General University Policy & Procedures Manual		GEN
OSU Policy & Procedure Manuals	Search the Manuals	Feedback

Administrative Policy & Procedures Manual » GEN Manual » General University Policies
OSU Home » OSU Disclaimer » OSU Computing Resources Acceptable Use Policy

OSU GEN: Acceptable Use of University Information

General University Policies Manual
Effective: xx/xx/xxxx
Revised: 07/01/2006

This policy explains how we share OSU-specific information, and the obligations held by individuals with this information to use and secure it appropriately. It relates to all OSU-specific information, including student, employee, and financial records, received by individuals through the performance of their duties, provision of services, or participating in programs. Every individual who has access to OSU-specific information is expected to adhere to this policy regardless of how the information was received or the format in which it was received. Non-OSU employees must read and sign this policy as a condition of access to and use of University information.

Security and access to OSU-specific information is determined by a “record custodian.” Record custodians are responsible for compliance with all legal obligations related to information, and in that capacity have final authority for the utilization, access, and release of data under their jurisdiction. In some instances there are multiple custodians for various sets of data. Individuals using OSU specific information shall do so only as authorized by the appropriate record custodian and in compliance with applicable laws, policies, and collective bargaining agreements.

Below is a listing of the most broadly utilized OSU-specific information and the associated record custodians. Not all information or record custodians are listed and individuals are advised to seek information regarding the security and access of OSU-specific information not listed below by contacting Information Services.

Student	Record Custodian
Course Catalog	Registrar
Class Schedule	Registrar
Recruitment	Admissions
Admissions	Admissions
General Student	Registrar
Registration	Registrar
Accounts Receivable	Business Affairs
Academic History	Registrar
Curriculum, Advising & Program Planning	Registrar

Finance
Accounts Payable	Business Affairs
Accounts Recievable	Business Affairs
Budget	Budget & Fiscal Planning
Payroll	Business Affairs
Fixed Assets	Business Affairs
FOAPAL Elements	Joint Ownership: Business Affairs & Budget & Fiscal Planning

Financial Aid

Financial Aid

Employee
Payroll	Business Affairs
All Other	Human Resources

OSU employees in positions requiring access to the Banner database or data warehouses will find the access request procedure at http://oregonstate.edu/dept/computing/banner/access.html.

Use and Release of Information

Individuals may request and utilize information needed to perform the scope of their responsibilities to the University. Individuals may not utilize information for a task that is not within the direct scope of their responsibilities without the prior approval of the appropriate record custodian.
Release of student data must follow the guidelines as available at http://oregonstate.edu/registrar/GuidelinesforReleaseofStudentRecords.html. Release of employee data must follow the guidelines as available at: http://oregonstate.edu/admin/hr/emp_rel_records.doc. All requests for records coming from outside the University are to be reviewed by the appropriate record custodian prior to release. The record custodian will consult with the General Counsel’s office as appropriate for compliance with the public records law.
Aggregate (summary data, not person specific) information, extracted from information systems or reports, may be released internally or externally if it has already been publicly released with the approval of the records custodian. Aggregate data that has not been published by the University may be released only with the prior approval of the appropriate record custodian.
Subpoenas or other requests from law enforcement authorities for student or employee records should be referred to the Office of the Registrar for students or the Office of Human Resources for employees.

Expectations for Responsible Use of Information

Respect electronic computing resources and systems and your impact upon them.
Information is available for your use in your official role at OSU only. No additional uses of information or sharing of information may be made without appropriate authorization.
Removal of the official record copy of documents from the office where they are maintained is permissible only when authorized to do so and in the performance of official duties.
Keep all passwords and access codes confidential and out of sight of others
Keep all confidential information and records, however maintained or stored, safeguarded against inappropriate use or access by others.
Report any infractions in the use or release of information to the appropriate records custodian.

Violations
Users who violate this policy may be subject to disciplinary actions and/or criminal and civil penalties and may be denied access to University computing resources. Such actions will be taken as determined appropriate in consideration of the severity and frequency of the violation(s). Violations will be handled through the University disciplinary procedures applicable to the relevant user and may include referring suspected violations of applicable law to appropriate law enforcement agencies

Top