- Adhering to Federal, State and University Regulations and to Generally Accepted Standards
of Professional and Ethnical Behavior.
All employees of Chicago State University (CSU) are expected to familiarize themselves
with and to adhere to all applicable federal, state, University and Board of Trustee
rules, policies and procedures in their on-the-job conduct. This includes adhering
to all University policies and procedures covering equal opportunity and nondiscrimination
and avoiding actions and behavior prohibited under federal and state statutes, rules
and regulations and University and Board policies and regulations. Pursuant to the
applicable provisions of the State Universities Civil Service Merit System, collective
bargaining agreements and University and Board procedures, disciplinary action may
be taken against employees who fail to meet these responsibilities.
- Protecting Data and Information Privacy
All Chicago State University records, including both written documents and electronic
data are to be regarded as confidential. Student records are particularly sensitive
because of the Family Educational Rights and Privacy Act of 1974 (FERPA), which requires
post-secondary educational institutions and agencies to conform to fair information
practices in their handling of student data. Among the provisions of the act are the
requirements that data be used only for intended purposes and that those employees
responsible for student data take reasonable precautions to prevent misuse of it.
In accordance with the provisions of FERPA, Chicago State University grants employee
access to student data only on a need-to-know basis and only for appropriate administrative,
research, educational, or service functions, including but not limited to counseling
and/or advising students, reporting to state and federal agencies, administering financial
aid, conducting internal ad hoc reporting, etc. Protection of Chicago State University
records and compliance with FERPA rests ultimately upon the individuals entrusted
with access to data. All Chicago State University employees are expected to maintain
and protect the privacy of data and information which they handle or to which they
have access as a function of their jobs by following these basic rules:
- Don't tamper with or intrude upon any transmission, whether by voice, non-voice or
- Don't permit the conversation or communication of another person to be monitored or
recorded except as required in the proper management of business.
- Don't allow an unauthorized person to have access to any communication transmitted
to our facilities.
- Don't install or permit installation of any device that will enable someone to listen
to, observe, or realize that a communication has occurred, except as authorized by
an official service or installation order issued in accordance with University practices.
- Don't use information from any communication, or even the fact that a communication
has occurred, for your personal benefit or for the personal benefit of others.
- Don't disclose information about student or employee data. Report to your supervisor
immediately, if you believe that the privacy of any communication has been compromised,
or if you receive a subpoena, court order, or any other type of request for information
from anyone (including law enforcement).Student and employee records are to be held
in confidence and treated as University assets. They should be disclosed only upon
proper authorization, or as directed in University privacy rules or pursuant to lawful
process. Any questions about the release of any information from such records should
be directed to the Chief Information Officer of the Information Technology Division.
- Handling Copyrighted and Other Proprietary Information
Proprietary information is any information, including any software information, in
which either the University or some other person has an exclusive legal interest or
ownership right, such as a copyright. The unauthorized reproduction, release or disclosure
of such information is prohibited by law, and could have serious legal consequences
for both, any employee who reproduces or releases, it and for the University. Questions
on whether information is proprietary and the conditions under which it can be released
should be referred to your immediate supervisor.
In general, Chicago State University employees are expected to:
Obey U.S. copyright laws and University policy regarding the reproduction of copyrighted
software. Most purchased software is copyrighted and may not be copied except to make
an archival copy or as an essential step in its utilization.
Use licensed computer software only as permitted by the specific license. When employees
leave the department, all documents and records containing proprietary or classified
University or department information must be returned to the department. Even after
employment ends, former employees have a continuing obligation to safeguard this information.
- Protecting the Security of Computer Systems
Employees are responsible for ensuring that computer systems and the information they
contain are adequately safeguarded against damage, alteration, theft, fraudulent manipulation,
and unauthorized access or disclosure. Ultimately, each employee is responsible for
the security of information accessed or modified under his or her password or access
procedure. Also, as manager or user or University data or University computer resources,
each employee must strictly adhere to the specific security measures and controls
that have been established. Any personal or other non-University use of University
data communication or University computer system (mainframe, micro, mini or personal
computer) that is not expressly sanctioned by supervisors is forbidden.
- Employee Acknowledgment of Responsibility
The ITD Computer and Information Security Policy and Non-disclosure Agreement reaffirm
the importance of following the highest standards of professional and ethical conduct.
Adherence to these standards by all employees is the only sure way the University
can maintain the confidence and support of the public. As summary of these principles,
this policy does not include all of the rules and regulations that apply to every
situation. Its contents must be viewed within the framework of University policies,
practices, and instructions, and the requirements of the law. Moreover, the absence
of a University practice or instruction covering a particular situation does not relieve
an employee from acting ethically. Employees with questions about a particular situation
should consult their supervisor. Violations of this policy may result in disciplinary
action, up to and including termination from the University. Within Chicago State
University anyone whose designated duties require access to student or employee records
may use that information for appropriate research, educational, or service functions.
Along with that access, comes the responsibility to safeguard the individual's right
to privacy and maintain the confidentiality of all records. Recognizing the responsibility
that I have regarding any access to CSU records, I agree to the following:
- I will access CSU student and employee records and information only as required to
perform assigned duties.
- I will store information under secure conditions and make every effort to ensure that
- I will not release suppressed or private information without authorization and I will
not publicly discuss a record in a way that might personally identify that student
or employee. Unless release of public information is regarded as part of my job,
- I will notify my supervisor immediately of any request I receive for public records.
I will not release any information if the student has requested a total suppression
of information on himself/herself. When I release information on a student, I will
divulge only information regarded as "directory" or public information, specifically
the student's name, address, telephone listing, date and place of birth, major field
of study, classification, participation in officially recognized activities and sports,
the weight or height of members of athletic teams, dates of attendance, degree and
awards received, and previous educational agencies or institution attended. Furthermore,
I will not release public information about students that was requested on the basis
of non-public information (e.g., names of all international students, names of all
students with a GPA of less than 2.0, etc.).
- I understand that if I violate any of the terms of this agreement I am subject to
disciplinary action. In addition, up to and including termination from the University.
Violations may result in referral for prosecution by local state and/or federal authorities.
REVIEWED: August 19, 2010.