University Access to Accounts and Electronic Information Policy

Policy Summary

The George Washington University (“GW” or “university”) provides Information Technology Resources (“GW IT Resources”) to its community members to promote and advance teaching, learning, research, and administrative support. This policy establishes the right of the university to access Accounts where Electronic Information is processed, stored, or transmitted using GW IT Resources for Legitimate Purposes.

Who is Governed by this Policy

  • This policy applies to all university students, faculty, staff, and all other individuals and entities granted use of GW IT Resources, including, but not limited to, contractors, temporary employees, sponsored researchers, affiliates, visitors, and volunteers (collectively, “Authorized Users”). 

Policy

GW respects the privacy of its Authorized Users but maintains the right to access all Electronic Information processed, stored, or transmitted using GW IT Resources when, in its good-faith judgment, access is needed for Legitimate Purposes. Legitimate Purposes include the university’s good-faith determination of the need for access to operate and maintain GW IT Resources, to carry out university-authorized administrative action, to comply with legal requirements, and for the purpose of life safety.

Examples of “Legitimate Purposes” include, but are not limited to:

  • System Protection, Maintenance, and Management
    GW IT Resources require ongoing maintenance and inspections for the specific purpose of operating efficiently, protecting against threats such as attacks, malware, and viruses, protecting the confidentiality, integrity, and security of information, and implementing new software or other systems. For these purposes, the university may scan or otherwise access Authorized Users’ Accounts and Electronic Information. In that process, GW personnel may have access to certain Accounts or Electronic Information; however, except as provided in this policy or required by law, GW personnel are not permitted to seek out Accounts or review Electronic Information when not germane to system protection, maintenance, and support. GW limits any unavoidable access to Accounts and Electronic Information to the minimum required to perform such duties.
  • Continuity of Operations
    GW may access Authorized Users’ Accounts and Electronic Information for the purpose of ensuring business continuity, including but not limited to, disaster recovery, a disruption in some or all of GW’s operations and services, and when the Authorized User is absent (due to a period of leave, for example) and the information is critical to conduct university business. Access to relevant Accounts or Electronic Information for this purpose will only be permitted in order to ensure business continuity. Access must be requested and approved by Human Resources Management and Development or Faculty Affairs, as appropriate. 
  • Life & Safety Matters
    GW may access Authorized Users’ Accounts and Electronic Information to address exigent situations that present potential or actual threats to the safety of the campus or to the life, health, or safety of any person(s). Access must be approved by the GW Police Department.
  • Legal Process and Litigation
    GW may access Authorized Users’ Accounts and Electronic Information in connection with threatened or pending litigation (for example, in furtherance of discovery requirements and in the defense of the university and its employees in the course of litigation), in response to lawful demands for information in connection with law enforcement investigations, and other government investigations (such as investigations by the Equal Employment Opportunity Commission (EEOC), the Office for Civil Rights (OCR) or the DC Office of Human Rights), compulsory legal processes, subpoenas, and related legal requirements. Access for legal process and litigation purposes must be approved by the Office of the General Counsel, which will make a determination as to whether the demand for information is lawful.
  • Internal Investigations 
    GW may access Authorized Users’ Accounts and Electronic Information in connection with internal investigations involving members of the university community when the university determines in good faith that such access is justified in determining whether there has been a violation of a university policy or legal obligation. This access may occur only with the approval and under the direction and oversight of the Office of the General Counsel, in consultation with the Office of Ethics, Compliance, and Risk, as well as the Provost or Vice President for Human Resources, as appropriate.

Except as set forth under this policy or as otherwise required by law, no GW personnel are permitted to access Accounts or seek out Electronic Information of others when not carried out in response to a Legitimate Purpose. Furthermore, where there is a Legitimate Purpose, the right to access, copy, preserve, monitor, review, and search Accounts and Electronic Information is limited to the least amount of Electronic Information possible to meet the purpose, with access by the smallest number of GW personnel necessary upon on a need-to-know basis. 

Furthermore, as with the case for non-electronic information stored in university facilities, if information is not readily available or otherwise cannot be obtained through shared files with common access, GW personnel should keep in mind that the need for access to Accounts and Electronic Information will most often be met (and should normally be sought) by requesting it directly from the custodian, where practicable. Notwithstanding, when accessing an Account or the Electronic Information of an Authorized User for Legitimate Purposes, no additional notice, beyond what is provided by this policy, is required. Further, prior notification will not be made where it may result in destruction, removal, or alteration of data, is not appropriate or practical due to the urgency of the circumstances. 

While Authorized Users are required to use GW IT Resources to conduct business on behalf of the university, and reasonable incidental personal use of GW IT Resources is permitted when such use is consistent with the Personal Use of University Resources Policy, Authorized Users should not have an absolute expectation of personal privacy with respect to their Accounts and Electronic Information while using GW IT Resources. Should Authorized Users have personal matters they wish to keep private from the university, they should consider using non-university resources for those matters.

Definitions

Accounts: Established relationship between a user or an entity, a computer, network, or information service. Accounts have usernames and credentials. For the purposes of this policy, accounts do not include non-GW personal accounts. GW Accounts provide access to GW IT Resources. 

Authorized Users: All university students, faculty, and staff. It also applies to all other individuals and entities granted use of GW IT Resources, including, but not limited to, contractors, temporary employees, sponsored researchers, affiliates, visitors, and volunteers. 

Electronic Information: 

  1. Documents and communications, including but not limited to emails, voice mails, and text messages, on managed platforms (i.e., Teams, Box, etc.), and virtual platforms (WebEx, Zoom, Teams, etc.), and the associated metadata, which are located in files and accounts associated with a particular user, including all emails and their attachments in an Authorized Users inbox, sent items folder, or other account folders that are recognized as associated with the Authorized User; and 
  2. Information generated by automated processes resulting from the use of GW IT Resources by Authorized Users. 

GW IT Resources: Any technology or equipment, whether electronic or cloud-based, owned, contracted, or managed by the university to acquire, store, process, transmit, scan, receive, or dispose of data or information (e.g., computers, mobile phones, tablets, storage devices necessary for security and surveillance). 

Related Information

Contacts

ContactPhone NumberEmail Address
GW Information Technology202-994-4948[email protected]

Responsible University Official: Vice Provost for Libraries and Information Technology
Responsible Office: GW Information Technology

Origination Date: March 18, 2024
Last Material Change: N/A

More information describing university policies is outlined in the University Policy Principles.
Noncompliance with this policy can be reported through this website.