Purpose

To establish that access will be granted in situations including, but not limited to a response to Information Security events, legal action, health and/or safety concerns of an individual or group, Federal, State, or University investigations, or be prompted by urgent University business needs. UTSA Policy IT0110, Acceptable Use of Information Technology Resources, delineates the acceptable use of information resources at the University of Tennessee. That policy establishes that there should be no expectation of privacy on the part of the user. While efforts are made to ensure reasonable expectations of privacy for UTHSC University computer users, several situations can arise that require access to information held on UTHSC IT Resources including, but not limited to workstations, servers and/or peripherals. This standard is also designed to meet compliance requirements for data regulated by federal or state law. This includes, but is not limited to, security requirements and safeguards for the Family Educational Rights and Privacy Act (FERPA), Health Insurance Portability and Accountability Act (HIPAA), or Gramm-Leach-Bliley Act (GLBA).

Scope

This Standard applies to all UTHSC owned devices or Information Technology (IT) resource that has the potential to store and transmit UTHSC data.

Definitions

UTHSC Information Technology (IT) Resource: Any data, device, or other component of the information environment that supports information-related activities. Assets generally include hardware (e.g. servers and switches), software (e.g. mission critical applications and support systems) and information

Authorized University Officials: include Office of the Chancellor, Office of the General Counsel for Litigation holds, Executive Vice Chancellor/Chief Operating Officer, or AVC for HR as designee

Responsibilities

Authorized University Officials are responsible, at their discretion, for requesting information from a UTHSC IT Resource

Office of Cybersecurity is responsible for assisting Authorized University Officials in

the acquisition of requested data.

Users of UTHSC IT Resources are responsible for complying with this Standard.

Standard

As UTHSC IT Resources are the property of the University of Tennessee and their use is intended for authorized use only, users (authorized and unauthorized) have no expectation of privacy, either explicit or implicit, on any materials users place or view on UTHSC IT Resources.
As required by state law, the University hereby notifies users that email may be a public record and open to public inspection under the Tennessee Open Records Act, unless the email is covered by an exception to the Act, such as personally identifiable student information, proprietary information, or trade secrets.
The University complies with state and federal law regarding certain legally protected, confidential information, but makes no representation that any other data or information nor uses of this resource will be private or confidential, based on GP-002-Data & System Classification.
All uses of UTHSC IT Resources and all files and data on these resources may be intercepted, monitored, recorded, copied, audited, inspected, preserved, and disclosed to authorized University and law enforcement personnel, as well as authorized individuals of other organizations:
1. Such actions shall be approved by an Authorized University Official.
2. Such approval shall be documented.
By using UTHSC IT Resources, Users consent to such interception, monitoring, recording, copying, auditing, inspection, preservation, and disclosure at the discretion of Authorized University Officials.
Unauthorized or improper use of UTHSC IT Resources may result in administrative disciplinary action up to and including termination and/or civil/criminal action.