Policy Number: 03-05-014
Version Effective Date: June 10, 2010
Last Reviewed on: January 1, 2019
Policy Applies To: University wide
Responsible Office: Information Technology
INTRODUCTION AND STATEMENT OF PURPOSE
New Jersey City University cherishes the diversity of values and perspectives endemic in an academic institution and so is respectful of freedom of expression. The University does not condone censorship, nor does it endorse the systematic inspection of electronic files or monitoring of network activities related to individual activities. However, there are legitimate reasons for persons other than the account holder to access computer files or computers or network traffic: ensuring the continued integrity, security, or effective operation of University systems; to protect user or system data; to ensure continued effective departmental operations; to ensure appropriate use of University systems; or to satisfy a lawful court order.
An NJCU employee, consultant, or contractor (designated as “employee(s)”) as part of the nature of their work may encounter confidential information, particularly through the use of University computing facilities. Such confidential information may include academic records, compensation and other financial information. Personnel engaged in NJCU authorized activity shall not access, acquire, use, copy, or transfer confidential information except to the extent necessary to fulfill their assigned duties and responsibilities. Improper access to or unauthorized disclosure of confidential information may be a violation of federal law and could result in, among other things, loss of all federal financial assistance to the University.
This policy applies to all New Jersey City University faculty, students, and staff, including employee supervisors and administrators, computer and network technicians, and contracted workers who have been assigned the task of maintaining New Jersey City University information technology systems in central campus computing center, the data network, or in departments.
This policy covers:
Employees shall take all appropriate action, whether by instruction, agreement or otherwise, to insure the protection, confidentiality and security of confidential information. Persons who exceed their authority in using confidential information or who gain access to such information through unauthorized means, including the use of University computing facilities, should realize that their conduct is in violation of University policy and will be dealt with accordingly. Such conduct may also be in violation of state and federal law.
Stored computer information, voice and data network communications, and personal computers may not be accessed by anyone other than the person to whom the computer account in which the information has been stored is assigned, or from whom the communication originated, or to whom the device has been assigned, outside of the provisions of this policy.
The University considers any violation of appropriate use principles to be a serious offense and reserves the right to copy and examine any files or information resident on University systems allegedly related to inappropriate use. Violators are subject to disciplinary action including loss of all University computing privileges and possible criminal charges including civil damages. Offenders also may be prosecuted under various state & federal laws including (but not limited to) the Privacy Protection Act of 1974, The Computer Fraud and Abuse Act of 1986, The Computer Virus Eradication of 1989, Interstate Transportation of Stolen Property, and the Federal Electronic Communications Privacy Act. Access to the texts of these laws is available through the Reference Department of the Library. Violators may also cause the University to be liable to civil or criminal penalties.
KEY PERFORMANCE INDICATORS
The following success of the policy will be assessed annually using the following quantifiable measures:
A technician or administrator may access or permit access to the resources described above, if he or she
In the event that University officials are notified of a University or law enforcement investigation for alleged misconduct or illegal activity on the part of a member of the NJCU community, contents of an individual's e-mail, other computer accounts, office computer, or network traffic may be copied and stored to prevent destruction and loss of information, pending formal review of that material. Subsequent release of the stored materials must be in accordance with the above-specified criteria.
Except when inappropriate or impractical, all efforts will be made to notify the involved individual prior to accessing the computer account or device, or before observing network traffic attributed to them. Where prior notification is not appropriate or possible, all efforts will be made to notify the involved individual as soon after
Transgression of policy should be reported to the Department of Information Technology.
DATE TO INITIATE REVIEW AND UPDATE
As deemed necessary or appropriate by the Policy Coordinator but at a minimum, at least every 5 years from the date of last review.