Access to and Use of Physical Security Data

The University of Minnesota operates video surveillance and card access systems for the purposes of crime prevention, and to provide for the safety and security of individuals and property within the University community.  Information generated by these technologies is considered Physical Security Data. 

Use of Physical Security Data

Recorded data will be stored for a period of at least 30 days, in a secure location accessible by authorized staff only.  Information obtained in violation of this policy may not be used in any disciplinary proceeding against a member of any University faculty, staff, or student body.

Individuals responsible for conducting video surveillance and card access monitoring must limit their surveillance/monitoring activities to authorized safety and security purposes, such as, but not limited to:

• protection of individuals, property, and buildings;
• confirmation of alarms;
• patrol of public areas;
• ongoing operation of a secure data facility; and
• investigation of policy violation or criminal activity.

Data gathered through these mechanisms may be not used for unauthorized purposes, such as, but not limited to: 

• monitoring political and religious activities;
• employee and/or student evaluations;
• unauthorized investigations.

Oversight and Controls

Authorized users are prohibited from basing viewing practices on any characteristics and classifications within these policies, including, but not limited to race, gender, sexual orientation, national origin, etc.  Standard Operating Procedures prohibit use that violates an individual’s reasonable expectation of privacy, as defined by law.  Unauthorized individuals are not permitted to operate video surveillance and card access systems at any time.

Staff assigned monitoring responsibilities must complete training on the professional, ethical, and legal use of these monitoring technologies prior to using them.  Staff found to be in violation of this policy or any associated Standard Operating Procedure will be subject to disciplinary action consistent with the rules and regulations governing employees of the University.

Access to Physical Security Data

Entities authorized to request and review Physical Security Data are strictly limited to:

• Chief Information Security Officer – in conjunction with secure data facility oversight
• Human Resources – in conjunction with an official administrative investigation
• Office of General Counsel – in conjunction with an investigation, granting exceptions from this policy, or providing legal counsel
• Office of Internal Audit – in conjunction with an investigation, or internal audit of a University unit
• University of Minnesota Police Department – in conjunction with a criminal investigation

Authorized Users must:

• Conduct video observation of public areas that are in plain view of others.
• Be trained in the technical, legal, and ethical parameters of appropriate video surveillance and card access data use as prescribed by the Department of Public Safety.
• Monitor based on behavior, NOT group characteristics (e.g., race, gender, sexual orientation, national original, disability, etc.)
• Notify public safety responders immediately whenever any criminal or life-threatening activity is observed.
• Document criminal or life-threatening activities in detail.
• Not release any video surveillance or card access data without written approval for a formal investigation from one of the authorized entities outlined above.
• Not use University resources to monitor unauthorized areas (e.g., living spaces), or violate any individual’s right to privacy, as defined by law.

Managers of these Systems and Supervisors of Authorized Users must:

• Provide ongoing oversight of operator activities and performance.
• Periodically require staff to demonstrate their knowledge and understanding of relevant policies.
• Not release any video surveillance or card access data without written approval for a formal investigation from one of the authorized entities outlined above.

Exceptions

The Office of General Counsel has the sole discretion to grant exceptions to this policy for the purposes of securing and maintaining the University’s interests.  Exceptions will be granted to individuals and will remain in effect until expiration, suspension, or revocation by the Office of General Counsel.  Exceptions cannot be subdelegated and automatically expire when an individual leaves their role.