Skip Ribbon Commands
Skip to main content
(revision approved by the Information Strategy and Governance Committee on 16 March 2015)​

A.         Purpose

1.      The proper access of Electronic University Data as well as access violations and related penalty, if any, are governed by the "Policy on Use of IT Services and Facilities" and additional regulations defined in this document.

B.          Scope

1.      Access to Electronic University Data is restricted to authorised employees or other individuals for performing assigned duties. Such authorization will be withdrawn when a person's business needs for the data cease.

C.          Statement

1.      Having been granted access to the Electronic University Data, users undertake to keep the data secure and confidential, and shall not disclose such information to any person without approval.

2.      Users should avoid making any copies of data in paper or electronic form (including but not limited to PC, camera, telephone, PDA, USB, ​CD, memory cards, etc.). In cases where the making of a copy is necessitated by the nature of the work at hand, users must take proper security measures to protect the media and the content against damage, theft, fraudulent manipulation and unauthorised access.  Any personal or sensitive data, such as student data, personnel data, or financial data, if stored on portable electronic storage devices, must be encrypted and kept under lock when not in use. All copies of data should be destroyed as soon as their use is no longer required. For electronic storage, the content must be removed from these media in a manner that will render the data unrecoverable.

3.      Users are prohibited to transfer any data to any party without proper authorisation by the respective Data Custodians; and unless with prior approval from the Data Custodian, under no circumstances should data be (i) transmitted via any communication service or (ii) uploaded, stored, or presented onto any external or cloud site which is neither owned nor managed by the University.

D.         Enforcement

1.      Upon consultation with or as advised by the respective Data Custodian, a user may be deprived of the access right to the concerned data at any time by the respective IT Service Provider without prior notice.

2.      ​Failure to comply with regulations defined in this document may result in further penalties as defined in the "Policy on Use of IT Services and Facilities."

E.          Terms and Definitions

1.     ​  A common set of terms and definitions used in the IT Policies and Regulations are defined in the “Policy on Use of IT Services and Facilities” document.

F.           Related Policies and Regulations

1.       This document is only part of the IT Policies and Regulations. The “Policy on Use of IT Services and Facilities” contains a complete list of other documents in the IT Policies and Regulations.

2.       The IT Policies and Regulations may be revised from time to time as necessary without prior notice.

G.         Contact Information

1.       For questions about this document, please contact the Office of the Chief Information Officer (OCIO) at​