Privacy within the Northwestern Network

Audience:

All members of the Northwestern Community and users of the University network.

Definition:

Clarification of the privacy that users can expect within the Northwestern network.

Policy Statement:

The Northwestern network is owned and operated by Northwestern University for its own use for academic, research, and administrative purposes. It is the policy of Northwestern University to treat all transmissions over the Northwestern network as private; however, the use of the Northwestern network and of University computing resources is strictly by permission of the University and confidentiality is not guaranteed.

Background Issues:

Computer, System, or Network Use

All users of the University's computing and network resources must be aware that privacy of electronic communication and/or stored data files may be routinely compromised by:

  • inadvertent capture of transmission contents during network performance monitoring or troubleshooting,
  • uncovering of transmission contents in computer memory within the store-and-forward systems that move data through the network,
  • other maintenance activities that trap, copy, archive, or otherwise unintentionally preserve portions of messages within the University networks.

If the University inadvertently discovers messages or data files within its network that leads it to suspect the presence of illegal activities or activities that violate University policies, then the University will be free to use that discovered information to pursue investigations or to inform the appropriate authorities.

Computer, System, or Network Administration

The University reserves the right to take whatever steps are necessary to investigate possible network security threats, to investigate suspected violations of University regulations, or to assist appropriate authorities to investigate suspected illegal activities. On rare occasions, and with the approval of the vice president & chief information officer, the associate vice president for cyber infrastructure, or a director of an IT division, files belonging to individuals and/or communications between individuals may be captured, logged, and examined.

Satisfies ISO 27002 10.6.1

Last Review Date:

December 2013

Original Issue Date:

December 2002

Revision Dates:

July 2012
July 2003