Privacy Policy - implementation FAQ

For sections 3, 4 and 5 circumstances should be brought via Head of Computing first. For sections 4 and 5, Head of Computing will then contact ITO or school office as appropriate to say that consent is being requested from individual and will keep up-to-date with whether consent is granted.

The policy refers to "The person authorised to access the account". I presume this doesn't just mean a member of the IT staff?

Access under this policy should be performed by two people working together.

Where access has been requested by someone other than a member of computing staff (the "Requestor"), it is envisaged that a member of computing staff would sit at the keyboard doing the accessing/searching with the Requestor issuing instructions of where to look. If required, a copy of the data would then be made for the Requestor; file system access rights to the original file(s) would not be given to the Requestor.

Where potential abuse of systems is being investigated, two members of computing staff should work together in accessing/searching, producing notes of what has been looked at.

Section 2.3 says should only see what data is asked for, but that's hard to achieve if we're looking for something}

Yes, this is inevitable. The intention is that the two individuals accessing the data will make efforts to minimise access to other data.

What does "the investigating computing officers will record that the ... data is being accessed" mean?

The investigating COs will record what investigations have been made. In the case of students, they will inform the ITO or graduate school of those investigations. In the case of staff, the school office will be informed.

Permission will be sought in writing from the Head of School - does an email count?

In most cases an email, backed up by verbal communication, should be sufficient. However, if there is a possibility that the actions might result in legal proceedings the permission should be in writing. University may well have right to access files anyway ?

What status does data stored as part of an archive or general backup have?

Exactly the same status as on-line material. We should be encouraging a culture whereby staff leavers extract any files, from their home directory, that might be of use to the School in the future; we already do this for undergraduates.

Access to student accounts for purpose of assessment allowed ?

No it shouldn't be, but we need to discuss this with Head of Teaching.

-- AlastairScobie - 22 Jun 2009

Topic revision: r1 - 22 Jun 2009 - 09:14:05 - AlastairScobie
 
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
This Wiki uses Cookies