Policy and Procedure Statement
3.4.3.1
Privacy Commitment by Libraries' Systems Staff
November 2004
Policy for Those with
Administrative Privileges on Other Staff Computers
The purpose of this
policy is to ensure the privacy rights granted to individual MSU system users
under the University-wide Acceptable Use Policy and under the MSU Libraries
Workplace Rules, while maintaining cost-effective support for these machines.
Library Systems Staff
with administrative privileges on Library-owned computers that were provided to
other staff for Library-related work are expected to restrict their use of and
access to these machines to:
a)
collecting
information about the computer, its operating system and its software,
including scans for viruses, worms, spyware, adware, and other forms of
intrusion;
b)
maintaining
hardware and software including upgrades and migrations to new workstations;
c)
addressing
problems either as requested or when an unattended machine becomes a danger to
itself or others;
implementing Executive Council policies, workplace rules, and directives;
Library Systems Staff
with administrative privileges are explicitly prohibited from searching for or
examining the contents of files containing data not relevant to the tasks
listed above, unless explicitly authorized by the user,
or by the Vice Provost for Libraries, Computing and Technology.
Systems Staff with
Network Management Privileges may:
a)
maintain logs of connections to Library servers. Information in
these logs will only be used in aggregate for statistical purposes, except when
necessary to stop a network attack or solve an access problem;
b)
analyze
network traffic as necessary to understand traffic patterns and/or isolate and
stop a network attack;
c)
restrict
access to portions of the network as necessary for its protection. These
restrictions may be based on network port, source or destination address,
and/or file type.
They may not keep or
create records of network sites outside the Library visited by Library staff
members.