Viewable by the world
Title: |
Privacy, Monitoring, and Access without Consent |
Publication date: |
2/4/2014 |
Effective date: |
2/4/2014 |
BRIEF
Policy Summary
To further the secure and acceptable use of Laboratory Information Technology (IT) and Information at Berkeley Lab, this policy:
- Defines no expectation of privacy in use
- Establishes authority to monitor and consent to monitoring
- Establishes policies and procedures for Access without Consent
Who Should Read This Policy
- Employees and affiliates
- Other users of Laboratory IT, including collaborators and visitors
To Read the Full Policy, Go To:
The POLICY tab on this wiki page
Contact Information
Information Technology Policy Manager
Information Technology Division
[email protected]
Title: |
Privacy, Monitoring, and Access without Consent |
Publication date: |
2/4/2014 |
Effective date: |
2/4/2014 |
POLICY
A. Purpose
To further the secure and acceptable use of Laboratory IT and Information at Lawrence Berkeley National Laboratory (Berkeley Lab), this policy:
- Defines no expectation of privacy in use
- Establishes authority to monitor and consent to monitoring
- Establishes policies and procedures for Access without Consent
- Seeks to ensure that Access without Consent is consistent with the value of privacy in individual activity and behavior that is consistent with the scientific mission of the Laboratory
B. Persons Affected
This policy applies to employees and affiliates as well as casual users of Laboratory IT and resources, including collaborators and visitors.
C. Exceptions
Not applicable
D. Policy Statement
- Expectation of Privacy
- No Expectation of Privacy: Users have no expectation of privacy when they use Laboratory IT, subject to applicable state, federal, Department of Energy (DOE), and University laws and regulations.
- Authority to Monitor
- Authority: System administrators have limited authority to monitor systems for availability and security; however, only the Chief Information Officer, Laboratory Director, or Chief Operating Officer may grant broad authority to monitor content and transactions on Laboratory IT for security purposes and acceptable use.
- Minimal Access: Employees engaged in monitoring must access the minimum amount of information necessary to accomplish any monitoring task and must treat information in a confidential manner as appropriate.
- Notice of Monitoring: This policy serves as Notice of Monitoring. Systems with external users must provide notice to these users. Acceptable ways of providing notice include but are not limited to requiring users to sign an agreement or linking to the LBNL Privacy and Security Notice.
- Exceptions: The monitoring or recording of telephone conversations is illegal without the consent of all parties.
- Consent to Monitoring
- Consent: Use of Laboratory IT constitutes consent to monitoring. Any or all uses of Laboratory IT may be intercepted, monitored, recorded, copied, audited, inspected, and disclosed to authorized University, DOE, and law-enforcement personnel. Some Berkeley Lab services are provided by third-party providers or monitored by external parties. Where applicable, employees and affiliates acknowledge monitoring by Berkeley Lab, the third-party provider, or external party. Authorized investigative agencies may access any DOE computer used during the period of access to information on a DOE computer, and for a period of three years thereafter.
- Written Consent: Use of Laboratory IT serves as written consent to the requirements and policies of the LBNL Privacy and Security Notice for that system and all other DOE systems. In addition, SEC 0203 Notice of External Monitoring serves as written consent of external monitoring by third-party providers or external parties.
- Access without Consent
- Individual Access. Individual Access without Consent is access, without a user's permission, to Laboratory Information that is normally available to only that user. This access occurs for either investigations or operational necessity and exceeds normal monitoring activities.
- Data Access. Data Access without Consent is access to Laboratory Information, which is not normally available to the requestor, which provides individually identifiable information or recordings regarding the activities, actions, or behaviors of employees, affiliates, and other users of Laboratory IT or resources.
- Authorizations for Access without Consent
- Investigation of Wrongdoing: The Laboratory Chief Operating Officer or Laboratory Counsel must authorize access for purposes of investigation of wrongdoing.
- Legal Requests: Laboratory Counsel must authorize access for legal requests, including requests from law enforcement.
Individual Access: The table below defines the authorization required for individual access for operational access and changes. The Access without Consent Procedurecontains the list of privacy implicating services.
Employee or Affiliate Status
Operational Access
Operational Changes
Non-privacy implicating
Privacy implicating
Active or On Leave
Supervisor or equivalent
Division director or designee
Supervisor or equivalent if the individual is unavailable
Terminated
Supervisor or equivalent
Division director or designee
Supervisor or equivalent
- Data Access: The System Owner may authorize access to information for the purposes of operational access or changes.
- Fair and Reasonable Access: Employees responsible for authorizing Access without Consent must ensure that requests for access are fair and reasonable, given the potential for abuse inherent in Access without Consent and despite no expectation of privacy in the use of Laboratory IT.
- Least Intrusive Means Possible: Methods of access for operational purposes must be limited to the least-intrusive means possible. For example, it is less intrusive to set a vacation message (an operational change) than to give access to e-mail (operational access). Read the service provider guides at this page for help on providing least intrusive means possible.
- Minimal Involvement: To maximize confidentiality, the number of persons involved must be limited to only those required to initiate and conduct access.
- eDiscovery: The IT Division must provide a point of contact to provide and/or coordinate the provision of access for investigation of wrongdoing and legal requests and to advise on operational access and changes.
E. Roles and Responsibilities
Employees engaged in monitoring or Access without Consent must adhere to the provisions of this policy. This policy also emphasizes the following roles and responsibilities:
Role |
Responsibility |
Chief Operating Officer |
Approves requests for Access without Consent for purposes of investigating wrongdoing; ensures that requests are fair and reasonable |
Laboratory Counsel |
Approves requests for Access without Consent for legal purposes and to investigate wrongdoing; ensures that requests are fair and reasonable; ensures that requests adhere to applicable laws and policies |
eDiscovery |
Provides and/or coordinates the provision of Access without Consent for investigation of wrongdoing or legal requests; assists with identifying the least-intrusive means possible, including advising service providers, for operational access or changes; coordinates Laboratory approach to e-Discovery at the direction of Laboratory Counsel |
IT Policy Manager |
Helps to ensure that the provision of Access without Consent is fair and reasonable and supports autonomy privacy despite no expectation of privacy in the use of Laboratory IT; determines the list of privacy implicating services |
Division directors |
Ensure that operational access is not for investigatory purposes and that requested access is necessary to accomplish the function; assess if a request for Access without Consent may lead to an investigation and routes the request to the appropriate authorizer |
Supervisors, system owners, other authorizers, or other requestors for Operational Access without Consent |
Ensures that a good-faith effort is made to obtain consent from the individual before requesting operational access or changes; ensures that operational access or changes are not for investigatory purposes and that requested access is necessary to accomplish the function |
F. Definitions/Acronyms
Term |
Definition |
Laboratory IT |
Berkeley Lab-managed IT, including computing devices, networks, services, and accounts |
Access without Consent |
Individual Access without Consent is access, without a user's permission, to Laboratory Information that is normally available to only that user. This access occurs for either investigations or operational necessity and exceeds normal monitoring activities; Data Access without Consent is access to Laboratory Information, which is not normally available to the requestor, which provides individually identifiable information or recordings regarding the activities, actions, or behaviors of employees, affiliates, and other users of Laboratory IT or resources |
Investigation of wrongdoing |
Access to identify or detect suspected wrongdoing; examples include examining an employee's e-mail for indication of violations of policy, searching through network-level records for indications of "time wasting," or to access data from card reader systems to investigate an incident |
Legal requests |
Legally enforceable requests, such as a subpoena, search warrant, court order, national security letter, or public records request, and requests for voluntary disclosure of information |
Operational access |
Access to gather operational information or provide continuity of service; for example, a work document in an individual account |
Operational changes |
Access required to modify an operational feature; examples include changing/activating a vacation message for an employee, or changing outgoing voice mail |
G. Recordkeeping Requirements
None
H. Implementing Documents
Document Number |
Title |
Type |
10.01.005.001 |
Letter granting broad authority to monitor the Computer Protection Program |
Letter |
10.01.005.002 |
Instructions |
|
10.01.005.003 |
Notice |
|
10.01.005.004 |
Procedure |
I. Contact Information
Information Technology Policy Manager
Information Technology Division
[email protected]
J. Revision History
Date |
Revision |
By whom |
Revision Description |
Section(s) affected |
Change Type |
1/2/2012 |
1 |
J. Bonaguro |
Rewrite for wiki |
All |
Minor |
1/17/2014 |
2 |
J. Bonaguro |
Edit |
All |
Major |
DOCUMENT INFORMATION
Title: |
Privacy, Monitoring, and Access without Consent |
Document number |
10.01.005.000 |
Revision number |
2 |
Publication date: |
2/4/2014 |
Effective date: |
2/4/2014 |
Next review date: |
2/4/2015 |
Policy Area: |
Information Technology |
RPM Section (home) |
Information Management |
RPM Section (cross-reference) |
Section 9.01 |
Functional Division |
Information Technology |
Prior reference information (optional) |
RPM, Chapter 9, Section 9.01 |
Source Requirements Documents
- DOE Office of Science Program Cyber Security Plan, June 2010
- DOE O 205.1B, Department of Energy Cyber Security Program, CRD Section 6
- DOE O 1450.4, Consensual Listening-In to or Recording Telephone/Radio Conversations
- Clause I.124 – DEAR 952.204–77 Computer Security (AUG 2006), as modified by Contract No. DE-AC02-05CH11231, Appendix P, Section 2
Implementing Documents
Document Number |
Title |
Type |
10.01.005.001 |
Letter granting broad authority to monitor the Computer Protection Program |
Letter |
10.01.005.002 |
Instructions |
|
10.01.005.003 |
Notice |
|
10.01.005.004 |
Procedure |
Overview
Community Forums
Content Tools
