Barnard College operations require the sensitive information of students, faculty, staff and others. The college has a high business dependency on this information and a robust security posture must be in place to protect the confidentiality, integrity and availability of this data but also maintain access to it as necessary. This policy is designed to codify data privacy expectations.
The college affirms that the mutual trust and freedom of thought and expression essential to the academic mission of a college rest on a reasonable expectation of privacy, and that the privacy of those who work, study, teach, and conduct research in a college setting will be respected. This policy is intended to highlight some general principles that should help to define the expectations of privacy of those in the college community.
Barnard's General Counsel is responsible for the maintenance of this policy and for responding to questions regarding this policy. The college reserves the right to amend this policy at any time.
This policy applies to all individuals who access, use, or control college resources. Those individuals covered include, but are not limited to, staff, faculty, students, those working on behalf of the college, guests, tenants, visitors, and individuals authorized by affiliated institutions and organizations.
The college provides computers, user accounts, email accounts, networks and other resources to faculty, staff and students for the purpose of furthering the college's academic mission and conducting college business. While incidental and occasional personal use of such systems, including e-mail and voice mail, is permissible, personal communications and files transmitted over or stored on college systems are not treated differently from college related communications.
As is the case for information in non-electronic form stored in college facilities, the college's need for information will be met in most situations by simply asking the author or custodian for it. However, the college reserves the right, consistent with this policy, to access, review and release information that is transmitted over or stored in college systems or facilities.
When access, review or release of information is required, an officer of the college may request access to a user’s resources without the consent of the assigned user when there is a reasonable basis to believe that such action:
The office of the general counsel is responsible for obtaining the final approval of requests and for maintaining a record of the authorized searches.
Requests for access to the private information of faculty, students and staff will follow the procedure below:
Due to the sensitivity of the requests, it is crucial that the parties involved in this process do not disclose any information about the request to anyone not involved in the processing of the request.
Electronic resource use is subject to many laws and regulations. Suspected violations of applicable law are subject to investigation by the college and possibly law enforcement officials. Among the applicable laws are:
Violations of these policies are adjudicated according to the procedures defined in the student, faculty or employee policies and procedures and may result in the removal of electronic Resources access and/or more serious sanctions.
Data is a stored collection of information that may include symbols, words, sounds or images.
Resources include data, networks, computers, paper files, and other Resources provided by the college.
Users refer to faculty, staff, students and any other individuals that may have access to the college’s electronic Resources.
Sensitive Information is any information whose disclosure could cause harm to the college or its constituents including Personally Identifiable Information and Proprietary Information.
Personally Identifiable Information is nonpublic information relating to an individual that reasonably identifies the individual and, if compromised, could cause significant harm to that individual or to the college. Examples may include, but are not limited to, Social Security numbers, credit card numbers, bank account information, student grades or disciplinary information, salary or employee performance information, donations, patient health information, information that the college has agreed to keep confidential and account passwords or encryption keys used to protect access to confidential college data.
Proprietary Information is data, information, or intellectual property in which the college has an exclusive legal interest or ownership right, which, if compromised, could cause significant harm to the college. Examples may include, but are not limited to, business planning information, financial information, trade secrets, copyrighted material, research or comparable materials from a third party that the college has agreed to keep confidential.
Policy Issued: 11/12/2013