Data created, stored, or maintained by or on behalf of the University. Data created, stored, or maintained by or on behalf of the University.

Non-University devices that store Covered Data are devices not owned by the University that handle or store Covered Data or information. For example, personal laptops or cell phones that process or store University documents, files, emails and attachments, research data, voice mails, text messages, and associated metadata. In some circumstances, the University may be required to access data on a personal device.

The geographic location or type of network does not change the applicability of the University Information Technology policies. The policies apply to all University-funded devices and all devices and services that handle or store Covered Data or information. The geographic location or network ownership of the device does not change the policy’s applicability.

Some examples of the incidental personal use of information technology resources include the following:

• Sending and receiving emails to friends and family
• Taking personal phone calls using a University phone
• Preparing a personal tax return on a University laptop
• Visiting web pages or streaming videos using your University laptop or over the University network

No. The University of Chicago is a non-profit organization, and its assets are to be used in furtherance of its research and education missions. In addition, most University software and services are licensed only for non-profit use for University purposes. Limited incidental use of office space and equipment for personal purposes or in connection with permitted consulting activities is permissible so long as such use is modest and does not interfere with the conduct of University business. Examples of permitted uses include sending a personal email, working on a personal document, or taking a personal phone call. If an individual runs a business that routinely sells goods or services, then they should purchase separate technology resources for or on behalf of the business.

Some examples of activities that are not “incidental personal use” are:

• Using University resources to operate a personal file-sharing server.
• Using University-provided technology to operate or sell goods or services for a commercial business.
• Hosting a website on the University web servers for non-UChicago organizations (e.g., a business or unaffiliated not-for-profit entity), for political functions, or for other activities unrelated to the mission of the University.
• Using a university-provided server or information technology service for non-university tasks.

These details are covered in the FAQ for Policy on Information Technology Resources and Account Privacy (ITS-003).

The following are examples of when the University may need to access, preserve, or review information in University information technology resources:

• If the University receives a subpoena for an individual’s records in connection with a lawsuit
• If a student makes a request for their education records stored on University computers
• If the University has a legal or regulatory obligation to preserve or disclose information stored on University computers
• If the University must respond to an imminent threat to other users or to the University’s technology infrastructure. For example, if the University is responding to an information security incident or physical security threat, it may be necessary to access information on information technology resources.