This policy of William & Mary views administrative data, third party proprietary information, and university information systems as critical business assets. Misuse or damage of administrative data, third party proprietary information, or university information systems may be as costly to W&M as misuse or damage of physical property. University employees are responsible for the protection and proper use of university administrative data, third party proprietary information, and information systems according to the policy provisions set forth below. In addition to this policy, individuals and departments are required to abide by the Data Classification and Protection policy which details the minimum security requirements for the administration of sensitive data. Please read this and all other information security policies and standards carefully before acknowledging awareness of their provisions.
- Restricted W&M administrative data and third-party proprietary information (e.g., licensed software and designated portions of vendor contracts) in the custody of university staff members shall be used only for official university business and as necessary for the performance of assigned duties. Restricted W&M information includes student records that are confidential under the Family Educational Rights and Privacy Act (FERPA 1974, as amended), personnel records, and other data to which limited access is subject to prior administrative approval.
- University administrative data or third-party proprietary information shall not be altered or changed in any way except as authorized in the appropriate performance of assigned duties.
- University administrative data or third-party proprietary information shall not be divulged to anyone unless their relationship with W&M as an employee, customer, vendor, or contracted temporary employee warrants disclosure and is authorized or required by law and university policy.
- Unless publicly available, university administrative data shall only be accessed by staff members who are specifically authorized to do so.
- University information systems shall not be used for personal economic benefit or for political advocacy. Occasional use (e.g., email, web) of W&M information systems for personal use is acceptable if it does not interfere with a staff member's job performance. Any use of a staff member's private office for external paid employment is also subject to university review as specified in the W&M's Policy on External Paid Employment (approved by the Board of Visitors, 2 February 1996).
- Any user IDs and passwords assigned to a faculty or staff member shall be used only by that faculty or staff member and shall not be shared with others.
- W&M strictly prohibits illegal use of copyrighted software and materials, the storage of such software and materials on university information systems, and the transmission of such software and materials over William & Mary network facilities.
- W&M is providing staff members with access to shared resources. Staff members shall not knowingly engage in any activity harmful to the university's information systems, administrative data, or third-party proprietary information. (e.g., creating or propagating viruses, overloading networks with excessive data, instituting or promulgating chain letters, or instigating unauthorized mass postings of any type).
- William & Mary information systems shall not be used to engage in any activity prohibited by university policies, or by state or federal law.
- W&M staff members shall not circumvent or subvert any university system or network security measures. They shall not use university email services to harass or intimidate another person. They shall not send email using or impersonating someone else's user ID or password.
- W&M does not routinely inspect, monitor, or disclose electronic mail. However, electronic messages are written records and may be subject to disclosure under the Freedom of Information Act, legal process, or university review upon receipt of a credible allegation of misconduct. W&M will investigate and may pursue appropriate internal or external civil or criminal proceedings when misuse of university administrative data, third party proprietary information, or university computing resources is suspected.
- Failure to comply with any of the above stated policies may result in a staff member being disciplined or terminated from his or her position, in accordance with general employment policies and procedures that apply to respective categories of employees.
- This policy does not affect the duties, powers and responsibilities of the Board of Visitors.
Contact the Technology Support Center (TSC)
757-221-4357 (HELP) | [[support]] | Monday - Friday, 8:00 am - 5:00 pm