January 17-18, 2002

ITEM 114-104-R0102Board of Regents Policies and Procedures Manual: Information Technology; Internet Reporting (6) (New)


No. 6

POLICY REQUIREMENTS

SCOPE

This policy applies to all access to or use of MUS-provided Internet or Internet2 services made from any computer that resides on an MUS campus, is connected to the campus intranet, and is connected through the intranet to the outside Internet or Internet2, or from any computer that is connected to an MUS campus intranet, and through it to the Internet or Internet2 via dial-up or other externally provided network access service (e.g., a commercial ISP service).

PURPOSE

The MUS has the responsibility to insure that its telecommunications systems are used in the most effective and secure manner. Accessing certain Web sites or types of Web services may lead to ineffective use of these systems or may jeopardize their security. Therefore, the MUS has adopted policies addressing security, monitoring, and privacy issues associated with its computing and information resources, including telecommunications systems.

From time to time, the MUS may receive requests for records or other information obtained as a result of monitoring activities. These requests may be of several types, as described below. This policy, describes the steps to be taken to respond to such requests. It will be used for all such requests for Internet reporting, regardless of the source of the request.

DEFINITIONS

Unit - Any designated entity within the MUS.

Internet Reporting 1) An ongoing analysis of overall Internet usage by a unit of the MUS,prepared by authorized MUS staff; 2) a report on the specific Web sites accessed by an individual employee or student over a specified period of time, prepared by authorized MUS staff.

REQUIREMENTS

Reporting of Internet access activity may be provided for the following reasons.

  • Capacity Management. Authorized MUS staff on each campus will periodically analyze Internet traffic to determine if the campus has adequate bandwidth, within budgeted costs, to meet user needs and provide adequate response times. The staff, during the course of their analysis, will report to an appropriate campus authority any and all access to a site or class of sites that appears not to be related to university business or scholarship, may pose a security threat, or is of sufficient volume to have a potentially detrimental impact on network performance.
  • Unit Request. Within the constraints outlined in the MUS information technology policy on privacy, security and monitoring and state and federal law, a unit may request a report of Internet sites accessed by an employee of the unit or by a student taking courses at or within the unit. Unit requests must be made in writing by the chief officer of the unit. The request should be directed to the campus officer charged with overseeing Internet usage.
  • Law Enforcement Request. Requests for Internet access records from law-enforcement agencies must be made through an appropriate legal process (e.g., a legally valid court order). (Note: this does not preclude the MUS or any unit from contacting law enforcement as part of an investigation initiated by the MUS or the unit.) MUS legal counsel should be consulted whenever contact with a law-enforcement agency is initiated or received.
  • Public Request. Consistent with the MUS information technology policy on privacy, security and monitoring, requests by members of the general public for the Internet access records of an individual employee or student will not be honored except through a legally valid court order.