CSUF Online Privacy Polices and Standards

 

California State University, Fullerton (CSUF) safeguards the privacy of all visitors to our websites and applications. CSUF does  not redistribute or sell personal information collected through our websites and applications. California State University, Fullerton  complies with all applicable state and federal privacy statutes, including, but not limited to, the Higher Education Opportunity Act (HEOA), Family Educational Rights and Privacy Act (FERPA), the Health Insurance Portability and Accountability Act (HIPAA), the California Public Records Act, the Integrated CSU Administrative Policy for Responsible Use and associated Data Security Policies. The University will also comply with lawful subpoenas or court orders; the scope of these may include data gathered through websites and applications.

 

 CSUF Online Privacy Policy PDF File Opens in new window

CSUF WORLD WIDE WEB POLICY PDF File Opens in new window

California State University, Fullerton recognizes the importance of the Internet as a means to provide information about its programs and services, support its Mission & Goals and provide access to informational resources for study and research. This Policy is intended to promote use of the Internet as a publishing medium by clarifying the responsibilities of authors and providing guidelines for the production of accurate, useful and attractive web sites that enhance the university’s standing in the global academic community.

 

Assessment results of this policy will be kept on record by Information Security Office.

Compliance

The University reserves the right to temporarily or permanently suspend, block, or restrict access to information assets when it reasonably appears necessary to do so to protect the confidentiality, integrity, availability, or functionality of those assets.

Information Technology Security

CSUF Mobile Device Access

Having adequate levels of controls in place to protect data stored on mobile devices is paramount to the security of CSUF information assets. To validate that appropriate levels of access are in place, and in support of the CSU’s ICSUAM policy 8045.400 for mobile devices, Cal State Fullerton maintains standards for requesting the use of mobile storage devices.

Mobile storage devices include but are not limited to unattached storage drives of any size or format, thumb drives, SD cards, CD’s, DVD’s, or any other storage device/media that is not a part of the design and manufacture of a University assigned computer.

CSUF Mobile Device Passcode Policy Opens in new window

 

Assessment results of mobile devices will be kept on record by Information Security Office.

Compliance

The University reserves the right to temporarily or permanently suspend, block, or restrict access to information assets when it reasonably appears necessary to do so to protect the confidentiality, integrity, availability, or functionality of those assets.

Information Technology Security

CSUF COMPUTING RESOURCES USE POLICY

School computers are to help people learn. Don't abuse your computer priviledges. 

The purposes of the University computing and communications resources are to provide a setting and opportunity for members of the academic community to express and explore ideas openly and freely subject to conditions and terms of this policy, to acquire and develop the skills of intellectual inquiry, and to examine critically the values of culture and society. This policy assumes as a condition of use the exercise of common sense, common courtesy, and a respect of the rights and property of the University and others. In keeping with its mission, the University provides computing and communications resources to members of its community. The computers, networks, and computing facilities made available by the University for student, faculty, and staff use are the property of California State University,Fullerton, and are provided for the completion of academic requirements, scholarship, and administration of the University. This policy sets forth users' rights and responsibilities and is designed to address related access, use, and privacy issues in a way that meets intellectual and creative needs of campus users. The University's legal responsibilities assures the maintenance of the campus network systems and treats the campus community with respect.

CSUF COMPUTING RESOURCES USE POLICY PDF File Opens in new window

 

Assessment results will be kept on record by Information Security Office.

Compliance

The University reserves the right to temporarily or permanently suspend, block, or restrict access to information assets when it reasonably appears necessary to do so to protect the confidentiality, integrity, availability, or functionality of those assets.

PRESIDENT'S DIRECTIVE NO. 13

CSUF Information Security DIRECTIVE

This Directive applies to the collection, use, maintenance, and release of protected information by the University or, when applicable, by any of its auxiliary or affiliate organizations and the development of a campus wide information security strategy. Securing information protected by federal and state law as well as California State University (CSU) policies and procedures, is essential. As such, the University will: Comply with all federal and state laws and regulations, as well as CSU policies and procedures, concerning the collection, use, maintenance, and release of protected information. Develop, implement, and monitor administrative, technical, and physical safeguards to mitigate unauthorized intrusion, malicious misuse, or inadvertent compromise of protected information. All individuals working with protected information are responsible for collecting, using, maintaining, and releasing it in accordance with federal and state laws or regulations, as well as CSU policies and procedures.

CSUF PRESIDENT'S DIRECTIVE NO. 13 Opens in new window

 

Policy for Sending Unsolicited Electronic Announcements

Cal State Fullerton maintains an electronic message network exclusively for its students, faculty and staff, as well as staff of its auxiliaries and affiliate organizations (Emeriti, for example), to facilitate the achievement of its Mission and Goals. This Policy outlines acceptable content and methods of distributing unsolicited electronic announcements through that system.

I. Distribution of Electronic Announcements

A faculty or staff member in the fulfillment of their employment responsibilities may send an unsolicited electronic announcement to a group of individuals involved in or associated with a specific program (for example, all students involved in Educational Outreach), category (for example, all students past due on payments or all part-time faculty), operational unit (for example, all staff in the Division of Student Affairs) or academic unit (for example, all students with the same major or all faculty and staff in the same department).

A Division Head may send an unsolicited electronic announcement to generic groups of account holders such as "all faculty," "all students," "all students in a particular college," or "all staff" to communicate information they deem critical to the achievement of the university's Mission and Goals. These messages may be sent from the desktop of the Division Head or their designee and must be limited to the following: - Messages from the President - A health or safety issue, or an issue of a similar nature, impacting a significant portion of the campus community - Physical plant conditions or activities impacting a significant portion of the campus community - The university's network - CSU or university policies and procedures - Employment-related issues or - Student academic deadlines, requirements and other information, including financial

II. Campus Bulletin Board

A faculty or staff member in the fulfillment of their employment responsibilities, or a student or affiliate club or organization sponsoring a campus event, may request that the appropriate Division Head or designee post an unsolicited electronic announcement to the campus electronic message website (currently operating as the Campus Bulletin Board). These messages must originate from a university department, unit, division or program; auxiliary; or a student or affiliate club or organization.

III. Content Guidelines

Unsolicited electronic announcements that pertain to profit making, selling, promoting or other entrepreneurial activities of individuals or groups unaffiliated with the university; imply university endorsement of a partisan, political or religious position; serve as a conduit for organizations or individuals not affiliated with the university; or contain messages of a political or personal nature may not be sent unless (a) representative of a university position or Board of Trustees' action or (b) authorized under federal or state law or a ratified MOU.

IV. Responsibility

The Chief Information Officer will administer this Policy, and the Chief Information Officer or designee will serve as the university's Postmaster.

Senders of unsolicited electronic announcements will be held responsible for adhering to this Policy. Conduct that violates this Policy is subject to appropriate discipline, up to and including dismissal or expulsion. Questions concerning the appropriateness of an unsolicited electronic announcement may be directed to the Chief Information Technology Officer or designee.

Approved By: President's Administrative Board No prior version. Administered By: Chief Information Technology Officer Date: May 1, 2002

CSUF Faculty & Staff Password Policy

Based on CSU policy requirements and information security best practices, the campus password expiration guideline requires that all Faculty and Staff change their campus password during the months of February, May, and September.

CSUF Faculty & Staff Password Policy Opens in new window

 

CSU Responsible Use Policy

This policy is intended to define, promote, and encourage responsible use of CSU information assets among members of the CSU community. This policy is not intended to prevent, prohibit, or inhibit the sanctioned use of CSU information assets as required to meet the CSU’s core mission and campus academic and administrative purposes.

CSU Responsible Use Policy PDF File Opens in new window

Assessment results of this policy will be kept on record by Information Security Office.