Policy on Information Technology Resources and Account Privacy Frequently Asked Questions

In some cases, such as an imminent threat or substantial risk, the University must address the issue immediately to prevent harm to the University community or other affected individuals.

In some cases, the University may be required only to preserve an individual’s electronic information while in others it may be necessary to access and review the information. For example:

• The University may initiate a litigation or legal hold requiring preservation of certain information. A litigation or legal hold is a process that the organization undertakes to preserve all data that might relate to current or potential legal action involving the University or individuals at the University. The University may be legally required to preserve relevant data when it learns of a triggering event, such as a pending or imminent legal action, or when litigation is reasonably anticipated, e.g., when an accident with serious injuries has occurred.
• Access requests typically arise when an academic or administrative unit has an operational need for access to information created or maintained by an individual who has departed the University. For example, if an individual’s information is necessary to meet obligations under a federal grant or contract or to ensure important University business is not interrupted.

When screening reveals information not pertinent to the matter at hand, it is excluded from the information provided to the requesting party.

The Office of Legal Counsel maintains a log that records the following information:

• who made a preservation or access request;
• the date of the request;
• the substance of the request;
• who was consulted in connection with making the decision;
• the decision itself;
• whether the user was notified and when;
• who else at the University was informed of the request,
• the decision or the data/information gathering;
• and when the information was gathered and disclosed to the requesting party.

The Office of Legal Counsel will confer with the relevant University offices before approving, rejecting, or modifying data access requests for the following roles:

• Academic appointees: Office of the Provost
• Students: The applicable Dean of Students and/or the Office of the Vice President of Campus and Student Life
• Staff employees and volunteers: Human Resources
• Other academic appointees and postdoctoral researchers: Respective dean’s office.
• Research: Respective Institutional Review Board

The following are examples of when the University may need to access, preserve, or review information in University information technology resources:

• If the University receives a subpoena for an individual’s records in connection with a lawsuit
• If a student makes a request for their education records stored on University computers
• If the University has a legal or regulatory obligation to preserve or disclose information stored on University computers
• If the University must respond to an imminent threat to other users or to the University’s technology infrastructure. For example, if the University is responding to an information security incident or physical security threat, it may be necessary to access information on information technology resources.