiver(s). Accordingly, it should not
be monitored, observed, viewed, displayed, or reproduced in any form by anyone
other than the sender or intended recipient(s). E-mail users should exercise
the same restraint and caution in drafting messages that they would when
writing a formal memorandum using University letterhead and assume that their
messages will be saved and be seen by someone other than the original
addressee. Electronic mail may be disclosed to others with a need to know under
law and University policy. Examples include:
a.
incidental disclosure to technicians or supervisors during maintenance or
repair procedures;
b. disclosure to internal or external auditors pursuant to their audit
programs;
c. disclosure to adverse parties in civil lawsuits pursuant to mandated
discovery procedures, or to attorneys for the University for use in preparing a
defense against such suits;
d. disclosure to administrative, regulatory or law enforcement authorities
discharging their mandated functions, or to attorneys for the University for
use in defending against charges or sanctions;
e. disclosure made for the purpose of resolving internal disputes including but
not limited to those arising under grievance policies; parking and traffic regulations;
student conduct codes; academic admissions, retention, grading and degree
awards policies or practices; patent and copyright policies; indemnification
policy liability and self-insurance programs; electronic information systems
policies, and any external appeals of unresolved internal disputes.
5.
Sanctions. Violation of the policies described herein for use of computing
resources will be dealt with seriously. Violators are subject to disciplinary
procedures of the University and, in addition, may lose computing privileges.
Illegal acts involving the University's computing and networking facilities may
also be subject to prosecution by state and federal authorities.