Approved December 2003
Act 1799 of 2003 requires all institutions of higher education adopt an Electronic Communication Privacy policy governing electronic communications originated or received by a faculty member, staff member, or a student that is transmitted over the institution's computer network system. Electronic communication includes any electronic mail message transmitted through the international network of interconnected government, educational, and commercial computer networks, and includes messages transmitted from or to any address affiliated with an Internet site. Amended for GDPR under General Data Protection Regulation (EU) 2016/679 effective May 25, 2018.
Privacy and Related Issues
E-mail is not a confidential medium and users are discouraged from sending any confidential information via the e-mail medium. If it is found necessary to send confidential information via e-mail, the following confidentiality statement should appear in the body of the e-mail:
This communication and any files or attachments transmitted with it may contain information that is confidential, privileged and exempt from disclosure under applicable law. This communication is intended solely for the use of the individual or entity to which it is addressed. If you are the intended recipient of this information, please treat it as confidential information and take all necessary action to keep it secure.
If you are not the intended recipient, you are hereby notified that any use, dissemination, forwarding, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender at once so that appropriate action may be taken to protect the information from further disclosure.
University Attempts to Protect Confidentiality
The university attempts to protect the confidentiality of personally identifiable electronic communications by the following methods:
- Recommending the use of more secure media than standard e-mail for the transmission of confidential information (e.g., PGP Keys or other encryption methods) and providing a "secure mail" option in the Internet email client.
- Requiring a confidentiality statement in each e-mail containing confidential information.
- Requiring all users to obtain a username and password from the university in order to have the ability to use university e-mail.
- To assist in protecting all information, users must adhere to the published password policies and guidelines to ensure strong and consistent password creation.
- Encouraging employees not to leave computers on and unattended.
- Encouraging employees to use encryption software when transmitting confidential e-mail or documents, or "lock files" when appropriate.
- Providing firewalls and other pertinent hardware and software methods to protect the e-mail system from external intrusions.
Additional Information Regarding Privacy
In addition to the provisions outlined in this policy, individuals who expect to have access to confidential information should familiarize themselves with the Family Education Rights and Privacy Act (FERPA) a copy of which is located at the following Web address: http://www.ed.gov/offices/OII/fpco/ferpa/
Additional Information Regarding GDPR (General Data Protection Regulation (EU) 2016/679) (May 25, 2018)
Your rights if you are identified as a 'data subject' within the regulations of the GDPR
When using our website, communicating with us and/or submitting personal data to us, you may have certain rights under the General Data Protection Regulation (GDPR) and other laws. Depending on the legal basis for processing your personal data, you may have some or all of the following rights:
-
The right to be informed
- You have the right to be informed about the personal data we collect from you, and how we process it.
-
The right of access
- You have the right to get confirmation that your personal data is being processed and have the ability to access your personal data.
-
The right to rectification
- You have the right to have your personal data corrected if it is inaccurate or incomplete.
-
The right to erasure (right to be forgotten)
- You have the right to request the removal or deletion of your personal data if there is no compelling reason for us to continue processing it.
-
The right to restrict processing
- You have a right to ‘block’ or restrict the processing of your personal data. When your personal data is restricted, we are permitted to store your data, but not to process it further.
-
The right to data portability
- You have the right to request and get your personal data that you provided to us and use it for your own purposes. We will provide your data to you within 30 days of your request. To request your personal data, please contact us using the information at the top of this privacy notice.
-
The right to object
-
You have the right to object to us processing your personal data for the following reasons:
- Processing was based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
- Direct marketing (including profiling); and
- Processing for purposes of scientific/historical research and statistics.
- Rights in relation to automated decision-making and profiling.
- Automated individual decision-making and profiling
- You will have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
-
You have the right to object to us processing your personal data for the following reasons:
-
Filing a complaint with authorities
- You have the right to file a complaint with supervisory authorities if your information has not been processed in compliance with the General Data Protection Regulation. If the supervisory authorities fail to address your complaint properly, you may have the right to a judicial remedy.
For details about your rights under the law, visit https://gdpr-info.eu/
Faculty Staff and Students
All electronic systems owned by the university and the use of electronic tools on them such as e-mail and the Internet are for university business and educationally-related purposes only. All data, communications, and information, including information transmitted or stored on the university system are subject to inspection or monitoring at any time by authorized university officials.
Examples where authorized university officials may access or enter electronic files (including e-mail files) and disclose the information contained in them, include, but are not limited to:
- Pursuant to a valid search warrant, court order, or Freedom of Information act request;
- Emergency situations where the physical safety or well being of a person may be affected or university property may be damaged or destroyed;
- Reasonable cause exists to suspect a violation of law or university policy, including inappropriate use is occurring;
- If necessary to maintain the integrity of the computer system or to protect the rights or property of the university.
Inappropriate Use
Examples of inappropriate use of the university electronic systems include, but are not limited to:
- Creating, transmitting, executing or storing malicious, threatening, harassing, obscene or abusive messages, images, programs or materials;
- Any activity that negatively affects the use of university computer resources (eg. Games, excessive chat, etc.);
- Copying or transmitting copyrighted material, including, but not limited to software, music, movies or other material;
- Commercial or profit-making activities, including solicitation, that is unrelated to the university's mission;
- Violating university security, damaging university systems, or using computing privileges to gain unauthorized access to any university computer system or any computer system on the Internet;
- Any activity that violates federal, state, or local laws or university policies or regulations;
- Fundraising for any purpose unless approved by the Vice President for Development;
- Using anyone else's password(s) to gain access to university electronic systems;
- Removing or defacing hardware, software, or manuals from labs, offices, or other university facilities.
Misuse, violation of the university's e-mail policy, or other inappropriate use of the university's e-mail or computer network by faculty or staff may result in disciplinary action as set out in the faculty and staff handbooks and/or legal action.
Misuse, violation of the university's e-mail policy, or other inappropriate use of the university's e-mail or computer network by students may result in disciplinary action as set out in the student handbook and/or legal action.
For greater detail regarding appropriate and inappropriate use of university computers, please refer to the posted policy at https://support.atu.edu/a/solutions/articles/7000019369
Computer File Retention
• Computer files, including e-mail backup tapes, more than thirty (30) days old will be destroyed on June 30th and December 31 each year. If the university is involved in any litigation, legal counsel will be consulted before deleting files or
erasing backup tapes related to such litigation.
erasing backup tapes related to such litigation.
• E-mail messages, to the extent practicable, should be read and discarded promptly at the personal computer level. If an employee needs to retain a copy of an e-mail message for a longer period of time, it should be printed out or stored on
the computer's hard drive.
the computer's hard drive.
• E-mail messages, even though "deleted" by the employee, may be recoverable or may be retained on system backups indefinitely.
• The university will determine how to truly "delete" unwanted files or messages from the system and routinely "delete" those files and messages within thirty (30) days.
• The university will "delete" a previous employee's computer files and e-mail messages as well as any remaining backup tapes of that employee's files and messages within ninety (90) days after departure if the employee departs under normal
circumstances of resignation or transfer. If the employee is terminated for "cause" the university will immediately remove access to electronic communication and any electronic files or messages, including backup tapes, will be deleted as soon
as it is deemed reasonable by the university.
circumstances of resignation or transfer. If the employee is terminated for "cause" the university will immediately remove access to electronic communication and any electronic files or messages, including backup tapes, will be deleted as soon
as it is deemed reasonable by the university.
Last Updated (Monday, 03 May 2010 - 2:14:58 pm CDT) modified (Friday, 25 May 2018 - 1:35pm)