Procedure and Guidelines
1. Manager’s Responsibility: It is the responsibility of the manager to ensure that a detailed inventory of all University property provided to employees is prepared and accurately maintained.
Upon transfer or separation of an employee, it is the manager’s responsibility to ensure that all University property assigned to that employee is returned by the employee prior to the employee’s departure date; to notify appropriate University sources relative to the appropriate access issues, and to return University property to the appropriate departments within the University.
2. Employee’s Responsibility: It is the employee’s responsibility to ensure proper use, security and safety of University property assigned to him/her in the discharge of his/her responsibilities; to inform appropriate sources in cases of theft or damage; and to return all university property to his/her respective manager prior to being transferred to another department within the University or prior to his/her separation from the University.
3. Procedures Concerning Ownership of Property: Upon transferring between departments, reassignment of duties or leaving the employment of the University, all items that are the property of the University/department shall be retained by the University/department, or must be returned to the University/department. The following procedures apply:
a. In cases where an employee is transferring or has duties reassigned, the employee will prepare a list of any property, provided for the employee’s use in her/his job that must be returned. The employee will also discuss files, emails and any other data contained in files or computer accounts, and make suggestions concerning what should be retained by the manager.
b. The manager will confirm the property that must be returned or retained, and will make appropriate arrangements for return/retention.
c. In cases where employment is separation from the University, in addition to paragraphs (a) and (b) above, the manager will advise the department’s security officer to cancel the employee’s access to assigned computer accounts. The security officer will contact appropriate systems administrators to ensure access is terminated.
Managers must ensure that control/access cards, employee ID cards, keys and equipment loaned for employment-related use at home, are returned. Employee ID cards must be returned to Human Resources.
If the employee requests that any files, emails or data contained in computer accounts be returned to her or him, the manager will review the files, emails and data contained in those accounts and establish an inventory.
The manager will review the inventory with the employee and determine what files, emails and data are to be retained by the University, what can be erased, and what can be returned to the employee.
The manager will also indicate if there is any computer hardware or software, provided for the employee’s use in her/his job, that must be returned and make arrangements for return.
d. If there is a dispute concerning particular items, Human Resources consultants should be contacted to help resolve the situation. The matter may be referred to department/division decision makers, or the manager, Employee Relations, for review. The decision of the appropriate vice president is final.
4. Guidelines Concerning Privacy and Security of Information: Following are examples of situations where authorized individuals may access the computer accounts or other records or documents used or created by employees in the course of employment.
a. Chairs should establish procedures that provide for their access to vital information, e.g. student grades, in the event that a faculty member is incapacitated for an extended period of time. The procedures should provide for the information to be maintained in a way that does not require access to the faculty member’s email account or personal records.
b. University officials may access employee records or documents in the course of investigating a suspected infraction of University policy or terms and conditions of employment. Specific procedures should be outlined in any such policies.
c. Law enforcement officials and others who have the legal authority to require the release of records may compel the University to provide access to computer accounts or other records or documents, and/or may require the University to allow monitoring of traffic and/or files associated with a suspected breach of the law.
Although system administrators attempt to provide and preserve security of files, account numbers, passwords and programs, it is possible that security can be breached through action or causes beyond reasonable control. Users are therefore urged to safeguard data and to take full advantage of file security mechanisms built into systems. Users should also be aware that it is possible for unauthorized individuals to monitor transmissions on networks in certain circumstances. It is suggested, therefore, that confidential information not be sent electronically unless the user is operating on a known secure network.
This procedure and guidelines, falls under the jurisdiction of the Vice President, Administration and Finance. The overall interpretation and application of this policy is the responsibility of Human Resources. The interpretation and application of this policy pertaining to computer accounts is a shared responsibility of Human Resources and Computing and Communications Services (CCS).