IT Privacy and Monitoring Policy


Application


This policy and the supporting IT Privacy and Monitoring Guidelines apply to all members of the University community whether at the University or elsewhere, and refers to all IT resources.

Purpose


The University respects the privacy of its users and seeks to foster a climate free from arbitrary or capricious monitoring of employees and the records they create, use or control. However, because the University provides some latitude for IT users to conduct University business off-campus and to conduct personal matters at their place of work, University data and private data may be located in the same place. IT users should consider issues of privacy when storing their own data on University IT resources.

The University must at times access data and monitor IT resources. This policy identifies the special circumstances in which an authorised IT user may access another person’s private data that is held on IT resources.

Policy


  1. Authorised IT users may access or monitor the content of private data where lawfully and reasonably required to do so by the University, including in the following circumstances:
  • where the University has the permission of the IT user
  • where the University is required by law to disclose data held on IT resources
  • when the University has reasonable grounds to suspect that the law or any University statute or policy may have been breached
  • to avert reasonably anticipated significant threats or hazards to IT resources
  • when it is necessary for the University to determine whether data under the control of an IT user are University data, and the IT user is either unavailable or unwilling to give consent to access such data

Definitions


The following definitions apply to this policy:

Authorised refers to an IT user who has been given permission to access the requested data by a member of SMT, the Director IT Services or the Director IT Strategy Policy and Planning

IT resources refers to any University owned or operated hardware or software and the data that is used or stored on it

IT user refers to any individual member of the University community using IT resources

Private data is all data that is not University data and is generated and/ or stored by an individual for their own use. Except as provided in any other University policy or agreement with the University, private data includes an IT user’s own research, teaching and learning materials

University means the University of Auckland and includes all subsidiaries

University community includes all staff members (whether permanent, temporary or part time), honorary staff, students (whether full time or part time), contractors, subcontractors, consultants, alumni, associates, business partners or official visitors or guests of members of the University or UniServices

University data refers to any data created, received, used, or maintained by an IT user in the normal course of his or her work on behalf of the University

Document management and control


Owned by: CIO

Prepared by: IT Risk and Strategy Manager

Approved by: The Vice-Chancellor

Date approved: January 2017

Review date: January 2020