Policy Regarding Access to Personal Computers

Computer and network use have become an essential part of many University activities. Since much computing is now done on privately controlled computers (personal computers, workstations, and WBT), end-users should protect, preserve, and extend the useful life of the University’s valuable computing resources. Assigned personal computers to individuals should remain with those individuals while those individuals are affiliated with the University to provide uninterrupted use of personal computers.

PRIVACY POLICY
The University does not condone censorship, nor does it endorse the systematic inspection of electronic files or monitoring of network activities related to individual activities. However, there are legitimate reasons for persons other than the account holder to access computer-based files or network traffic: ensuring the continued integrity, security, or effective operation of University systems; to protect user or system data; to ensure continued effective departmental operations; to ensure appropriate use of University systems; or to satisfy a lawful court order.

Alabama A & M University information technology administrators and technicians may not access or facilitate access to the computer accounts or associated network traffic of someone other than the person to whom that personal computer account or computer is assigned. This includes:
 •  an individual’s electronic mail or electronic mail files stored on University-owned devices or on personally-owned devices on University property (e.g., residence hall rooms);
 •  an individual’s files in other computer accounts stored on University-owned devices or on personally-owned devices on University property (e.g., residence hall rooms),
 •  files and materials on an individual’s assigned University office computer, or
 •  network traffic to-and-from University-owned computers or personally–owned computers on University property.

A technician or administrator may access or permit such access if he or she:
1. has written permission from the individual to whom the account has been assigned; or
2. has a reasonable belief that materials in the account are causing or will cause significant system or network degradation, or could cause loss/damage to system or other users' data; or
3. receives a written authorization from the appropriate campus President, for situations where there is reasonable belief that the individual account holder is involved in illegal activities using the accounts or computers in question; or
4. receives a written authorization from the appropriate campus President, for situations where there is reasonable belief that the individual account holder is involved in violations of University policies using the accounts or computers in question; or
5. receives a written request from the senior executive officer of a department to access the account of a staff or faculty member who is deceased, terminated, or is otherwise incapacitated or unavailable, for the purposes of retrieving material critical to the operation of the department; or
6. receives a written request from the appropriate campus Dean of Students or equivalent, on behalf of the parents or estate manager of a deceased student;
7. receives a legal court order and subsequent direction from University Counsel, or
8. receives other legal documents and subsequent direction from University Counsel.

In the event that University officials are notified of a University or law enforcement investigation for alleged misconduct or illegal activity on the part of a member of Alabama A & M University, contents of that person’s e-mail, other computer accounts, office computer, or network traffic may be copied and stored to prevent destruction and loss of information. Except when inappropriate or impractical, the individual will receive prior notice of such action. Subsequent release of the stored materials must be in accordance with the above listed access criteria.

System generated information ("metadata") such as operating system logs, user login records, network activity logs, email logs, and auditing logs may be used for the purposes of monitoring system and storage utilization, problem troubleshooting, security administration, incident investigation, and in support of formal audits. However, information such as this and other information available only to persons with system privileges will be held in confidence.

Any intrusive or restrictive actions taken by the University related to information technologies will be in accordance with guidelines and procedures set forth in applicable University policies, codes, or laws. Laws include (but are not limited to) the Electronic Communication Privacy Act, the No Electronic Theft Act, and the Digital Millennium Copyright Act.

PROCEDURE REFERENCE
Where possible and feasible, technicians receiving requests for access to computer accounts, files, or network traffic by persons other than the account holder must consult with the Director of ITS or their designated representative, prior to granting the access. The Director will ensure that that the provisions of this policy have been followed. Where prior consultation is not possible, the Director or their designated representative will be informed as soon as possible after the access is granted.