Data Privacy

The Electronic Data Advisory Committee Report states: "The faculty and staff of the University should be under no delusions as to the essential confidentiality of their electronic files. Even when one takes elaborate precautions (e.g., file encryption) the nature of modern communication networks is such that true confidentiality is impossible to guarantee. In addition, the Wisconsin open records law may require public disclosure of electronic data. All users of these services should be apprised of these facts."

Examination of User Files

It is explicitly against BCG policy to examine or release users' files unless:

  • BCG has been requested to, or given permission to, by the owner,
  • the files are readable by other users without special privileges,
  • files are abandoned, i.e. after the user's account has been terminated, in which case the contents of the user's directory will be given to the user designated by the account authorizer,
  • BCG staff believes the files are related to a system problem that requires immediate attention,
  • BCG staff believes the files are related to a violation of system security or they are related to an attempt to use BCG facilities to violate the security of another computer system,
  • as ordered by the Vice Chancellor for Academic Affairs, as specified in the Electronic Data Advisory Committee Report.

Although we follow these guidelines, we cannot guarantee privacy. In the course of performing as effective system administrators, we are rarely required to examine the contents of files for reasons other than the above, but we reserve the right to do so, in a minimally invasive way with full recognition of the owner's rights to reasonable privacy of their files.

Media and Equipment Disposal

All electronic and other media and equipment able to store user data or data potentially compromising system security shall be disposed of in a way that renders it effectively unreadable. Media and equipment include:

  • disk and solid state drives in fileservers, computers and storage units,
  • thumb drives
  • CD's, paper, magnetic tape, floppies, punch cards and other antiquated media.

This policy applies to all disks since user data may remain in areas not explicitly used to store user data. Disposal will be done in the course of daily computer maintenance or at the request of the owner(s) of data on the media. Until disposal, media will be stored in areas comparable in security to online media.

Data destruction must be in compliance with the policies of the BCG and the policies to which BCG policy is subsidiary.

Web

The BCG maintains a record of accesses (Internet accesses) to Web pages on the BCG Web server. This information is confidential and will not be released or used, except:

  • to evaluate the "hit rate" of a Web page,
  • a list of other websites that have linked to a website on our server,
  • to comply with University or other policy.

The BCG keeps no record of out-going Web page requests.

Account Termination

When users are informed that their account will be terminated, they are encouraged to make arrangements for transfer of their data. When a user's account is terminated, all files in their directory can, by request, be turned over to the account authorizer, with the following exceptions:

  • the contents of the directory private in their home directory,
  • the user's mail in Office 365
  • the contents of the user's cache and "dot" files, e.g. .mozilla, etc.

These will not be restored from backup unless otherwise directed by the Chair of the Department of Biostatistics and Medical Informatics or in compliance with the policies of the University.

See also our Account Deletion policy.