Sam Houston State University
A Member of The Texas State University System
Information Technology Services (IT@Sam)

Privacy Policy: IT-27

PURPOSE:

The purpose of the Privacy Policy is to clearly communicate privacy expectations to SHSU information technology resource users. It will define standards for managing and enforcing security on any information stored or passing through SHSU information technology resources or any personally owned or third-party device that may be connected to a state-owned resource.

Internal users should have no expectation of personal privacy with respect to SHSU information technology resources. Information technology resources provided by SHSU are owned by the State of Texas and subject to state and SHSU oversight. The use of SHSU information technology resources may be monitored to manage performance, perform routine maintenance and operations, protect the integrity of SHSU information technology resources, perform security reviews, and fulfill complaint or investigation requirements. SCOPE: The Internal Privacy Statements apply equally to all individuals who use SHSU information technology resources or connect personally-owned devices to SHSU information technology resources. The Public Privacy Statements apply to members of the general public concerned about the types of information gathered and how that information is used.

POLICY STATEMENT:

SHSU Internal Privacy:

Electronic files created, sent, received, or stored on computers owned, leased, administered, or otherwise under the custody and control of SHSU are the property of SHSU. These files are not private and may be accessed by authorized IT@Sam employees and campus administration at any time without knowledge of the information technology resource user or owner.

To manage systems and enforce security, IT@Sam may log, review and otherwise utilize any information stored on or passing through its information technology resource systems in accordance with the provisions and safeguards provided in the Texas Administrative Code § 202 (TAC § 202), Information Resource Standards. For these same purposes, IT@Sam may also capture user activity such as websites visited.

Third party and customer information has been entrusted to SHSU for business purposes and all faculty and staff will do their best to safeguard the privacy and security of this information. Customer account data is confidential and access will be strictly limited based on business need.

SHSU Website Public Privacy:

SHSU maintains the www.shsu.edu website and other SHSU-owned or –hosted domains as a public service. SHSU detailed public privacy statement is available on the website (IT-S02 – Web Privacy and Site Link) regarding individual websites, data collection, public forums, and links to other sites.

For site management functions, information is collected for analysis and statistical purposes (please refer to SHSU Web Privacy and Site Link Policy). This information is not reported or used in any manner that would reveal personally identifiable information unless SHSU is legally required to do so in connection with law enforcement investigations or other legal proceedings.

For site security purposes and to ensure that the site remains available to all users, SHSU uses software to monitor network traffic to identify unauthorized attempts to upload or change information, or otherwise cause damage which is strictly prohibited and may be punishable under applicable state and federal laws.

Related Policies, References and Attachments:

An index of approved IT@Sam policies can be found on the SHSU Information Technology Services Policies website at http://www.shsu.edu/intranet/policies/information_technology_policies/index.html. Reference materials, legal compliance guidelines, and policy enforcement are available in the IT-00 Policy Compliance Document. The SHSU Information Security Program and SHSU Information Security User Guide are also available on the Information Technology Services Policies website.

Reviewed by: Mark C. Adams, Associate VP for Information Technology, January 19, 2012

Approved by: President’s Cabinet, February 6, 2012

Next Review: November 1, 2015