Responsibilities of the Chief Information Officer
The ECPA amended the Wire Tap Statute to encompass transmissions of electronic data by computer and the law prohibits both the interception of electronic communications and access to stored electronic communications. Some commentators argue that this law gives employees of private entities a right to privacy in their e-mail. Title 18 U.S.C. § 2510(15) extends the Act's protection to university-owned telephone, e-mail and Internet systems. However, there is support for the proposition that employers who own the computer system used by their employees have the right to monitor employees' e-mail. Employee consent is also a defense to liability under the ECPA intercept provision, and this exception is the more certain of the exceptions to liability under the law. Thus, employees should either consent to or be put on notice that it is university policy that their e-mail may be intercepted.
The Chief Information Officer is responsible for ensuring compliance with this law. The way in which this is accomplished is by oversight of the CUA Employee Electronic Communications Policy and related Guidelines and Procedures. The Information Security and Assurance Policy is also relevant, along with the Computer Ethics Policy. As specified in those policies, the CIO will consult the General Counsel as needed.
Family Educational Rights to Privacy Act of 1974 (FERPA)
Summary of the Law:
Regulates the keeping and dissemination of student records at all institutions that receive federal funds or who have students receiving federal funds. Procedures must be in place to allow a student access to student records. Consent must be obtained to release student records to a third party, with certain exceptions contained in the law.
The Chief Information Officer has works with the Information Security Officer and other University officials to ensure overall privacy of student records.
|Employee Electronic Communication Policy|
|Information Security and Assurance Policy|