...

Scope

This data retention policy covers all shared systems providing services to NCSA staff or customers. Currently, these are the systems operated by the Integrated Cyber-Infrastructure directorate at the NCSA. More specific system data retention policies and contracts/agreements can supplant this default policy. 

...

Staff should have no expectation or privacy when storing data on NCSA systems, and managers along with HR can decide when it is necessary to investigate the contents of staff data. However, staff must be notified after the fact.

Unless there is an exception for incident investigation or system operation, user data remains private and can only be shared with permission of the data owner.

...

Exception to the privacy provisions, however, must be approved by the Information Internal Infrastructure Board.