Skip to Main Content
Privacy

Responsible authorities at all levels of the IT@UC environment will perform management tasks in a manner that is respectful of individual privacy and promotes Individual trust.

IT@UC may access Protected Health Information (PHI) as necessary in support of the university’s health care components. IT@UC is a covered unit named in the university’s HIPAA policy.

Monitoring and Routine System Maintenance

The university will access IT@UC resources as necessary for system maintenance, including security measures. The Network Operations Center (NOC), OIS and formally designated IT@UC managers are authorized to monitor network traffic for malicious activity, suspicious patterns, and in the course of investigation. Additional campus IT administrators can be approved to access and monitor specific traffic on specific networks for which they are responsible. Authorization must be obtained from OIS and the appropriate Network Operations Staff.

The individual(s) must also complete a Non-Disclosure form and undergo a standard background check, if not already completed. This approval will also be communicated to OIS and NOC. Authorized personnel must demonstrate a need for and an understanding of the operation of network monitoring devices. The university’s routine operation of IT@UC resources may result in the creation of log files and other records about usage. This information is necessary to analyze trends, balance traffic, and perform other essential administrative tasks. OIS may store incident related data as required. OIS may store aggregated data and usage logs for operational, compliance, and statistical purposes.

No authorized personnel will use network monitoring devices to monitor employee electronic transmissions, conduct network scans, or access individual data for job performance evaluation, or as part of an unofficial investigation, without first receiving approval from OIS. This requirement is not intended to interfere with routine operations of staff who are required to perform monitoring services to maintain the availability and integrity of the IT infrastructure.

The university may be compelled to disclose Individuals’ electronic records in response to various legal requirements, including subpoenas, court orders, search warrants, discovery requests in litigation and requests for public records under the Ohio Public Records Law or by request of the Office of General Counsel.

The university may disclose, at the Office of General Counsel discretion, the results of any general or individual monitoring or inspection of any Individual’s record, account or device to appropriate university authorities and law enforcement agencies. The university may also use these results in its disciplinary proceedings.

Provisions Regarding Inspections and Disclosure of Personal Information The university will never disclose contents of communications to an outside entity unless formally instructed to do so by the Office of General Counsel and: When so required by law. If necessary to comply with the applicable legal requirement, such disclosures may occur without notice to the Individual or without the Individual’s consent, as determined by the Office of General Counsel.

In connection with an investigation by the university or an external legal authority into any violation of law or of any university policy, rule or ordinance. When the investigational process requires the preservation of the contents of an Individual's electronic records to prevent their destruction, the Office of General Counsel may authorize such an action.

If appropriate university personnel determines that access to information in an employee’s electronic account or file is essential to the operational effectiveness of a university unit or program and the employee is unavailable or refuses to provide access to the information.

If the university receives an appropriately prepared and presented written request for access to information from the lawful representative of a deceased or incapacitated Individual.

If the university must use or disclose personally identifiable information about Individuals without their consent to protect the health and well-being of students, employees, or other persons in emergency situations, as formally instructed by UCPD, or to preserve property from imminent loss or damage, or as instructed by Office of General Counsel, to prosecute or defend its legal actions and rights.

Contact Information

IT@UC Office of Information Security

513-558-ISEC(4732)

infosec@uc.edu History: Issued: 04/20/2017