|
Responsible Office: Office of Cybersecurity |
Last Review: 03/01/2025 Next Review: 03/01/2027 |
|
Contact: Chris Madeksho | Phone: 901.448.1579 Email: mmadeksh@uthsc.edu |
Purpose
To establish that access will be granted in situations including, but not limited to a response to Information Security events, legal action, health and/or safety concerns of an individual or group, Federal, State, or University investigations, or be prompted by urgent University business needs. IT0002-Acceptable Use of Information Technology Resources delineates the acceptable use of information resources at the University of Tennessee. That policy establishes that there should be no expectation of privacy on the part of the user. While efforts are made to ensure reasonable expectations of privacy for the University of Tennessee Health Science Center (UTHSC) computer users, several situations can arise that require access to information held on UTHSC IT Resources including, but not limited to workstations, servers and/or peripherals.
Scope
This Standard applies to all UTHSC-owned devices or Information Technology (IT) resource that has the potential to store and transmit UTHSC data.
Definitions
UTHSC Information Technology (IT) Resource – a broad term for all things related to information technology from a holistic point of view and covers all University owned or managed information technology services, including cloud-based services, that users have access to.
Authorized University Officials: include Office of the Chancellor, Office of the General Counsel for Litigation holds, Executive Vice Chancellor/Chief Operating Officer, or AVC for HR as designee
Responsibilities
Authorized University Officials are responsible, at their discretion, for requesting information from a UTHSC IT Resource
Office of Cybersecurity is responsible for assisting Authorized University Officials in the acquisition of requested data.
Users of UTHSC IT Resources are responsible for complying with this Standard.
Standard
- As UTHSC IT Resources are the property of the University of Tennessee and their use is intended for authorized use only, users (authorized and unauthorized) have no expectation of privacy, either explicit or implicit, on any materials users place or view on UTHSC IT Resources.
- As required by state law, the University hereby notifies users that email may be a public record and open to public inspection under the Tennessee Open Records Act, unless the email is covered by an exception to the Act, such as personally identifiable student information, proprietary information, or trade secrets.
- The University complies with state and federal law regarding certain legally protected, confidential information, but makes no representation that any other data or information nor uses of this resource will be private or confidential, based on IT-0002-HSC-A-Data & System Categorization.
- All uses of UTHSC IT Resources and all files and data on these resources may be intercepted, monitored, recorded, copied, audited, inspected, preserved, and disclosed to authorized University and law enforcement personnel, as well as authorized individuals of other organizations:
- Such actions shall be approved by an Authorized University Official.
- Such approval shall be documented.
- By using UTHSC IT Resources, Users consent to such interception, monitoring, recording, copying, auditing, inspection, preservation, and disclosure at the discretion of Authorized University Officials.
- Unauthorized or improper use of UTHSC IT Resources may result in administrative disciplinary action up to and including termination and/or civil/criminal action.
Policy History
| Version # | Effective Date |
| 1 | 04/18/2016 |
| 5 | 02/10/2021 |
| 6 | 05/16/2023 |
| 7 | 03/01/2025 – new naming convention |
References
- IT0002-Acceptable Use of Information Technology Resources
- IT-0002-HSC-A-Data & System Categorization
Downloadable PDF
