UAD User Privacy and Monitoring Concerns

Will this client software monitor my activities?

No, these software packages are used to manage computers, not collect data on user activities.  Modern computers automatically log many system events such as software and update installations, logins and system errors.  We use these logs to narrow down the source of computer issues and monitor for security intrusions.  These logs do not include user activity such as websites visited, files edited, etc.

 

Are there situations where IT staff may monitor the data, files or other activities on my computer?

US:IT staff are committed to maintaining the privacy and security of user data, files, and activities.

IT staff may need to access personal data or files in order to resolve technical issues reported by the computer’s user.  However, IT staff will coordinate such activities with the user.   IT staff may need to access a computer for security reasons, such as a security incident. .  Also, when replacing or upgrading a computer. IT staff may have access to user files for the purpose of transferring the files to the new computer.

The University sometimes has legitimate needs to access files on University-owned computers and cannot guarantee privacy. Appropriate purposes to access files include, but are not limited to maintaining student and course records, investigating data breaches, investigating violations of law, responding to public records requests in accordance with Maine law, federal Family Educational Rights and Privacy Act of 1974 requirements, litigation holds, subpoenas, addressing evidence of misconduct and other legal requirements.

What safeguards exist to ensure that the University does not unnecessarily access a user’s computer files, data, etc.?

All university IT staff are required to sign the  IT Staff Confidentiality Agreement  IT staff who violate this agreement, or other data privacy rules, are subject to disciplinary action.

In addition, the AFUM contract lays out and acknowledges the mutual interests and responsibilities related to the confidentiality and privacy of faculty information and files.

http://staticweb.maine.edu/wp-content/uploads/2013/08/AFUM_2015-2017.pdf?565a1d

Top of Page 5

M.1. The Association and the University mutually agree that files may contain materials to which unit members have privacy and intellectual property rights, to the extent provided in this Agreement, with the benefit, and subject to the provisions, of all applicable State and Federal laws. Files include, without limitations, paper files, electronic files, email, course files, creative works and personal files maintained in a University office or computer network or system, as well as University files maintained in a home office or personal computer or network. The University shall use good faith and customary efforts to safeguard the privacy and intellectual property rights of Unit members in accordance with this Agreement, including without limitation, Article 2, this Article, and any University policies related to information technology, intellectual property, applicable administrative practice letters, and to the extent provided by law. Cooperation between the Association, Unit members, and the University is essential for the implementation of these provisions.

 

M.2. The Association, Unit members, and the University mutually agree that the University has legitimate needs to access files and that the University cannot assure privacy. Appropriate purposes to access files include, but are not limited to maintaining student and course records, investigating data breaches, investigating violations of law, responding to public records requests in accordance with Maine law, federal Family Educational Rights and Privacy Act of 1974 requirements, litigation holds, subpoenas, addressing evidence of misconduct and other legal requirements. The University shall not capriciously, unreasonably, or unnecessarily access files that contain information about or are created or maintained by a Unit member. Nothing within this section prevents the University from taking necessary actions to protect its systems and data from malicious or inappropriate files or activity.

 

May I remove the SCCM or JAMF software from my university-owned computer?

No, not without written permission from US:IT.  The Board of Trustees, Information Security Policy section 4.1.3, prohibits the removal of software installed by the University for legitimate computer management purposes, or the modification, without permission, of security settings and features.

Acceptable Use of Information Resources