| Policy Title | Electronic Privacy |
|---|---|
| Responsible Office | Information Technology Services (ITS) |
| Policy Type | Information Security |
| Policy Number | 304 |
| Last Revision Date | 8/15/2023 |
Introduction
The Binghamton University community relies on technology for study, teaching, research, work and other activities. Our community uses multiple electronic systems, networks and devices that are owned, operated or administered by the University. To promote transparency and trust, this policy sets forth guidelines and processes that apply when the University seeks access to electronic information stored on or transmitted through these systems, networks and devices. This policy is intended to establish internal standards and procedures governing such access by the University; it is not meant to create rights in any individual to seek legal redress for action inconsistent with the policy.
Policy Statement
Privacy and Confidentiality
To the extent permitted by law and university policy, Binghamton University maintains and protects both the privacy of individuals and the confidentiality of official information stored on its information technology (IT) systems. While the university permits limited incidental use of its IT resources, users of those resources do not acquire an expectation of privacy in communications transmitted or stored on university information technology resources. When information needs to be accessed, it should be accessed for legitimate purposes by authorized personnel and limited, as much as feasible, to the access purpose.
In order to comply with state or federal law, university officials may access stored information as described below.
Exceptions to Privacy of Information
Data traversing or stored in university systems are subject to disclosure requests under public records law, under subpoena, and in the discovery process in litigation. Binghamton University may preserve, access, monitor, or disclose information containing all classes of data as described in the University’s University Data Classification policy (Policy 300.2) residing on its information networks and systems in the following situations:
State and Federal Law
All information including the personal, academic, or research data and files residing on university systems is subject to state and federal laws and regulations requiring its disclosure, including laws on public records, court-ordered disclosure, and discovery in litigation.
Proxy Access to Accounts Necessary to Conduct Business or Research
Faculty and staff may need access to accounts of other faculty and staff to conduct university business or further research when those individuals are not available to grant access. Approval to access the account should be given either by prior proxy access to the individual's account or by written recommendation and justification by the individual's department chair or director and approval by the appropriate Division Head or president acting on the basis of university policy and law.
Investigations
Binghamton University may preserve, access, or monitor accounts and equipment during the course of an investigation of misconduct, violations of law, or violations of university policy In accessing the account or equipment, university officials are expected to avoid accessing information that is personal and irrelevant to the investigation.
Official University Business
As part of their assigned responsibilities, Binghamton University faculty, staff, and other authorized data users may have access to all classes of data and are restricted to using it only for purposes associated with the requirements of their position.
Internal Administrative Disclosure
Disclosure or use of any information containing data with a restricted or sensitive data classification for extraordinary circumstances must be approved in writing by the appropriate Division Head or president acting on the basis of university policy and law.
Maintenance of Binghamton University Network and Systems
Binghamton University reserves the right to maintain its information systems; to audit networks and systems on a periodic basis to ensure compliance with security policies; and to locate and resolve security breaches or other situations that potentially impact the reliability, robustness, or security of the campus network and systems infrastructure. Individuals performing these functions or others may have access to information containing all classes of data and are restricted to using it only for purposes associated with their position.
Legal Disclosure Requests
Binghamton University must preserve, access, and disclose information contained in its IT systems in response to a lawfully issued records request, subpoena, court order, or other compulsory legal process (“disclosure request”). To the extent possible and practical, the account holders for email and electronic files will be notified in advance of access or disclosure, unless Binghamton University is otherwise directed by lawful order.
When appropriate, the Records Access Officer, an attorney in the office of University Counsel, or the Assistant Vice President for Research Compliance may order preservation of electronic records to comply with a disclosure request or to preserve records for purposes that may relate to pending investigations or litigation.
Once the appropriate Division Head or president grants approval, an attorney in the office of University Counsel may request data custodians conduct targeted searches of electronic files to find material relevant to the disclosure request. In accessing the files, University Counsel shall limit access to material that is relevant to the disclosure request.
Health and Safety Emergency
In the event of a health or safety emergency, Binghamton University may preserve, access, or disclose information containing all classes of data necessary and relevant to addressing the emergency situation at the request of the Chief, Assistant Chief, or Deputy Chief of University Police, an attorney in the office of University Counsel, University Vice President or President.
Authorization
Binghamton University may preserve, access, or disclose information containing all classes of data relating to an employee upon the written authorization of the employee.
