This policy addresses the College's commitment to protecting and defending the privacy of authorized users of its Information Technology (IT) systems (network and IT services), and other systems that are capable of recording information about the user. Authorized users are individuals with a Whitman Network ID and Password.

This policy is informed by the principles of the 2014 report from the American Association of University Professors entitled "Academic Freedom and Electronic Communications."

All members of the Whitman community are subject to the inherent insecurity of electronic information particularly on the Internet, and are responsible for ensuring the privacy of their account (e.g. users should use a secure password, not share their passwords or access to their accounts, encrypt sensitive data, etc.).

Despite the College's adherence to these policies it cannot assure the Whitman Community protection from the sorts of activities broadly referred to as "hacking" whose consequence might include a loss of electronic privacy.

I. The College is committed to protecting the privacy of the Whitman Community as it concerns materials stored on College computers or transmitted electronically on College networks or IT infrastructure. The College does not sell, share, or rent account information in ways different than are described in this policy. Whitman College will not access or monitor computer accounts, usage of IT services, personal files, or other electronic records except when:

  1. Authorized by the user(s), or
  2. Performing maintenance necessary for the operation of the relevant systems, or
  3. Required by vendor contract after vetting by the CIO and Information Security Officer for security and/or privacy matters, or
  4. Necessary for billing purposes (e.g. long distance), or
  5. Required by court order, or
  6. As a part of a formal investigation into a violation of College policy.

II. While it is necessary to store some information about users and individual use of electronic services, neither this information nor knowledge derived from this information will be accessed unless:

  1. It is required to maintain the integrity and availability of the College's IT or electronic infrastructure, or
  2. There is clear evidence suggesting that the security and/or the integrity of the system is being compromised, or
  3. Such access is in direct support of a law enforcement investigation, and then only with a court order, or
  4. Such access is a necessary part of a formal investigation into a violation of College policy.

User(s) will be notified of access that falls under the exceptions in both sections I and II unless expressly prohibited by law or per policies and procedures in the faculty code and handbook, staff handbook, student handbook, or grievance policy.

In the situations described above in sections I and II, only the Chief Information Officer or the Information Security Officer, in consultation with the relevant senior officer, will authorize the release of this information or its derivatives to the requesting party.

III. Whitman College is committed to the free flow of ideas and the freedom of electronic speech. The College will actively protect the Whitman Community's freedom of expression. The content of electronic communication is not censored; this includes, but is not limited to, personal web pages, postings to unmoderated listservs and social media, and email. However, in accordance with the principles of this policy, the following limitations apply:

  1. The volume of information may be limited without regard to content because of the technical constraints of the system (example: internet bandwidth becomes saturated or a compromised account is used to send spam).
  2. The College retains the right to protect itself from liabilities posed by the electronic behavior of members of the College, if these behaviors are in violation of College policies or local, state, and federal laws. Otherwise the College will make every reasonable effort to defend users whose rights to freedom of expression are being challenged.
  3. Users are expected to abide by the laws of the State of Washington and the United States and by the policies of the College.

Approved by the Faculty, April 17, 2019