network activity logging

[Kevin Shalla <Kevin.Shalla () IIT EDU>]

Recently, we had a complaint about someone using one of our dial-up modems
who was using threatening language in a chat room.  We don't do sufficient
logging to determine who it was.  Is there any legal requirement to do
sufficient logging, and is it advisable to do so?  I remember advice (don't
remember where) saying if you choose to create a policy of logging all
activity that you are responsible for maintaining that, and providing
access when subpoenaed, and if your policy is to not log activity you are
absolved of that responsibility.  What is the liability if someone on
campus / accessing via a modem pool does something illegal - are we liable
because we provide access, or are we liable because we don't provide
information on who it was, or are we not liable?  What do others do
regarding this?  How can we address privacy when the policy is to log activity?

Kevin Shalla
Manager, Student Information Systems
Illinois Institute of Technology
<mailto:Kevin.Shalla () iit edu>

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/memdir/cg/.