Effective: October, 2013
Revised: November 2014
This Policy establishes the accountability of all Users (as defined in the Columbia University Information Security Charter (the “Charter”)
http://policylibrary.columbia.edu/information-security-charter) of Columbia University’s Information Resources. It addresses the confidentiality, integrity and availability of such Resources in support of the University’s missions, codifies appropriate usage and establishes the need for Users to respect the rights of others and to be in compliance with other University policies, policies of external networks and resources, and all applicable federal, state and local laws and regulations.
The University’s Information Resources are provided to support the teaching, learning, clinical and research missions of the University and their supporting administrative functions. Inappropriate use of these Information Resources threatens the atmosphere for the sharing of information, the free exchange of ideas and the security of an environment for creating and maintaining Information Resources.
This Policy applies to the access and use of the University’s Information Resources, whether originating from University or non-University Information Resources, including personal computers, as well as the access and use of Information Resources provided by research sponsors to, or leased or hired by, University Users.
A PDF of this policy is also available to the right.
Additional terms apply to the use of email at the University, as described in the Columbia University Email Usage Policy
Capitalized terms used herein without definition are defined in the Charter.
II. Policy History
The effective date of this Policy is November 1, 2013. This Policy and the other Information Security Policies replace (A) the following University Policies:
and (B) the following CUMC Policies:
III. Policy Text
A. Privacy Expectations
The University respects the privacy of individuals and keeps User files and emails on central University Systems as private as possible. However, to protect the integrity of its Information Resources and the rights of all Users, the University reserves the right to monitor access to Information Resources, communications on the University Network and use of Systems and Data, as described in more detail in the Section III(C) of the Charter.
For reasons relating to compliance, security or legal proceedings (e.g., subpoenas) or in an emergency or in exceptional circumstances, the Office of the General Counsel may authorize the reading, blocking or deleting of Data. In particular, in the context of a litigation or an investigation, it may be necessary to access Data with potentially relevant information. Any such action taken must be immediately reported to the Office of the General Counsel and the applicable Information Security Office.
B. Prohibited Actions
No User of Information Resources may take any of the following actions:
C. Required Actions
Each User of Information Resources must take the following actions:
In addition, it is recommended, but not required, that confidential Information be protected with a password while in transit or storage.
IV. Cross References to Related Policies
The Information Security Policies referred to in this Policy are listed in Appendix A hereto.
Electronic Data Security Breach Reporting and Response Policy http://policylibrary.columbia.edu/electronic-data-security-breach-reporting-and-response-policy
Email Usage Policy
Information Security Charter