Re: Privacy policy question

["John K. Lerchey" <lerchey () ANDREW CMU EDU>]

Hi,

Ours does, and has for quite some time.

I've pasted in the wording from each section as we have separate details 
for faculty, staff and students.

"Whenever possible and legally permissible, notification must be given 
to the faculty member whose data are subject to subpoena, search 
warrant, or order of court prior to compliance therewith, and, whenever 
possible and legally permissible, sufficient time must be allowed, 
before intrusion, to allow the faculty member to file a motion to quash. "

"Whenever possible and legally permissible, notification must be given 
to the staff member whose data are subject to subpoena, search warrant, 
or order of court prior to compliance therewith. "

"Whenever possible and legally permissible, notification must be given 
to the student whose data are subject to subpoena, search warrant, or 
order of court prior to compliance therewith."

John

On 6/1/2012 10:03 AM, David R. Millar wrote:
> I was just reading EFF's chart about how different companies handle
> requests for users' data
>
> https://www.eff.org/pages/who-has-your-back#promising-to-inform
>
> and I got to wondering:
>
> Does any educational institution commit in their Privacy Policy to notify
> users of legal demands for their data (unless required otherwise by law)?
>
> I mean Policy with a capital "P".  I know some institutions take that
> approach in practice, but I'm actually wondering if anyone has formalized
> that practice in written Policy.
>
> Thanks,
> Dave
> --
> David Millar
> Consultant
> Massachusetts Institute of Technology
> IS&T | Operations&  Infrastructure | IT Security
>
> twitter.com/@SecurityTrot
> www.linkedin.com/in/mitdavidmillar


--
John K. Lerchey
Incident Response Coordinator
Information Security Office
Carnegie Mellon University