...
Business data are kept as long as required by law or University policy, and this differs for each kind of contract, personal and financial data. ICI works with the administrative unit to support their requirements for data retention.
Privacy
...
- e.g., keystroke data
...
- No expectation of private data
- Manager & HR together decides
As a unit of the University of Illinois at Urbana-Champaign, we must abide by the University's policies regarding privacy, which includes the Web Privacy Notice on UIUC webpages.
Any data may be accessed in the course of a security incident or to provide for the operation of services, e.g., troubleshooting system issues. However, efforts are made to notify users or staff if their home directories are accessed in the process of providing support for our daily operations.
Staff data should have no expectation or privacy when storing data on NCSA systems, and managers with HR can decide when it is necessary to investigate the contents of staff data. However, staff must be notified after the fact.
Unless there is an exception for incident investigation or system operation, user data remains private and can only be shared with permission of the data owner.
Project data is owned by the Principal Investigator or project lead, and they decide who has access to the data.
Log data is not considered private, unless there is special policy regarding the specific type of data. NCSA may share log data with researchers that have IRB approval to utilize the data. Similarly, temporary data is not considered private by default and is often stored in shared spaces.
Finally, business data is shared only with those who need it to do University business, and it may be protected by additional laws and regulations.
...
Exceptions
- Who approves?
- How is it tracked?
...