• Computing and Telecommunications Resources - Privacy: AR-2060-G

  • Section: 2000 General Administration
    Acceptable Use of Computing and Telecommunications Resources
    Administrative Regulation: AR-2060-G
    President’s Cabinet (PC) Approval: 06/11/2013
    1. Expectation of Privacy:
      1. General Computing and Telecommunications Resources are not private. Communications made by means of these resources are subject to Oregon's Public Records Law to the same extent as they would be if written on paper. The normal operation and maintenance of Computing and Telecommunications Resources require the backup and caching of data and communications, the logging of activity, the monitoring of general usage patterns, and other such activities that are necessary to provide the service.
      2. Reason to Access Activity In addition, MHCC may access or monitor the activity and accounts of individual users of Computing and Telecommunications Resources, including individual log in sessions and communications, without notice, when:
        1. The user has voluntarily made them accessible to the public, as by posting to a web page or through an official MHCC social media site;
        2. It is necessary for MHCC work and business-related reasons (e.g. a person is on vacation or sick leave and access to some files is needed to further institution business or in the case of an Incident Command requirement);
        3. It reasonably appears necessary to do so to protect the integrity, confidentiality, availability, or functioning of MHCC generally or Computing and Telecommunications Resources in particular, or to protect MHCC from liability;
        4. There is reasonable cause to believe that the user has violated, or is violating, MHCC policy and regulations;
        5. There is reasonable cause to believe that the user is engaging in unlawful activity;
        6. An account appears to be engaged in unusual or unusually excessive activity, as indicated by the monitoring of general activity and usage patterns; or
        7. It is otherwise required by law.
      3. Authorization Any such access or individual monitoring, other than that specified above, required by law, or necessary to respond to perceived emergency situations, must be authorized in advance by the Human Resources Director or the Vice President of Administrative Services. An email is to be generated from the Human Resources Director to the Chief Information Officer (CIO), or their designee, providing the data network account to be accessed, who is to receive the information or access and if full access is not being granted, what information is to be shared. The head of the unit which employs the individual will be notified of such access when appropriate. MHCC, at its discretion but subject to any applicable laws, may disclose the results of any access or monitoring, including the contents and records of individual communications, to appropriate MHCC personnel or law enforcement agencies and may use those results in MHCC disciplinary proceedings and/or legal proceedings
      4. Monitoring as a Job or Service Requirement MHCC may also authorize access and monitoring of an employee's or agent's actual communications over its Computing and Telecommunications Resources where customer service is a primary responsibility of an employee's job duties. Such monitoring must be authorized by the Human Resources Director and employees in positions subject to monitoring shall be notified of such activity.