In general, information stored within an individual's computer or computer account on shared resources is considered confidential, whether protected by the computer operating system or not, unless the owner intentionally makes that information available to other groups or individuals. Ball State University will assume that computer users wish the information they store on central or shared computing resources to remain confidential unless the user/owner has explicitly made it public. University Computing Services will maintain the security and appropriate confidentiality of all information stored on their computing resources. Similarly, privileged information on individual account usage will be held in confidence. However, users have no right for information stored on computing resources to remain confidential from those who need to know in instances where the University has reason to believe the user is using these resources in an illegal or unethical manner, or in a way inconsistent with the University's institutional purposes or mission.

 The University has an obligation to protect the rights to privacy of the members of the University community in the keeping of personal papers, confidential records, and effects regardless of their media or storage location, subject to the local, state and federal laws and to conditions voluntarily entered into. According to the Access to Public Records Act (Indiana Code 5-14-3), electronic files are treated in the same way as paper files. Any official University documents (as defined by law) in the files of employees of the State of Indiana are considered to be public documents and may be subject to inspection through the Access to Public Records Act.

For the purpose of this policy statement, electronic communications includes but is not limited to electronic mail, Internet services, voice mail, audio and video conferencing sent or received by faculty, staff, students and other authorized users of University computing resources. The University will not monitor or inspect the electronic files or communications of faculty, staff or students except under the guidelines detailed in the next paragraph.

The Director of University Computing Services may authorize the monitoring and inspection of electronic files or communications, but only when requested by subpoena or law enforcement agencies or when a University office has reasonable cause to believe that an individual may have: a) damaged or threatened damage against the University, or University computing systems; b) used the University's computer resources to harass or threaten another individual; c) violated federal, state, or local laws; or d) violated policies contained within the Student Code Handbook, Handbook for Nonexempt Staff Personnel, Handbook for Exempt Staff Personnel, Faculty and Professional Personnel Handbook, Handbook for Service Personnel, or other policies adopted by the Board of Trustees. In such cases, the Judicial Committee of the University Senate or an appointed designee may be called upon to determine which portions may be exempt from disclosure. Any inspection and monitoring of electronic files, the duration of monitoring, and any action based upon such inspection and monitoring, will be governed by all applicable U.S. and Indiana laws and by University policies.

If any computing resource user has evidence of the fact that his or her privacy or other rights have been infringed upon by another user, the affected party may ask for monitoring or inspection through the appropriate University office or legal authority as detailed above. All individuals involved in authorizing the monitoring must keep permanent copies of requests.