Since Department Administrators of IT systems may have increased access and privileges, they must also agree to the contents of this document annually.
As a distributed IT providing Learning Management System (LMS) technical support to faculty at East Carolina University, during the course and scope of my work I will have access to restricted use and confidential information. Examples of such types of information may include but are not limited to: student grade records, student work, course content, assessments, and login IDs.
As a condition of the distributed IT department LMS administrator role at East Carolina University, I am required to accept responsibility to preserve the complete confidentiality of information in my custodial role. I am required to protect against unauthorized access to such information, to ensure the security and privacy of such information, and to report any anticipated threats or hazards to such information. I must not release this information to the public or to other individuals, including but not limited to University employees who do not have authorization to access such information or who do not have a legitimate institutional or business need to know.
If there are questions concerning the release of such information to another person, under no circumstances will I release such information without first receiving authorization from the appropriate authority within ITCS. First point of contact for the request is the ITCS Learning Technologies manager.
Unauthorized access may include, but is not limited to:
- Access to student, employee, clinical, or university information not necessary to carry out my job responsibilities.
- Non-business or non-institutional access to data records. This includes access to data for my personal knowledge, for myself, my children, spouse, parents and other relatives as well as friends, acquaintances and co-workers.
- Release of information to unauthorized internal or external users.
- Release of additional or excessive information to an authorized individual/agency than is essential to meeting the stated purpose of an approved request.
Information may not be divulged, copied, posted, released, sold, loaned, reviewed, altered or destroyed except as properly authorized by the appropriate university official within the scope of applicable federal or state laws and university policies and procedures.
Further, I agree to abide by and enforce:
- FERPA
- I have taken the university FERPA training and quiz provided by the Office of the Registrar.
- All ECU policies and procedures regarding security and confidentiality currently in effect or which may be implemented or revised from time to time.
Given the elevated level of access within ECU’s LMS (Canvas), I agree that I will not:
- Increase the access level of another user within Canvas.
- Exception: Department Canvas administrators can add users to a Canvas course with approval from the instructor of record or department chair. Students should not be added to any course or in any role unless they are employed by the university. The chair role should only be given to department chairs. See Accessing Curricular Canvas Courses for more information.
- Approval from either the instructor of record or department chair must be documented through the LMS Admin Technical Support ticket. Note, new hires must follow the ECU hiring process and cannot be added to Canvas manually. See Adding Students & Instructors to Courses for more information.
- Abuse the higher-level privileges granted to me.
Given the elevated level of access within Canvas, I agree to the following statement and procedure.
- I will only access a Canvas course to provide technical support upon request.
- I will submit an ITCS ticket to the instructor of the course when technical support is provided, including viewing grades.
I have discussed any questions I have about these statements with my supervisor or employer. I understand the special nature of IT roles, the importance of confidentiality in these roles, and agree to adhere to the confidentiality statements above.
As evidenced by my email acknowledgement and IT service request ticket, I recognize that a violation of the above conditions may constitute grounds for disciplinary action, up to and including termination of employment or contract.
Updated: 6/7/2023