This policy addresses requests for access by a third party to any electronic data stored in user accounts of employees in Student Affairs on University-owned computer systems and data devices of any kind.
This policy safeguards the privacy of electronic data stored in user accounts by establishing controls over access to such data, including limiting the conditions under which that data may be accessed or disclosed to a third party.
Requirements and Process
- A decision to disclose data in an employee user account will involve consultation with the Vice President of Student Affairs and other senior leadership in the Division as appropriate. The Duke IT Security Office as well as the Office of University Counsel may also be involved in a decision to disclose data.
- Electronic data may be accessed or disclosed only in the following limited circumstances:
a) In response to a court order or other legal papers;
b) In the investigation of a legal or policy violation;
c) In the event of a health, safety or imminent risk emergency; or
d) To maintain the operation and security of the Duke network.
- When a staff member leaves employment in a Student Affairs department:
a) Ensuring that an employee has moved business-related documents and other data from personal user accounts to department-accessible locations should be part of each department’s departure procedures.
b) The ITS staff is available by appointment to assist users and supervisors with data transitions.
c) User accounts on Division servers and other devices will be closed and data contained therein, no longer accessible, upon departure.
The Student Affairs Information Technology Services office, being charged with the security of division data is required to access data stored on division computer systems and data devices as a part of routine business operations. This access includes, but is not limited to, manual and automated data access to perform computer system maintenance and security audits. In addition to this Division policy, the ITS staff is subject to a supplementary University confidentiality agreement that governs disclosure of electronic data.