University Access to Accounts and Electronic Information Policy

• This policy applies to all university students, faculty, staff, and all other individuals and entities granted use of GW IT Resources, including, but not limited to, contractors, temporary employees, sponsored researchers, affiliates, visitors, and volunteers (collectively, “Authorized Users”). 

GW respects the privacy of its Authorized Users but maintains the right to access all Electronic Information processed, stored, or transmitted using GW IT Resources when, in its good-faith judgment, access is needed for Legitimate Purposes. Legitimate Purposes include the university’s good-faith determination of the need for access to operate and maintain GW IT Resources, to carry out university-authorized administrative action, to comply with legal requirements, and for the purpose of life safety.

Examples of “Legitimate Purposes” include, but are not limited to:

• System Protection, Maintenance, and Management
  GW IT Resources require ongoing maintenance and inspections for the specific purpose of operating efficiently, protecting against threats such as attacks, malware, and viruses, protecting the confidentiality, integrity, and security of information, and implementing new software or other systems. For these purposes, the university may scan or otherwise access Authorized Users’ Accounts and Electronic Information. In that process, GW personnel may have access to certain Accounts or Electronic Information; however, except as provided in this policy or required by law, GW personnel are not permitted to seek out Accounts or review Electronic Information when not germane to system protection, maintenance, and support. GW limits any unavoidable access to Accounts and Electronic Information to the minimum required to perform such duties.
• Continuity of Operations
  GW may access Authorized Users’ Accounts and Electronic Information for the purpose of ensuring business continuity, including but not limited to, disaster recovery, a disruption in some or all of GW’s operations and services, and when the Authorized User is absent (due to a period of leave, for example) and the information is critical to conduct university business. Access to relevant Accounts or Electronic Information for this purpose will only be permitted in order to ensure business continuity. Access must be requested and approved by Human Resources Management and Development or Faculty Affairs, as appropriate. 
• Life & Safety Matters
  GW may access Authorized Users’ Accounts and Electronic Information to address exigent situations that present potential or actual threats to the safety of the campus or to the life, health, or safety of any person(s). Access must be approved by the GW Police Department.
• Legal Process and Litigation
  GW may access Authorized Users’ Accounts and Electronic Information in connection with threatened or pending litigation (for example, in furtherance of discovery requirements and in the defense of the university and its employees in the course of litigation), in response to lawful demands for information in connection with law enforcement investigations, and other government investigations (such as investigations by the Equal Employment Opportunity Commission (EEOC), the Office for Civil Rights (OCR) or the DC Office of Human Rights), compulsory legal processes, subpoenas, and related legal requirements. Access for legal process and litigation purposes must be approved by the Office of the General Counsel, which will make a determination as to whether the demand for information is lawful.
• Internal Investigations 
  GW may access Authorized Users’ Accounts and Electronic Information in connection with internal investigations involving members of the university community when the university determines in good faith that such access is justified in determining whether there has been a violation of a university policy or legal obligation. This access may occur only with the approval and under the direction and oversight of the Office of the General Counsel, in consultation with the Office of Ethics, Compliance, and Risk, as well as the Provost or Vice President for Human Resources, as appropriate.

Except as set forth under this policy or as otherwise required by law, no GW personnel are permitted to access Accounts or seek out Electronic Information of others when not carried out in response to a Legitimate Purpose. Furthermore, where there is a Legitimate Purpose, the right to access, copy, preserve, monitor, review, and search Accounts and Electronic Information is limited to the least amount of Electronic Information possible to meet the purpose, with access by the smallest number of GW personnel necessary upon on a need-to-know basis. 

Furthermore, as with the case for non-electronic information stored in university facilities, if information is not readily available or otherwise cannot be obtained through shared files with common access, GW personnel should keep in mind that the need for access to Accounts and Electronic Information will most often be met (and should normally be sought) by requesting it directly from the custodian, where practicable. Notwithstanding, when accessing an Account or the Electronic Information of an Authorized User for Legitimate Purposes, no additional notice, beyond what is provided by this policy, is required. Further, prior notification will not be made where it may result in destruction, removal, or alteration of data, is not appropriate or practical due to the urgency of the circumstances. 

While Authorized Users are required to use GW IT Resources to conduct business on behalf of the university, and reasonable incidental personal use of GW IT Resources is permitted when such use is consistent with the Personal Use of University Resources Policy, Authorized Users should not have an absolute expectation of personal privacy with respect to their Accounts and Electronic Information while using GW IT Resources. Should Authorized Users have personal matters they wish to keep private from the university, they should consider using non-university resources for those matters.