UNIVERSITY OF PITTSBURGH POLICY 10-02-06
CATEGORY: SUPPORT SERVICES
SECTION: Computing, Information, and Data
SUBJECT: University Administrative Computer Data (UACD) Security and
EFFECTIVE DATE: February 1, 2007 Revised
This policy establishes data security standards and practices for the protection of
University administrative computer data (“UACD”) from unauthorized disclosure, and
includes the rights and responsibilities of computer data users. It applies to all users
of University administrative
Protecting University Administrative Computer Data
Computer systems within the University contain information necessary to conduct the
business of the institution. This information is defined as University administrative
computer data (“UACD”). Examples include employee personnel records, student
educational records, financial data, and electronic documents as well as e-mails
used for administrative
UACD are institutional resources and must be protected from unauthorized
modification, destruction, or disclosure, whether accidental or
It is the responsibility of all levels of management to ensure that all UACD users
within their area of accountability are aware of their responsibilities as established by
this policy, and for guaranteeing a
secure office environment with regard to UACD.
Users of UACD are responsible for:
- Complying with all University computer security and access policies, procedures
- Using UACD only as required in the performance of their job functions.
- Disclosing confidential UACD only to other faculty or staff or students, whose
responsibilities require knowledge of such data.
- Exercising due care to protect UACD from unauthorized use, disclosure,
alteration, or destruction.
- Adhering to applicable federal and state laws and University procedures concerning
storage, retention, use, release,
transportation, and destruction of data.
Users of UACD are responsible for all transactions occurring during the use of his or
her user ID and/or password. A workstation logged into the network with access to
UACD must not be left unattended. The sharing of passwords and/or use of any
University computer account is prohibited.
Access to University Administrative Computer Data
Access to UACD is only permitted to those individuals who are authorized to use
UACD as required in the performance of their job functions.
The University will comply with all applicable laws and regulations regarding the
collection, maintenance, dissemination, and protection of data. Employees and
students may review personal information maintained by the University. Such reviews
will be only at reasonable times and only in accordance with University policy and the
law. See Policy 07-06-05, Access to Employee Personnel Files; and Policy 09-08-01,
Access to and
Release of Education Records.
The Data Owner, as identified in University Policy 10-02-04, Computer Data
Administration, of UACD will confer with University counsel to obtain advice on legal
security requirements and regulations, and the interpretation of privacy laws, and
consult with senior management
regarding information access to University data.
Reporting Violations of Data Security Policy
Violations of this policy should be reported immediately to the University’s Information
Security Officer or to the Office of General Counsel, or by sending e-mail to
firstname.lastname@example.org. The University will strive to maintain confidentiality to the extent
possible consistent with
Violations of this policy will result in appropriate disciplinary action, which may include
loss of computing privileges, suspension, termination, or expulsion from the University,
and legal action.
Violations of any federal, state, or local law concerning the unauthorized access or
use of University computers and computing services will result in the appropriate
disciplinary action up to, and including termination
from the University.
Policy 07-06-05, Access to Employee Personnel Files
Policy 09-08-01, Access to and Release of Education Records
Policy 10-02-04, Computer Data Administration
Policy 10-02-05, Computer Access and Use