Call For Comments – Proposed New Policy: Policy #104

Please take the opportunity to express your voice in the formation/change of university policies!

The University is proposing a new Policy #104 (Acceptable Use and Security of UBC Electronic Information and Systems) to replace existing policies #104 (Responsible Use of Information Technology Facilities and Services) and Policy #106 (Access to and Security of Administrative Information).

We have attached the rationale for the changes that were presented to the Board of Governors as well as both the existing and proposed policies. Below you will find the University’s comments on the proposed new policy.

Please review the proposed changes to see if you have any questions or concerns. You can submit your response to the Faculty Association by January 11 to be considered when we formulate the Association’s response, or you may forward your concerns directly to the University by January 25. If you do submit a response to the University directly, please copy us so that we’re aware of your response.

CALL FOR COMMENTS – PROPOSED NEW POLICY: POLICY #104 (ACCEPTABLE USE AND SECURITY OF UBC ELECTRONIC INFORMATION AND SYSTEMS)

The UBC community is invited to comment on a proposed new policy, Policy #104, Acceptable Use and Security of UBC Electronic Information and Systems.

The proposed new policy combines and updates two existing policies, Policy #104 (Responsible Use of Information Technology Facilities and Services) and #106 (Access to and Security of Administrative Information). The current version of Policy #104 was approved in November 2000 and has never been substantively revised or amended. Policy #106 was first approved in January 2001. While the Procedures were amended in July 2010, the Policy itself has never been substantively revised or amended.

Over the years, users across the University have identified significant gaps in the policies, and have asked for various aspects to be clarified or elaborated.

The proposed new policy incorporates much of the language in the existing policies, including the following important provisions:

UBC will not attempt to limit the academic freedom of those who use UBC Information and Systems, as long as the use is consistent with relevant laws, policies, collective agreements and terms of employment.

The restrictions on the use of Electronic Information and Systems are not intended to prevent or restrict duly authorized system administrators or other technical personnel from carrying out their duties.

The proposed new policy makes the following significant changes:

1. To avoid repetition and inconsistencies, the new policy combines the existing policies into one document, which is easier to read and about 25% shorter than the combined length of the existing policies.
2. The existing policies only apply to faculty, staff, and students, but not to other individuals who may have access to University systems. The proposed policy fills this gap by covering all individuals who have access to UBC Electronic Information and Systems.
3. The existing policy only applies to administrative data, but it does not contain any guidance about the security or integrity of academic or research data. The proposed policy addresses this omission by covering all UBC Electronic Information, which is defined as “electronic information used to conduct University business (administrative, academic and research).”
4. The existing policy does not explicitly require users to comply with guidelines developed by the Chief Information Officer (CIO) on the use and access to UBC information and systems. The proposed policy explicitly requires all users to comply with the CIO’s guidelines (now called Information Security Standards).
5. The existing policy allows for incidental personal use of facilities or services, under limited circumstances. The proposed policy continues to allow such personal use, but provides more guidance about the balance between users’ reasonable expectation of privacy and the University’s right to access information stored on UBC systems under appropriate circumstances.
6. Some parts of the existing policies clearly do not apply to systems specifically designed for personal use, such as UBC’s student and alumni email system. The proposed policy specifies that the CIO may exempt systems from the policy where appropriate, and must approve separate terms of use for the exempted systems.

A copy of the proposed policy is attached to this e-mail. All members of the University community are encouraged to provide their comments. Please submit feedback to the Office of the University Counsel at [email protected] by January 25, 2013.