Electronic Content Stewardship
Stewardship of Electronic Content
1.0 Policy Statement
The Wellesley College Stewardship of Electronic Content Policy establishes the exceptions to electronic content privacy at Wellesley College, including the retention of and access to electronic content following the departure of an employee.
2.0 Overview
Wellesley College facilitates the storage of electronic content for the members of the community, and therefore serves as the steward of all electronic content stored, maintained or accessed either on College resources or outsourced services negotiated for College use. This policy addresses the privacy and confidentiality accorded to users’ electronic content in compliance with relevant laws and regulations regarding privacy of information.
3.0 Purpose
Wellesley College strives to protect the privacy of electronic content and any sensitive data contained therein stored or accessed on its information technology resources. As the custodians of electronic content, Library & Technology Services (LTS) will not inappropriately access or disclose information contained in an individual’s electronic content. However, there are certain exceptional instances in which it is necessary for the College to access and/or disclose the electronic content of members of the Wellesley College Community, and LTS staff will only do so under direction of the appropriate electronic content stewards at the College. This policy outlines the exceptions to electronic content privacy and establishes procedures for accessing electronic content in these cases. It also addresses the retention of accounts for accessing electronic content following separations from the College. For a detailed overview, see the account terminations table.
4.0 Scope
This policy applies to all members of the Wellesley College community that have access to electronic content through the College’s information technology resources. For the purposes of this document, electronic content is defined as all content that is stored under the ownership of a community member in central servers in the College network, College negotiated outsourced services, and all content stored in the College provided desktops and laptops of faculty and staff (e.g,. files stored in NTM fileserver, webserver, Sakai, and Google Apps for Education). This policy applies to all faculty, staff, students, alumnae, contract and temporary workers, consultants, and any other individual who access or store electronic content as defined above.
5.0 Policy
5.1 Responsibilities
LTS staff serve as the custodians of electronic content, maintain the technology infrastructure that support access to it, and provide technical support for its use. The Chief Information Officer (CIO) has responsibility for this policy.
5.2 Exceptions to electronic content privacy
Electronic content at Wellesley College is considered private and will not be accessed or disclosed by the College, except in the following circumstances:
- In response to a court order or subpoena;
- For investigations involving human resource matters;
- If there is reasonable suspicion of violation of any Wellesley College policy, including Acceptable Use, the Written Information Security Program or Copyright Policy, or of any federal or state laws or regulations;
- In health and safety emergencies;
- When the electronic content owner or account subscriber is unavailable for an extended period, and the information is necessary to conduct college business; OR
- The content owner gives explicit permission to an LTS staff member to access specific content to help resolve problems.
In addition to these exceptions of electronic content privacy, Wellesley College reserves the right to access an individual’s electronic content following his or her termination of employment with the College. See section 5.7 for more information on accessing electronic content of individuals no longer employed with Wellesley College.
5.3 Court order or other legal request for electronic content
Any court order or other legal request for submission of electronic content files or mail records will be directed to the Office of the Vice President for Finance and Administration. Access to or disclosure of electronic content in response to this kind of request will only be carried out under the direction of the Vice President or his designee.
5.4 Electronic content requests for possible legal or policy violations or Human Resources matters
When access to electronic content is requested for potential legal or policy violations or investigation of Human Resources matters, permission must first be obtained from the appropriate electronic content steward or designee:
- Faculty accounts - the Provost serves as the electronic content steward
- Staff accounts - the Vice President for Finance and Treasurer is the electronic content steward
- Student accounts - the Dean of Students is the electronic content steward
Examples of these matters may include when complaints such as sexual or other types of harassment or unfair treatment have been filed and HR has determined in consultation with legal counsel that the College needs to preserve the electronic content of those involved for further investigation. Once permission is obtained, LTS staff will provide access to the requesting party under the direction of the CIO in accordance with the details of the request approved by the electronic content steward. The College’s legal counsel will be consulted as appropriate.
5.5 Electronic content requests during health and safety emergencies
In the event of a health and safety emergency, it may be necessary to access or disclose electronic content to local, state or federal emergency responders, or to officials involved with emergency response at the College. In these situations, LTS staff will only access or disclose electronic content under direction of the CIO and in response to a request from the Chief of the Wellesley College Campus Police, the Director of Health Services, the Director of Counseling Services or the Dean of Students or their designees.
As soon as is practicable, the CIO will notify the appropriate electronic content steward about what data was accessed and from whom, and any other relevant details related to the request.
5.6 Accessing electronic mail accounts when the subscriber is unavailable
There are many situations in which employees may take an extended leave of absence. In planned absences, employees are expected to place an out-of-office reply on their electronic mail account directing people who to contact in their absence. In some cases where access to their electronic mail may be necessary, the employee may choose to forward their incoming mail to another employee. For unplanned extended absences, it may be necessary for the College to access incoming mail for continuity of business operations. In these rare instances, a request may be made by the appropriate electronic content steward to the CIO, who will arrange for incoming mail to be forwarded to the employee’s supervisor.
5.7 Retention of and access to electronic content following separation from the College
Procedures for administrative staff
In the case of amicable separations, the administrative staff member will be advised to create on an out-of-office electronic mail response two weeks prior to the last date of employment to redirect incoming mail to his or her supervisor. The employee’s access to all accounts and electronic content will be terminated within 24 hours of their termination date. At the time of termination, any electronic content, including incoming or existing electronic mail, will be made available to the prior employee’s academic chair or department head, or his or her designee. After 6 months following separation, all accounts and associated data will be deleted. The employee will be made aware of these procedures so that he or she can make the necessary preparations.
Procedures for faculty
Official dates for faculty appointment terminations are either June 30 (Spring terminations) or Dec 31 (Fall terminations) of each year. However, faculty require access to their electronic content and access to other College technical services beyond these dates so that they can post grades and access SEQs. It is also the case that the students need to have an option to contact the faculty for a short period after the grades have been posted. Therefore the policy for faculty are as follows:
- The faculty member will have exactly the same access that they had as an employee of the College for one additional month after the official termination date (until Jan 31 for Fall termination, or July 31 for Spring termination).
- The faculty member will have access to Google Apps for Education and Sakai for an additional month - until Feb 28 or August 31.
- On Feb 28 or August 31, faculty member will lose access to Google Apps for Education and Sakai and can request to forward emails to a non-Wellesley account for the next three months.
The faculty member will be made aware of these procedures prior to their departure date so that he or she can make the necessary preparations.
Retired Faculty, Staff & President’s Club
The only exception to the above rule regarding retention of access to electronic content occurs for the retired faculty & staff and those employees that are considered part of the “President’s Club,” with greater than 25 years of service at the College. These employees retain access to their domain accounts and electronic content indefinitely.
Non-amicable terminations
When a faculty or staff member’s employment with the College is terminated and the separation is non-amicable, all access to computer accounts and electronic content will be terminated immediately. This practice is true regardless of the employee’s length of service with the College. At the time of separation, any electronic content, including incoming or existing electronic mail, will be made available to the terminated employee’s academic chair or department head, or his or her designee. After 6 months following separation, all accounts and associated data will be deleted.
Deceased employees and students
If a current employee or student becomes deceased, his or her beneficiary or estate has the right to request access to his or her electronic content for a period of 2 years following the death, for the purpose of gathering personal materials of the deceased for estate administration. These requests will be handled on a case-by-case basis in consultation with the College’s attorney. Care will be exercised to ensure the privacy of any sensitive College data contained in the electronic content of the deceased employee. After 2 years, all electronic content of the deceased person will be deleted.
Procedures for Students
Students retain access to their domain accounts for six months following graduation in order to allow access to their transcripts. Beginning with the class of 2012, alumnae will retain access to their content in Google Apps for Education indefinitely.
6.0 Enforcement
In the case of any violations of existing college policy or applicable state or federal law, the College reserves the right to use its discretion in addressing the violation, including terminating access to electronic content and/or sharing access to the electronic content with others.
7.0 Policies Cross-Referenced
8.0 Effective Date
This policy was approved by the Advisory Committee on Library and Technology Policy and the President’s Cabinet. It is effective April 6, 2012.
