| |
Fair Data Search Policy and Procedures
(Updated 3.26.2007)
Policy
A Fair Data Search is a content sensitive
search and recovery of computer files by an impartial, trained third party
in response to a demonstrated need. Such a need may arise from:
- A judicial search warrant or other legal requirement
- Administrative needs
- Enterprise records
- Campus investigation
- Personal needs
- Account owner
- Executor of estate
It should be noted that subpoenas request data from system log files, and
do not require a fair data search, while search warrants seek content-sensitive data, and require a fair data search.
A fair data search should: fulfill the stated purpose,
preserve institutional records, and respect individual privacy. It is
never used for a fishing expedition. Possible origins of the
request include law enforcement, UB administrative departments,
Human Resources, an estate executor, and the individual who
owns the files.
Procedures
-
Authority: A Fair Data Search is approved by the CIO, with the
authority of the President. The search is conducted under the direction
of the Computer Discipline Officer (CDO) or designee.
-
The Search Team: The search team will consist of at least two
specialists, with the CDO as leader. All materials viewed by the search
team are held in strict confidence.
-
Role of the Administrative Department: The administrative unit does
not conduct the search: a trained, impartial third party conducts the search.
The unit will be consulted. They may also provide
technical support when needed due to idiosyncracies of their systems.
-
Schedule. The search is scheduled based on urgency of need, availability of
resources, and mutual convenience between department and search team.
-
Search Depth/Limits: Where possible, the depth and time limits
of the search will be negotiated based on the value of the recovered
information.
Judicial searches are limited as described in the search warrant.
-
Items to Search:. The search may include all of the following:
Institutional email (.buffalo.edu), departmental email (.eng, .cse, etc.),
desktop machines, UB-owned laptops, departmental servers.
-
Format of final product: The recipient must specify at the outset
how s/he would like to receive the final product of the search: on electronic
disk, via email, via secure ftp, or a paper copy.
-
Data Preservation: Copies of all files/emails are made to preserve
the originals. All searching is performed on the copies.
-
Data Trimming: If appropriate, all files/emails beyond the appropriate
timeframe are removed. Spam is then removed from email.
-
Heuristics: The following heuristics
may be used: sort by thread, sort by sender, or use folder and file names as a guide. The search team will determine the appropriate heuristics.
-
Record keeping: Careful notes are kept on who conducted search,
times and dates, places, etc. Any anomalies are noted.
Contacts:
Richard H. Lesniak, PhD
Director, Academic Services, CIT
University at Buffalo
201 Computing Center
Buffalo, New York 14260
Phone: (716) 645-6158
Fax: (716) 645-3734
E-mail: lesniak@buffalo.edu
University at Buffalo's Computer Discipline Officer:
Michael J. Behun, Jr.
Computer Discipline Officer
University at Buffalo Information Technology
247 Computing Center
Buffalo, New York 14260-1408
Phone: (716) 645-7739
Fax: (716) 645-3734
E-mail: behun@buffalo.edu
|
|
|
|
Related Links
|
