Last updated: November 11, 2019

Privacy Overview

The rights to freedom of thought, inquiry and expression, as defined in Freedom of Speech and Artistic Expression (SPG 601.01), are paramount values of the university community. The university's commitment to the principles of open expression extends to and includes the Internet and information technology environments. In general, the University cannot and does not wish to be the arbiter of the contents of electronic communications. Neither can the University always protect users from receiving electronic messages they might find offensive.

It is the policy of the university to maintain access to local, national, and global sources of information and to facilitate an open culture that encourages vigorous exchange of ideas, including ideas that may be controversial or contain content that may be perceived by some as offensive. In general, no conditions or restrictions should be imposed upon access to and use of information technologies more stringent than limits that have been deemed acceptable for the use of traditional channels of communication. More details on the U-M Information Security Incident policy is available in the Standard Practice Guide, document SPG 601.11.

User Responsibilities

The University of Michigan aspires to a high standard of digital citizenship for all its members. Members of the university community agree to abide by the following norms of behavior with regard to technology use:

1. COMPLY WITH APPLICABLE LAWS, REGULATIONS, AND U-M POLICIES
2. Comply with all federal, State of Michigan, and other applicable laws, regulations, contracts—including university or third party copyright, patents, trademarks, software license agreements, and university policies regarding electronic communications, protection of institutional data, and operation of information technology resources.
3. RESPECT THE INTENDED USAGE OF RESOURCES
4. RESPECT THE SHARED NATURE OF RESOURCES
5. While U-M makes every effort to accommodate the increased demands for anytime-anywhere IT resources, users should understand that these resources are finite and should:
   • Use information technology resources in a manner that respects the integrity of the system or network and in a manner that is consistent with the primary missions of the university.
   • Refrain from disproportionate uses that have the likelihood of consuming an unreasonable amount of resources, disrupting the intended use of these resources, or impinging on the access of others.
6. RESPECT THE RIGHTS AND PRIVACY OF OTHER USERS
   • U-M is committed to respecting the privacy of individuals and will safeguard information about individuals subject to limitations imposed by federal and state law and other provisions described in Privacy and the Need to Monitor and Access Records (SPG 601.11). Members of the university community have a reasonable expectation of privacy in both their institutional roles and personal lives; in turn, they should:
   • Respect the privacy of other community members, regardless of whether their accounts are securely protected.
   • Respect the privacy of all individuals for whom the university maintains records.
   • Refrain from invading the privacy of individuals or entities that are creators or authors of information resources.
   • Not falsely assume another person’s or entity’s identity or role through deception or without proper authorization, or communicate or act under the name, email address, or any other forms of identification attached to a specific person, organization, or entity without proper authorization.
7. SAFEGUARD THE UNIVERSITY’S INFORMATION TECHNOLOGY RESOURCES
8. The university employs numerous measures to protect the security and integrity of its information resources and networks but cannot solely prevent unauthorized access or compromised accounts.
9. Users are responsible for following published security guidance to ensure that all their devices that access U-M IT resources are adequately protected.
10. All users of U-M information technology resources must promptly report all information security incidents, as defined in Information Security Incident Reporting Policy (SPG 601.25).

Violations and Sanctions

Misuse or abuse of U-M information resources should be reported to the IT User Advocate or the U-M Compliance Hotline, which allows for anonymous reporting.

Violations of this policy may result in disciplinary action up to and including suspension or revocation of computer accounts and access to networks, non-reappointment, discharge, dismissal, and/or legal action. Discipline (SPG 201.12) provides for staff member disciplinary procedures and sanctions. Violations of this policy by faculty may result in appropriate sanction or disciplinary action consistent with applicable university procedures. If dismissal or demotion of qualified faculty is proposed, the matter will be addressed in accordance with the procedures set forth in Regents Bylaw 5.09. The Statement of Student Rights and Responsibilities and the Policy on Sexual Misconduct by Students provide for student disciplinary procedures and sanctions. In addition to U-M disciplinary actions, individuals may be personally subject to criminal or civil prosecution and sanctions if they engage in unlawful behavior related to applicable federal and state laws.

Information Security

The University of Michigan has legal, contractual, and ethical obligations to protect the confidentiality, integrity, and availability of its systems and data. This policy strikes a balance between protecting university systems and data, maintaining the open environment that enables faculty, staff, and students to excel, innovate, and collaborate across the world, and ensuring that U-M core missions and institutional priorities remain paramount. More details on the U-M Information Security policy is available in the Standard Practice Guide, document SPG 601.27

Information Security Incident Reporting

It is the policy of the University of Michigan to handle information security incidents so as to minimize their impact on the confidentiality, integrity, and availability of the university’s systems, applications, and data. An effective approach to managing such incidents also limits the negative consequences to both the university and individuals, and improves the university’s ability to promptly restore operations affected by such incidents. More details on the U-M Information Security Incident policy is available in the Standard Practice Guide, document SPG 601.25

Access & Contact Information

If you have any questions please contact us at: myla-help@umich.edu.