Within the framework established by the statement "Computing and Electronic Communications at Duke University: Security and Privacy", (see http://www.oit.duke.edu/oit/policy/ITACPolicy.html) Duke University AUTHORIZES access to employee, student, patient, or donor information both paper and electronic to the extent that is necessary to carry out your job responsibilities (see attached job description.)
Duke University defines UNAUTHORIZED ACCESS as:
I acknowledge the confidential nature of non-public information regarding our employees, students, patients, donors, and other members of the Duke community. Consistent with applicable policies and guidelines, I will respect and safeguard the privacy of members of the Duke community and the confidential nature of their information. Without limiting the general nature of this commitment, I will not access or seek to gain access to confidential information regarding any past or present employee, student, patient, or donor of Duke University and Duke University Health System except in the course of fulfilling my job responsibilities. I understand that in this context, confidential information is considered to be all non-public information that can be personally associated with an individual.
If in the course of executing my job responsibilities, I accidentally access information that others might consider inappropriate for me to access (i.e. a co-worker, family member, high ranking person, etc), I will notify my supervisor of the date and time of the access so that if a question arises at a later time, it will be understood that the access was accidental. I will not disseminate any such information without proper authorization.
I will not use another's computer sign-on or computer access code or provide another the use of an individual's sign-on code to gain access to confidential information without proper authorization. I will not disclose confidential information to those who are not authorized to receive it. In addition, I will not, without proper authorization, copy or preserve by paper writing, electronic, or any other means confidential information, nor will I disseminate any such information without proper authorization. If I am in doubt about whether the authorization provided is "proper" I will consult the University IT Security Officer for guidance.
I acknowledge the receipt of my IDs and Passwords. I understand that passwords are the equivalent of my signature. I understand that I will only access information that is required for me to perform my assigned tasks. I acknowledge that if I disclose passwords to any other person, I will be fully accountable and responsible for any use or misuse by that individual to the same extent as if I had performed the act or omission. If I have any reason to believe that the confidentiality of my passwords has been violated, I will notify my department head or supervisor immediately and ensure that the passwords are promptly changed. If I believe I have been asked to access or release information that lies outside my defined job responsibilities, I will notify the University IT Security Officer and request guidance.
Under certain circumstances, disclosure of confidential information may be punished as a criminal offense.
I understand and agree that a violation of any portion of the confidentiality policy renders me subject to disciplinary or corrective actions that may result in sanctions including, but not limited to, expulsion, discharge, and/or revocation of employee or student privileges.