(4) Electronic University Data Regulations

A. Purpose

The proper access of Electronic University Data as well as access violations and related penalty, if any, are governed by the "Policies on Use of IT Services and Resources" and additional regulations defined in this document.

B. Scope

Access to Electronic University Data is restricted to authorised employees or other individuals for performing assigned duties. Such authorization will be withdrawn when a person's business needs for the data cease.

C. Statement

  1. Having been granted access to the Electronic University Data, users undertake to keep the data secure and confidential, and shall not disclose such information to any person without approval. 
  2. Users should avoid making any copies of data in paper or electronic form (including but not limited to PC, camera, telephone, PDA, USB, CD, memory cards, etc.). In cases where the making of a copy is necessitated by the nature of the work at hand, users must take proper security measures to protect the media and the content against damage, theft, fraudulent manipulation and unauthorised access.  Any personal or sensitive data, such as student data, personnel data, or financial data, if stored on portable electronic storage devices, must be encrypted and kept under lock when not in use. All copies of data should be destroyed as soon as their use is no longer required. For electronic storage, the content must be removed from these media in a manner that will render the data unrecoverable. 
  3. In the event any electronic storage devices containing personal and / or sensitive data are lost, or users suspect there to be potential undesirable data leakage, users should report the incident to [the respective IT Service Provider(s)] in writing as soon as possible.
  4. Users are prohibited to transfer any data to any party without proper authorisation by the respective Data Custodians; and unless with prior approval from the Data Custodian, under no circumstances should data be (i) transmitted via any communication service or (ii) uploaded, stored, or presented onto any external or cloud site which is neither owned nor managed by the University.  

D. Enforcement

Upon consultation with or as advised by the respective Data Custodian, a user may be deprived of the access right to the concerned data at any time by the respective IT Service Provider without prior notice.

Failure to comply with any regulation defined in this document may result in penalties as described in the "Policies on Use of IT Services and Resources."

E. Terms and Definition

A common set of terms and definitions used in the IT Policies and Regulations are defined in the “Policies on Use of IT Services and Resources” document.

F. Related Policies and Regulations

This document, Electronic University Data Regulations, is only part of the policy.  The “Policies on Use of IT Services and Resources” document contains a complete list of other relevant regulations.

The IT Policies and Regulations may be revised from time to time as necessary without prior notice.

G.  Contact Information 

For questions about this document, please contact the Office of the Chief Information Officer (OCIO) at cio@cityu.edu.hk.