1. The proper access of Electronic University Data as well as access violations and related
penalty, if any, are governed by the "Policy on Use of IT Services and
Facilities" and additional regulations defined in this document.
1. Access to Electronic
University Data is restricted to authorised employees or other individuals
for performing assigned duties. Such authorization will be withdrawn when a
person's business needs for the data cease.
1. Having been granted access to the Electronic University Data, users
undertake to keep the data secure and confidential, and shall not disclose such
information to any person without approval.
2. Users should avoid making any copies of data in
paper or electronic form (including but not limited to PC, camera, telephone,
PDA, USB, CD, memory cards, etc.). In cases where the making of a copy is
necessitated by the nature of the work at hand, users must take proper security
measures to protect the media and the content against damage, theft, fraudulent
manipulation and unauthorised access.
Any personal or sensitive data, such as student data, personnel data, or
financial data, if stored on portable electronic storage devices, must be
encrypted and kept under lock when not in use. All copies of data should be
destroyed as soon as their use is no longer required. For electronic storage,
the content must be removed from these media in a manner that will render the
3. Users are prohibited to transfer any data to any
party without proper authorisation by the respective Data Custodians;
and unless with prior approval from the Data Custodian, under no circumstances should data be (i) transmitted via any communication service or (ii) uploaded,
stored, or presented onto any external or cloud site which is neither owned nor
managed by the University.
1. Upon consultation with or as advised by the respective Data Custodian, a
user may be deprived of the access right to the concerned data at any time by
the respective IT Service Provider
without prior notice.
2. Failure to comply with regulations defined in this
document may result in further penalties as defined in the
"Policy on Use of IT Services and Facilities."
Terms and Definitions
1. A common set of terms and definitions used in the IT Policies and Regulations are defined
in the “Policy on Use of IT Services and Facilities” document.
Policies and Regulations
1. This document is only part of the IT Policies and Regulations. The
“Policy on Use of IT Services and Facilities” contains a complete list of other
documents in the IT Policies and
2. The IT
Policies and Regulations may be revised from time to time as necessary
without prior notice.
1. For questions about this document, please contact the Office of the Chief Information
Officer (OCIO) at email@example.com.