Requests such as these must be approved by either the Provost/Vice President (Academic), or by the Vice President (Administration). They may also be reviewed by the Privacy Officer to ensure that all efforts are made to protect the privacy of the account holder.
The Information Security Policy addresses this type of request in statement 36, so the procedure applies to any account covered by the Policy. This includes any McMaster managed service where a person can save or create private information. Some examples include:
- “Home” drives, MacDrive, or MacDrop accounts
It is the responsibility of the requestor to gain approval for access to another person’s account. Requests must include details about the information that is required, why it is required, and for how long access to the account is needed.
Requests should be forwarded to directly to the appropriate Vice President for review and approval.
Once approved the request is forwarded to the University Privacy Officer, who has the discretion to recommend additional constraints. For example, the Privacy Officer may reduce the amount of time that the account can be accessed, or require that all access is monitored by another party.
The service provider is responsible for providing the access, and ensuring that all recommended constraints and controls are applied. For example, the Computer Services Unit would be responsible for enabling access to a MacMail account, applying the constraints and controls, and revoking access when the request expires.
The IT Security team will review and monitor all requests to ensure that every effort is made to comply with the recommendations of the authorizing Vice President and the Privacy Officer.