header Offering Degrees in Computer Science and Computer Engineering
Info for:

Computing Services Group

Privacy in Electronic Information Systems (EIS)

  • 1.0 Background
    Privacy in the context of EIS relates to the expectations users may have with regards to their data and activities, and to the allowable actions by administrators and other users. With regard to expectations, most users should be warned that there are few absolute guarantees against unethical actions. The technology and openness that makes an interconnected worldwide set of multiuser computer systems so valuable also makes the individual's data somewhat vulnerable. However, this vulnerability does not mean approval of actions which violate privacy.

  • 2.0 Statement of Policy
    Subject to certain exceptions listed below, data owned by a user are private and may not be accessed by others without explicit consent of the owner. This right to privacy is rooted in many documents and is not lost with the use of computing systems. These exceptions are specific to our computing environment and are not meant as an excuse to compromise the basic right to privacy.

    • 2.1 Texas A&M University (TAMU) is an agency of the State of Texas. For TAMU employees, certain electronic information may be created in the performance of their official duties. Those data are not more private to the individual user than paper records would be. Some electronic information may be subject to review and/or release under the Texas Open Records Act.
    • 2.2 System administrators may access files in the course of maintenance or operations. They may not divulge information gained in this manner. Nor may they access user files without need.
    • 2.3 System administrators may access files to determine if a security violation occured or is occuring. The user should be notified as soon as practical.
    • 2.4 Computer systems and data stored on them are subject to audits by designated University personnel. Users will cooperate in providing access to systems and/or data upon proper notification.
    • 2.5 Nothing in this statement of policy gives the user or system administrator the right to violate law or University regulations.

  • 3.0 Specific Interpretations
    Statements and guidelines herein are meant to clarify potential interpretations of the Statement of Policy and are not exhaustive.

    • 3.1 The networked computer environment provided here consists of facilities provided to faculty, staff, and students to enable them to accomplish certain tasks required by their roles within the department and the University. There is an acknowledged trade-off between the absolute right of privacy of a user, and the need of the Computing Services Group (CSG) to gather necessary information to ensure the continued functioning of these resources.
    • 3.2 CSG at all times has an obligation to maintain the privacy of a user's files, electronic mail, and printer listings to the best of its ability. In computing environments where a user's activities/commands are not publicly available, users should also have the expectation of privacy regarding their activities.
    • 3.3 In the normal course of system administration, CSG may have to examine activites, files, electronic mail, and printer listings to gather sufficient information to diagnose and correct problems with system software or hardware.
    • 3.4 In order to protect against hardware and software failures, backups of all data stored on CS computing facilities may be made. CSG has the right to examine the contents of these backups to gather sufficient information to diagnose and correct problems with system software or hardware. It is the user's responsibility to find out retention policies for any data of concern.
    • 3.5 The Director of CSG, only, may monitor user activities and/or examine data solely to determine if unauthorized access to a system or data is occurring or has occurred. If files are examined, the account owner will be informed as soon as practical, subject to delay in the case of an on-going investigation. Any other access to data by system administrators (except as in 3.3 & 3.4 above) may only come after following appropriate University procedures.
    • 3.6 Files owned by individual users are to be considered as private, whether or not they are accessible by other users. The ability to read a file does not imply consent to read that file. Under no circumstances may a user alter a file that does not belong to him or her without prior consent of the file's owner. The ability to alter a file does not imply consent to alter that file.
    • 3.7 Some individually owned files are by definition open access. Examples include Unix .plan files, Web files made available through a system-wide facility and files made available on an anonymous ftp server. Any authorized user that can access these files may assume consent has been given.
    • 3.8 File permissions will not be changed without the consent of the owner. This includes files owned by students who graduate and leave.
    • 3.9 Because this is an educational environment, computer systems are generally open to perusal and investigation by users. This access must not be abused either by attempting to harm the systems, or by stealing copyrighted or licensed software. System-level files (not owned by individuals) may be used and viewed for educational purposes if their access permissions so allow. Most system-level files are part of copyrighted or licensed software, and may not be copied, in whole or in part, except as needed as part of an educational exercise. The same standards of intellectual and academic honesty and plagiarism apply to software as to other forms of published work.
    • 3.10 In this document, "owner" should be interpreted as an account under an operating system, not in a legal property sense. "Consent" may only be obtained from the person who is authorized to use the account that "owns" the files. Operating system access control features (e.g., permissions bits, Access Control Lists) do not provide consent.
    • 3.11 Individuals, especially students, who have extra access to data because of their position have the absolute responsibility not to take advantage of that access. If information is inadvertently gained (e.g., seeing a copy of a test or homework) that could provide personal benefit, the individual has the responsibility to notify both the owner of the data and the Director of CSG.



Copyright 2006 Department of Computer Science and Engineering | Dwight Look College of Engineering | Texas A&M Engineering | Texas A&M University | State of Texas | Accessibility | Webmaster | This page is best viewed with firefox 1.5 or higher and Internet Explorer 7 or higher