Weill Cornell Medical College (WCMC) provides computer, e-mail, network, Internet, and telephone access to faculty, staff, and students for the purpose of furthering the mission of education, research, and patient care and for conducting general college business. While incidental and occasional personal use of such systems is permissible, personal communications and data transmitted or stored on WCMC information technology resources are treated as business communications, and are subject to automated surveillance by security systems managed by the Information Technologies and Services Department. Automated surveillance systems do not generally inspect content of data, but will flag data that appear malicious in nature (e.g. viruses, spyware) for further investigation. WCMC community members should not expect that personal communications will remain private and/or confidential. While the college permits generally unhindered use of its information technology resources, those who use WCMC information technology resources do not acquire, and should not expect, a right of privacy.
Entities Affected By This Policy
The Weill Cornell Medical College and Graduate School of Medical Sciences
- Responsible Executives: WCMC Chief Information Officer
- Responsible Department: Information Technologies and Services
- Dates: Issued: Interim, October 1st, 2007. Final Issuance: January 31st, 2008
- Contact: Information Technologies and Services
Reason for Policy
WCMC recognizes that an information technology environment built on mutual trust and freedom of thought is essential to the mission of education, research, and patient care. WCMC additionally recognizes that as faculty, staff, and students create and store data in electronic form, there is growing concern that the data a user in the WCMC community might consider private may be more available to view or use than initially expected. This policy is intended to clarify some general principles and define expectations of privacy within the WCMC community.
WCMC reserves the right to access, review, and release electronic information that is stored or transmitted using WCMC information technology resources. WCMC will initiate this access, review, or release only under one or more of the following circumstances:
- When requested by the Office of University Counsel, a court order, or other entity with legal authority to do so.
- When requested by an appropriate WCMC official; including but not limited to the Office of University Counsel, Human Resources, the WCMC Privacy Officer, or the WCMC Security Officer.
- When fulfilling the legal, regulatory, or other applicable duties of the college.
- When responding to an electronic or physical security issue or incident.
- In the event of a health or safety concern.
- In order to ensure the security, confidentiality, integrity, and availability of data stored or transmitted by WCMC information technology resources.
In cases where more stringent controls, such as state regulations for psychiatric data, maintain a higher standard for authorized access, review, or release of data, the more stringent control will always take precedent.
Whenever access, review, or release of WCMC data is necessary, care will be taken to treat the event with sensitivity and respect.