The university seeks to protect computer-based information from accidental or intentional unauthorized modification, misuse, destruction, disruption, or disclosure. The University cannot guarantee security. Users should therefore engage in "safe computing" practices by establishing appropriate access restrictions for their accounts, guarding their passwords, and changing them regularly. In order to make every reasonable effort to protect its IT resources, the university reserves the right to monitor them, as further set forth below.
The university respects the privacy of its users, including their electronic mail. However, the use of university IT resources is not completely private. The normal operation and maintenance of the university's IT resources require backup, caching, logging of activity, monitoring of general usage patterns, scanning of systems and ports and other activities necessary for the rendition of service.
At all times the university has the right to monitor any and all aspects of the system, including electronic mail and individual login sessions, to determine if a user is acting in violation of the law or policies of the university.
Specifically, the university may monitor the activity and accounts of individual users of university IT resources, including electronic mail, individual login sessions and communications, without notice, when (a) the user has given permission or has voluntarily made them accessible to the public, for example by posting to a publicly-accessible web page or providing publicly-accessible network services; (b) it reasonably appears necessary to do so to protect the integrity, security, or functionality of the university or other IT resources or to protect the university from liability; (c) there is reasonable cause to believe that the user has violated, or is violating law or policy; (d) an account appears to be engaged in unusual or unusually excessive activity, as indicated by the monitoring of general activity and usage patterns; (e) to monitor quality in online academic programs; or (f) it is otherwise required or permitted by law. Any individual monitoring, other than that specified in "(a)", required by law, or necessary to respond to perceived emergency situations, must be authorized in advance by the director of the university’s information technology department.
The university, in its discretion, may disclose the results of any such general or individual monitoring, including the contents and records of individual 5
November 2009 by the Executive Committee of the University of Mary Board of Trustees