Access and Use Agreement
for UW Data and Information Systems
(“Agreement”)
Check whether you have accepted the current agreement (version 3.0, effective February 18th, 2020). Other versions are available for reference.
Introduction
As a University of Washington (UW) workforce member you may have access to UW information systems or come in contact with UW data. Access to UW information systems or the processing of UW data comes with responsibility, and the UW wants to make sure you are aware of those responsibilities. Thus, you are required to read and accept this agreement as your acknowledgement of your responsibilities. If, after reading the below and reviewing the linked resources, you do not understand your responsibilities, please speak with your supervisor for clarification before accepting this agreement.Summary of Responsibilities
I am familiar with and will follow all University policies and applicable laws that might apply to my use of UW information systems and data. As needed, I will review the requirements in the policies in the UW Policy Directory and other obligations in the laws and regulations listed on the UW Privacy Office's website. The requirements are summarized below and I will review the resources referenced in this agreement and/or consult with my supervisor for more information about the requirements:Administrative Policy Statement (APS) 2.2, University Privacy Policy
- I understand the UW's classifications of data as confidential, restricted, or public and I will handle and protect University information according to its classification.
- I will only process (including access, use, sharing, storage, etc.) UW institutional data:
- to the minimum amount necessary and as authorized to perform my job duties; and
- in a manner that is consistent with the policies and other guidance provided by the UW or related data or privacy governance.
- I will only process (including access, use, sharing, storage etc.) personal data or personally identifiable information for legitimate University purposes as described in and consistent with the relevant privacy notice and/or consent form that was provided to the individual who is the subject of the personal data, or as otherwise required and/or authorized by law.
- I will not unnecessarily duplicate or create redundant copies of UW data.
- I will not give others the ability to access or process UW data unless the processing is allowed and authorized by their supervisor to perform their job duties.
- I will not send unsolicited email (where the recipient has not granted permission for the message to be sent) to individuals that asks them to reply with confidential data or click on embedded links that immediately direct an individual to a web site that requires entry of confidential data.
- I will consult with my supervisor or the UW Privacy Office if I have questions about my privacy responsibilities.
APS 2.4, Information Security and Privacy Roles, Responsibilities, and Definitions
- I understand and acknowledge that UW data may be in various formats, such as digital, paper, or oral, and may be created, managed, and stored in various ways, such as in or on UW systems, cloud services, and personal computers, smartphones, or other mobile computing devices. Processing of UW information may also occur in various formats such as access, use, analysis, reporting, and storage.
- I will require third parties to include terms and conditions in a signed contract or agreement that indicates their compliance with University rules and policies before any University data is shared.
APS 2.5, Information Security and Privacy Incident Management Policy
I will promptly report unforeseen events, potential or confirmed data breaches, or an information security incident to the office responsible for responding to and/or managing the incident as noted on the UW Privacy “Report an Incident” webpage.APS 2.6, Information Security Controls and Operational Practices
- I understand that I am accountable for all the activities associated with my account and the access privileges that I have been granted. I will:
- Choose strong passwords (8+ characters, including special characters) and keep them secure;
- Not reuse passwords for different accounts;
- Use multi-factor authentication when available; and
- Beware of phishing and other scams that target UW employees. I will not automatically click links or open unexpected attachments in email.
- I will configure devices that are used to conduct UW business, whether personally owned or provided by the UW, to protect UW information systems and data. I will:
- Keep all devices and software up to date;
- Use anti-virus software;
- Encrypt devices when possible;
- Use eduroam Wi-Fi for UW academic, research, and business activity;
- Use Husky OnNet when working remotely; and
- Sign out or lock my computer when I am not physically present.
- I understand that access and use of UW information systems and/or data is logged and may be monitored.
- I will consult with my supervisor or the Office of the CISO if I have questions about my information security responsibilities.
Enforcement
My failure to comply with UW policies or laws and regulations applicable to accessing UW information systems or processing UW data may result in disciplinary action up to and including:- termination for UW employees;
- contract termination in the case of contractors or consultants;
- dismissal for interns and volunteers; or
- suspension or expulsion in the case of students.
Agreement: Version 3.0, Approved November 12, 2019.
For agents of the UW (including volunteers) who do not have UW NetIDs, please provide the Access and Use Agreement 3.0
PDF document and submit to your UW contact.