



Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Summary: The following provides the framework for privacy and security of data on the ASU campus. • There is no expectation of privacy in University ...
Typology: Lecture notes
1 / 6
This page cannot be seen from the preview
Don't miss anything!




The following document enumerates the principles and procedures pertaining to Technology Management and Security at ASU-J.
The Electronic Communications Privacy Act applies to any transfer of signs, signals, writing, images, sounds, data or intelligence of any nature transmitted in whole or in part by a wire, radio, electromagnet, photo electronic or photo optical system. All electronic communications sent or received on Arkansas State University equipment or through Arkansas State University technology systems are presumed to be controlled by the Electronic Communications Privacy Act.
As the entity providing electronic communications service, Arkansas State University has the authority to intercept electronic communications without the consent of the person sending or receiving the communication to ensure compliance with federal and state laws or university policy.
As the entity providing electronic communication services, Arkansas State University has the authority to read and disclose the contents of stored electronic communications without the consent of the person sending or receiving the communication. State Freedom of Information Act requests may require the disclosure of electronic communications without the consent of the person sending or receiving the communication. All Freedom of Information Act requests are required to be forwarded to University Counsel before any records are disclosed.
Because all electronic communications maintained in public offices, or by public employees within the
scope of their employment, are presumed to be public records under Arkansas law, no person utilizing Arkansas State University equipment to send or receive electronic communications has an expectation of privacy in those communications. Public records include electronic communications which constitute a record of the performance or lack of performance of official functions which are or should be carried out by a public official or employee, a governmental agency, or any other agency wholly or partially supported
by public funds or expending public funds.
The University has established Data Stewards by Division (see attachment) with ownership and responsibility for the access to and integrity of the data elements assigned to them. Data Stewards will assign each data element under their purview to one of three categories: Public , Limited Access , or Restricted. By default, all institutional data not specifically classified as Restricted Data will be designated as Limited Access data for use in the conduct of university business or to satisfy external reporting requirements.
It is frequently necessary to share data from various classes of information with agencies, vendors, or service providers to the University in order to fulfill the mission of the institution. In such cases where Limited Access Data or Restricted Data is provided, the agency(ies), vendor(s), or service provider(s) must complete and return a properly-executed Non-Disclosure Agreement. The completed Non- Disclosure Agreement will remain on file in the central data center for the life of the data sharing agreement.
In a perceived emergency situation, the central IT organization may take immediate steps including fully or partially blocking access, to ensure the integrity and/or confidentiality of institutional data, to protect the health and safety of the University community members and property, and/or protect the university from liability.
The following minimum standards must be incorporated into the individual data access technical policies and procedures for systems and facilities containing Restricted and Limited Access data:
Arkansas State University will adhere to the following Network Access standards:
Any device utilizing or appropriating wireless access to the University network infrastructure is subject to the following: A. Only centrally managed, university-owned wireless access points may be attached to any Arkansas State University network. B. All wireless devices connected to the University network infrastructure must use wireless spectrums officially recognized by the FCC as production data networks. C. Any wireless access point and device providing access to data identified as “Restricted” in the data classification manual must support data encryption of identified data while in transit.
In a perceived emergency situation where the integrity of the university data network and systems, the
health and safety of the university community members and property, or substantial risk to the University exists, the central IT organization may take immediate steps, including denial of access, to protect the above. The situation will be reported immediately to the CIO and appropriate University management for further action.
Information security incidents shall be reported to the CIO immediately including the loss or theft of a University owned device. Upon receipt of a security incident report, the central IT organization shall conduct an investigation and ensure that in all incidents:
For further steps regarding an incident involving loss or theft, see Operating Procedure 05-31 on the Finance website at http://www.astate.edu/dotAsset/bb4a2846-36fc-4360-9bd4-960526e9b2d3.pdf