HomeSt. Matthew's University

Appendix D Policy Implementation and Practices

A. Complaint Filing

a. Complaints may be filed with Information Technology Services via e-mail (This email address is being protected from spambots. You need JavaScript enabled to view it.This email address is being protected from spambots. You need JavaScript enabled to view it.), in writing, in person, or internally through routine monitoring and detection of a system/network problem or unusual event.

b. Complaints must be filed by the individual who was harmed.  St. Matthew's University will respond to requests for assistance from law enforcement accompanied by a court order, subpoena or search warrant.

c. St. Matthew's University will act on anonymous and third party complaints only in the event of a health and safety issue.  Otherwise, the individual who has been harmed will be contacted and asked to file a formal complaint.

f. ITS may also be contacted to report infractions when the complainant is unable, or it is not desirable, to do so through other channels.

B. Complaint Review and Investigation

a. The Director of Information Technology or designee reviews each complaint to initially determine whether a potential policy or legal violation has occurred based on the evidence provided. 

1) If not, the complainant is notified in writing as to why it does not constitute a violation and the incident will be closed.

2) If yes, but additional information is needed, the complainant will be asked to provide it, e.g., system logs, e-mail headers.

3) If yes, but the violation does not involve University resources, the complainant will be advised on what if any action they can take.

4) If the complainant fails to produce enough evidence to make a determination, they will be notified and the incident will be closed and filed for future reference.

b. If it appears a violation has occurred and sufficient evidence has been gathered, ITS will make an initial determination as to what happened, where it happened, and who initiated the activity.  A trouble ticket will be created for each unique event to track and record the incident investigation and resolution.

3) If the event involves a breach of system security in which any individualÂ’s unencrypted personal information was, or is reasonably believed to have been, disclosed to an unauthorized person, the breach should be reported immediately to ITS.

c. A serious incident may result in simultaneous investigations and actions by ITS, non-ITS system/network administrators and law enforcement.

d. Administration will be contacted to represent the University if the matter requires interaction with the public, media or other outside interests.

e. ITS will assist University officials with securing and interpreting evidence and conducting investigations when requested or legally required to do so.

C. Informal Resolution

a. Once ITS has determined that a violation has occurred and the nature of the violation is known, the Director of Information Technology or designee will contact the alleged violator by e-mail, phone or in-person to informally resolve the complaint.

b. The individual will be advised of the nature of the complaint and the evidence collected and asked to provide an explanation.

c. If the individual does not appear to be responsible (e.g., a third party misused their account), ITS will counsel the user on how to prevent future occurrences of the specific problem and continue its investigation.

d. If a St. Matthew's University community member is responsible but the violation appears to be accidental or unintentional on their part, ITS will counsel the user on how to prevent future occurrences of the specific problem.

e. If they have no history of prior violations, they will generally be given a warning and advised that future violations will result in formal action. 

f. Individuals with a prior history of violations or involved in a serious violation will be referred to the appropriate campus authority for formal action and resolution.

D. Formal Resolution

a. Formal actions, including disciplinary hearings, imposition of sanctions, and appeals will be handled through existing disciplinary/grievance processes for St. Matthew's University students, faculty and staff.

c. It will be the Director of IT's role and responsibility to advise and counsel the appropriate disciplinary authorities regarding the nature of the violation and its impact on campus resources, policy and practices, and to assist them in determining the seriousness of the offense if necessary.

f. Potential legal violations and threats to individual health and safety will be referred to local law enforcement.

g. ITS may confer with University Legal Counsel to help determine if a legal violation has occurred before referring the matter to law enforcement officials. 

E. Final Disposition

a. ITS will notify the complainant as to the disposition of their complaint. This could range from advising as to why the matter does not constitute a violation to providing final notice that the matter has been resolved.

b. Specific information about the individual involved will not be disclosed.

c. ITS will record each incident and its resolution to track recurring violations and repeat offenders and to inform future changes to the policy/practices.

d. ITS will implement technical sanctions imposed by the designated campus authority as a result of a formal disciplinary process or as required by law.

Return to Responsible Use Policy