Information Security Standards

PRIVACY

GENERAL

Privacy procedures are mechanisms used to establish the limits and expectations for the users of University information resources. The general right to privacy is extended to the electronic environment to the extent possible. Privacy is mitigated by the Texas Public Information Act, administrative review, computer system administration, and audits. Contents of electronic files will be examined or disclosed only when authorized by their owners, approved by an appropriate University official, or required by law.

APPLICABILITY

This procedure applies to electronic files created, sent, received, or stored on information resources owned, leased, administered, or otherwise under the custody and control of the University. The purpose of this procedure is to provide a set of measures that will mitigate information security risks associated with privacy issues. The intended audience for this procedure is all users of University information resources.

PROCEDURES

1. Privacy of information shall be granted to users of University information resources to the extent possible. However, there should be no expectation of privacy beyond that which is expressly provided by applicable privacy laws.

2. To manage the efficient operation of information systems, appropriate security practices, and issues relating to inappropriate or illegal use of information resources, the University may log, review, and otherwise utilize any information stored on, or passing through, its information resource systems. All such actions shall be in accordance with the provisions and safeguards provided in the Texas Administrative Code 202, Information Resource Security Standards, and other applicable rules and laws.

3. The University collects and processes many different types of information from third parties. Much of this information is confidential and shall be protected in accordance with all applicable laws and regulations (e.g., Gramm-Leach-Bliley Act, Texas Administrative Code 206).

4. Users shall not attempt to access any University data or systems that they do not have authorization or explicit consent from the owner or appropriate University employee to access.

5. University websites available to the general public shall contain a Privacy Statement.

HISTORY

Last Updated March 31, 2014