Greenville University Information Technology

Policy on Data Security and Privacy



Accounts

Access to GU IT resources is controlled through the use of account credentials and the permissions that are associated with those credentials. Greenville University provides account credentials to all members of the Greenville University community. All University-provided accounts are required to have a password. The account holder is responsible for guarding against unauthorized use of their account and is responsible for any activity originating from their account. Account holders must not leave any of their accounts “logged in” and unattended. If the account holder discovers that another individual accessed their account without authorization, they must immediately report the intrusion to the Information Technology (IT) department. Account credentials are not to be shared with any other individuals, including family members.


Data Ownership

By their very nature, GU IT resources exist to be used for the creation, dissemination, consumption, and archival of data. Ownership of this data can be a confusing, and sometimes contentious, topic, and is defined differently for various types of data and for various roles within the University community.


Unless stated otherwise in this policy, data created by, or intended for, any individual using GU IT resources is the property of Greenville University.


However, there are some exceptions to this general statement:


Faculty

As a natural part of their role, faculty at Greenville University will create a great deal of scholarly data using GU IT resources. This scholarly data is the property of the faculty member who created it, and is not the property of Greenville University, unless a specific agreement is in place transferring ownership of the data to Greenville University.


Students

In the course of their college career, Greenville University students will create many papers, reports, projects and other data for their classes using GU IT resources. This student-created data is the property of the student who created it, and is not the property of Greenville University, unless a specific agreement is in place transferring ownership of the data to Greenville University.


Email messages sent or received by Greenville University students and alumni within the panthers.greenville.edu domain are the property of the sender and/or receiver of the messages.


Many times students will also be employed by Greenville University. Any data created by a student using GU IT resources in the course of their duties as a student employee of Greenville University, excepting scholarly data created by a student employee under the supervision of a faculty member, is the property of Greenville University.


Personal Data

From time to time, it is likely that faculty, staff and students will create data, using GU IT resources, that is not work-related, student academic-related, or scholarly. This incidental personal data is the property of the individual who created it, and is not the property of Greenville University.


Overall System Security

Members of the Greenville University community are required to report any breaches, possible breaches, or security vulnerabilities of which they become aware, of any GU IT resource, to the IT department or to the Director of Information Technology. Any attempt by an individual to access, copy or modify security information or to obtain account permissions beyond those that have been granted, or perform any action that interferes with the management or operation of GU IT resources, or is likely to have such effects, is prohibited. The Greenville University Information Technology Department will assume leadership, responsibility, and control of responses, in conjunction with the senior administration of Greenville University, to unauthorized access to GU IT resources, unauthorized disclosure of data, and security breaches of GU IT resources.


Data Privacy

The Greenville University data infrastructure must be managed for the entire university community in a manner that attempts to preserve a level of privacy and confidentiality in accordance with relevant laws, regulations, and university policy. All account holders are expected to honor the privacy of data which they do not have permission to access. However, Greenville University cannot guarantee the privacy of data that exists on GU IT resources, whether the data is work-related, scholarly, student academic-related, or personal. Data ownership, as outlined in this policy, does not confer any expectation of privacy.


No member of the Greenville University community may access data that exists on GU IT resources unless their account has permission to access that data, except when, in specific, limited circumstances, Greenville University Information Technology personnel must access data that exists on GU IT resources.


GU IT personnel may access data that exists on GU IT resources when:

  • Access permission is granted to GU IT personnel by an account holder who already has permission to access the data

  • Access permission is granted to GU IT personnel by a senior administrator at Greenville University

  • A situation occurs that causes GU IT personnel to believe that an active process has the potential to negatively impact the operation of any GU IT resource


Data Privacy and Email

The concept of data privacy as it relates to email creates a unique situation due to the implicit expectations of the sender of the email. The sender must be able to trust that no person other than the addressed recipient(s) will have initial access to the content of the message. Furthermore, the sender has an expectation that the recipient(s) will use their best judgement to evaluate the content of the message when determining if that message should be shared with any other individuals. Because of the implied burden placed on the recipient to protect the privacy of the sender, no party may grant another party full access to the first party’s email account. If it is necessary for multiple individuals to have access to a single email account, an account with a name that makes it clear that the account is being shared is the only acceptable solution.


Definitions

GU IT Resources – any

  • Computing device

  • Data storage device

  • Production device (e.g. printer, copier, 3D printer, monitor, projector)

  • Data network device

  • Telephone network device

  • Data transmission medium (e.g. cabling, wireless network transmissions)

  • Software application

  • Email system operated within the greenville.edu domain

  • Set of account credentials

which is owned or licensed by Greenville University


Data – any information processed, stored and/or transmitted electronically


Policy Maintenance

Policies may be updated and modified from time to time. The latest approved version of this policy will be posted on the Greenville University web site. This draft of the policy was produced and is considered to be in effect as of 6/19/2015.


Attribution

Portions of this policy have been adapted from policies developed and published by Cornell University, Indiana University, and the University of Michigan.