Confidentiality, Privacy, and Security
Appendix R of the Lafayette College Faculty Handbook. (As amended February 7, 2006, by faculty motion 05-11.)
Lafayette College cherishes freedom of expression and the value of privacy for all members of the Lafayette community. Private communication via computer is treated with the same degree of protection as other forms of private communication.
Information Technology Services (ITS) provides reasonable security measures against intrusion and damage to files stored on the central computing facilities. Current technology, however, is not capable of providing complete protection against unauthorized access. Therefore, the confidentiality of e-mail and other system files cannot be assured. In addition, members of the ITS staff may inadvertently see the contents of e-mail or user files due to address errors or as a result of maintaining the system. In such cases, ITS staff members are required to keep the contents of e-mail messages and user files confidential.
Users should be aware that e-mail is a written record and, once delivered, enters the control of the recipient and like other written documents may be admissible as evidence in internal and external proceedings. Messages and/or user files that have been deleted may be retained on the College’s system backup files as part of standard computing services procedures. All users should be aware of the system limitations and use reasonable caution when transmitting confidential materials.
By attaching personal computers or other devices to the College’s network, users consent to College use of scanning programs for security purposes on those resources while attached to the network.
Information technology systems routinely log user actions in order to facilitate recovery from system malfunctions and for system management purposes. The logs of user actions or other information obtained by the scanning programs for security purposes should be treated as confidential in the same manner that user files and e-mails are treated as confidential. ITS is required to post policies and procedures concerning logging of user actions, including the extent of individually-identifiable data collection, data security, and data retention.
Conditions of College Access
- when required to do so to preserve public health and safety;
- when necessary to preserve or restore system integrity or security;
- when required by federal, state, or local law; or
- when there are reasonable grounds to believe that system resources are being used in violation of law or College policy.
If any of the conditions described above is present, the CIO as well as one other senior officer of the College—the Provost (for faculty users), the Dean of Students (for student users), or the Vice President for Human Resources (for administrative or staff users)—must agree that there is sufficient cause to review a file or e-mail message before it can be accessed without the user’s permission. The appropriate senior officer of the College shall preserve this agreement in writing, identifying the sufficient cause and the file(s) or message(s) to be accessed. Once sufficient cause has been established, the appropriate senior officer of the College and the CIO may then have access to the file(s) or message(s). Information obtained in this manner is admissible in legal proceedings or in a College hearing. At the earliest possible opportunity that is lawful and consistent with other College policy, the appropriate senior officer of the College shall notify the affected individual of the action(s) taken and the reason for the action(s) taken.
The three senior officers of the College and the CIO shall report annually to the Faculty Academic Policy Committee on the effectiveness of this policy.