Information Security Practice: Protecting the Privacy of Users

Summary

UWM’s IT professionals shall take reasonable measures to protect the privacy of accounts assigned to UWM’s authorized users. Though absolute privacy of UWM’s authorized users cannot be guaranteed, as a general practice, the contents of user accounts shall be treated as private and not examined or disclosed.

Implementation Details

The fundamental purpose of information security tools and practices is to protect the university’s IT resources and accounts, mindful of the need to protect the “privacy interests” of authorized users. Those UWM staff members in UITS and CTS with the technical ability to access others’ UWM accounts shall:

• Sign confidentiality agreements
• Not access user accounts unless authorized to do so for a “legitimate business purpose”
• Take reasonable measures to protect the privacy of accounts assigned to UWM’s authorized users
• As a general practice, treat the contents of user accounts as private and not examine or disclose them

Policy References

• Regent Policy Document 25-3: “Acceptable Use of Information Technology Resources” https://www.wisconsin.edu/regents/policies/acceptable-use-of-information-technology-resources/
  • “The UW System shall take reasonable measures to protect the privacy of its IT resources and accounts assigned to authorized users. However, the UW System cannot guarantee absolute security and privacy.”
  • “Generally, the contents of user accounts will be treated as private and not examined or disclosed”
  • “UW institutions will work with authorized users to protect their privacy interests”
  • “Authorized users must not violate the privacy of other users. Technical ability to access unauthorized resources or others’ accounts does not by itself imply authorization to do so, and it is a violation of this policy to access others’ accounts unless authorized to do so for a legitimate business purpose”

Please Note

• “Policies” are formal, authoritatively-determined Mandates from UW System and the Board of Regents
  • Regent Policies – Section 25 “Information Systems and Technology”
    • https://www.wisconsin.edu/regents/policies/
  • UW System Administrative Policies & Procedures – 1000 Series “Information Security”
    
    • https://www.wisconsin.edu/uw-policies/uw-system-administrative-policies/
• “Practices” are campus-specific, CIO-approved UWM implementations by UITS and CTS of “Policies”
• “Guidelines” are published guidance for Policy implementation by UWM employees not typically serving in UITS and CTS and who might not be technologists per se – e.g., the campus data stewards