The following guidelines aim to remind staff members, particularly those who need to handle personal data in the course of their duties, the data privacy they must observe in electronic communications and storing personal data with the use of portable storage devices, personally-owned computers and public clouds.
Staff members are also referred to “The University of Hong Kong Statement of Ethics on Information Technology (IT) Use” on the guiding principles of using IT services and facilities in the University in a responsible manner.
- This Statement of Ethics applies to all use of IT at The University of Hong Kong. “IT” means all IT facilities owned, operated by or located on campus at the University, whether stand-alone or networked and including all hardware, software and data.
IT Use Must be Authorized
- Use of IT at the University is primarily for instructional, research or administrative purposes.
- Authorized use means use pursuant to an individual logon identification, source of funds, password or user code and, in the case of stand-alone IT facilities, appropriate permission.
- Where IT is utilized for outside consultation and direct practice, as distinct from general educational work within the meaning of the Term of Service of the University, it shall be reported and an appropriate payment made.
- IT users shall not exceed their legitimate level of access or authority.
- All IT use is, where applicable, also subject to the regulations governing the use of central IT services.
The Integrity of the IT System Must be Observed
- The use of the IT system at the University implies respect for and adherence to ethical standards designed to protect the integrity of the IT system. Therefore IT users agree not to engage or attempt to engage, in the following conduct; whether or not it entails the performance of any function by an IT system:
- unauthorized access or use of the IT system regardless of any authorized subsidiary purpose;
- deception, false use or impersonation of any other user’s individual logon identification, source of funds, password or user code;
- unauthorized modification of the IT system including deletion, alteration or destruction of IT data or programs or the introduction of computer viruses or other harmful input
- unauthorized modification of the contents of the IT system including any memory or other storage medium with a view to impairing the reliability of, or accessibility to, data stored or otherwise held in any IT system
IT Use Must be Responsible
- The use of the IT facilities must be in a manner that preserves the confidentiality and privacy of others. Therefore, the reading or intercepting of, or the electronic eavesdropping on, any communication or data held on the IT facilities which is intended for another user, is a breach of these principles.
- Where any breach occurs unintentionally, for example through miskeying or during the course of an authorized use, the use shall be discontinued at once.
- Any subsequent disclosure of information obtained as a result of a breach of these principles, other than to the Director of IT Services, shall constitute a breach of this Statement of Ethics.
Confidentiality and Privacy of Other IT Users Must be Respected
- Use of the IT facilities must not intrude upon the legitimate or convenient use of the facilities by others. Trivial applications such as excessive game playing, message sending, storage use, or outputting, constitute non-responsible use.
- Responsible use entails accountability. All IT users are accountable for charges incurred on their respective accounts or sources of funds.
- IT users should follow security features of the facilities. Where a reasonable suspicion exists that either a breach of security has occurred, or is likely to occur, then the onus is upon the IT user to take appropriate measures including the notification of the breach to the Director of IT Services.
The Law Must be Followed and Proprietary Ownership Observed
- This Statement of Ethics is in addition to the law on patents, trademarks, copyright, unfair competition, trade secrets and contract, as well as in addition to any prior restrictions in relation to copying, resale, non-educational use or otherwise.
- The University assumes no responsibility for any infringing, or non-permitted, use.
- Non-compliance with this Statement of Ethics shall constitute IT abuse. The Director of IT Services shall take such action as he thinks appropriate, and shall report repeated and serious offences to the IT Committee, which may recommend appropriate action by the University.