Electronic Monitoring Transparency Policy approved
November 14, 2022
Share
Queen’s University has recently approved a new Electronic Monitoring Transparency Policy. The policy, which took effect Oct. 12, 2022, was created to meet legislated requirements set out by the province.
Electronic monitoring is the use of technology to intentionally track the activity of university assets and resources. Queen’s has an invested interest in protecting its assets and resources, which can include physical properties such as Queen's buildings and campuses, as well as digital properties like the network, websites, services, and computers that the university provides.
A summary of this policy can be found below. The full policy is available on the University Secretariat website.
A video and FAQ available on the IT Services website also provide a quick summary of the Electronic Monitoring Policy.
What is the purpose of Electronic Monitoring at Queen's?
At Queen’s, assets and resources are electronically monitored to make sure they are functioning properly and to protect them against threats. Electronic monitoring of our assets and resources also ensures the best experience for Queen’s community members and guests. In other words, Queen’s monitors things to make sure they are working properly.
Electronic Monitoring Activities
The two activities that comprise electronic monitoring are the passive collection of data and the active review of the collected data.
- An example of passive collection in the physical world is the collection of video footage from security cameras. Active review is exemplified by monitoring closed circuit television or reviewing stored video to see what is happening or has happened in that physical space.
- An example of passive collection in the digital world is the collection of all login events from OnQ. Active review is completed by cybersecurity systems that detect unusual activity to determine if any accounts have been compromised. This active review may also include the review of stored login events as part of an investigation.
Cause, Oversight, and Limitations
The data collected from electronic monitoring includes data that could be used to track the activity of identifiable employees; however, the data is not used in this way by default. Employees have the right to a reasonable expectation of privacy and the university respects that right. It is essential to balance the university’s interests and employees’ privacy rights. To help strike this balance, before an employee can be actively monitored or before passively collected data is used to review an employee’s activities, there must be a reasonable cause for concern, oversight, and limitations regarding the data that can be accessed.
Some of the reasons that an employee may be electronically monitored include:
- Active physical or cybersecurity events
- Suspected violations of university policy or applicable laws
- Identified concerns with employee performance, behaviour, or conduct
On occasion, Queen’s may need to access the contents of an employee’s NetID account such as their Queen’s email or OneDrive. This is most often done for business continuity purposes and may be part of an investigation.
Electronic monitoring is always done with oversight from an appropriate authority at the university. In cases where the university must access the contents of an employee’s email or OneDrive account directly, this oversight is provided through the Access Authorization Procedure.