Monitoring of E-mail and Internet Access

Macao Polytechnic Institute Personal Data Collection Statement
(Monitoring of E-mail and Internet Access)


This Statement/Rule explains the policies of the Macao Polytechnic Institute (hereinafter known as “MPI” or the "Institute") regarding the use of MPI provided computing facilities for sending/receiving e-mail or accessing the Internet.

1. General Provisions
1.1.

The Institute provides facilities to employees, students and authorized personnel to receive/send e-mail or access the Internet with purpose of learning and teaching or academic or daily work.

1.2.

The Computer Service Center of MPI is the competent unit responsible for administering the Institute’s e-mail and Internet systems.
1.3. The Institute would allow its employees, students or other authorized personnel to use the above-mentioned facilities only under the following conditions: to comply with this Statement/Rule; not affecting the operation of the Institute; not affecting the individual or other personnel’s work; not causing any adverse impact on the Institute’s interests; and not violating the law. In general, employees should handle personal matters during non-working hours if the above-mentioned facilities are being used.
2. Rules on sending/receiving e-mails by using MPI e-mail account and Internet access
2.1.

In any and every circumstance when accessing e-mail, users of MPI e-mail accounts should observe the following rules:

a) Users should keep the password of his/her personal e-mail account confidential and not disclose it to any other person;
b) The user’s personal MPI e-mail account is for his/her exclusive use;
c) Users should be aware of the security of e-mails received, and particularly wary of emails from an unknown sender and when executing any executable file received through e-mail ;
d) When sending sensitive information through e-mail, users should remind the recipient to handle the e-mail properly, for example making relevant remarks in the e-mail, or to encrypt the e-mail in order to prevent data leakage.
2.2.

When sending/receiving e-mail or accessing the Internet, users of MPI e-mail and Internet systems shall under no circumstances act in violation of Macao law or MPI regulations. The following activities in particular are strictly prohibited:

a) To perform an illegal practice;
b) To disclose confidential or sensitive information of the Institute without proper authorization;
c) To use the name of MPI to perform unrelated activities to his/her scope of MPI duties or studies;
d) To engage in activities against MPI mission or policies;
e) To perform any activities that interfere with or obstruct MPI’s web resources including sending computer viruses, spam, or advertisements etc;
f) To access or spread information that is malicious, false, threatening, invasive of privacy, harassing, defamatory, abusive, obscene, or other messages that may fall under the category as illegal or criminal, and/or to browse web pages containing such contents;
g) To upload/download or install unauthorized or pirated software to MPI computer systems;
h) To investigate, process, access or attempt to access another user's electronic data without proper authorization.
3.

Monitoring of e-mail and Internet access

3.1. MPI conducts monitoring of e-mail and Internet access by users of the Institute’s email and Internet services to achieve the following objectives: to ensure service quality and information security, to appraise employees’ and students’ performance/behaviour, and to implement disciplinary or criminal investigations;
3.2.

The Institute will use computing software and related technology for recording the data and content stored in the MPI server as mentioned below: 

a) The access time and web pages browsed;
b) The email addresses, date and time of users’ all incoming/outgoing e-mails via the MPI e-mail system;
c) The e-mail address, date, time and subject of all incoming/outgoing e-mails via edocx.
4.

Usage of personal data collected from monitoring of e-mail and Internet access

4.1. In order to ensure service quality, MPI reserves the right to access use records of e-mail stored in the MPI server.
4.2. In case of information security investigations, employees’ performance and students’ behavior appraisals, disciplinary investigations or criminal investigations, or under the circumstances as required by law, the Institute reserves the right to access the records mentioned in paragraph 3.2.
5. Authorized personnel access to the data collected/processed by monitoring
5.1. MPI network system administrators should first obtain authorization from the Management Board before accessing records stored in the MPI server mentioned in paragraph 3.2, and should fulfill the relevant confidentiality obligations as set in this Statement/Rule.
5.2. In case of disciplinary investigations, the relevant data may be transferred to the personnel who are responsible for the disciplinary investigations.
5.3. In case of criminal investigations, and when it is mandatory as required by law, the data may be passed on to law enforcement authorities, judicial authorities or other competent institutions.
6. Protection of the content of e-mail
6.1. Without prejudice to the provisions of the subsequent two clauses, no person shall access the e-mail account of another user and check its content, except with consent of the user or authorized by law.
6.2. When it is mandatory as required by law to access and investigate the e-mail account of any person under legal proceedings, it should be conducted in strict accordance with the procedures as prescribed by law.
6.3. When it is necessary to access a user’s email account in a disciplinary process within the scope of the Institute’s authority, it should be conducted with the authorization of the Management Board and under the supervision of the investigators, and operated by designated MPI network system administrators.
7. Data retention period
7.1. The data mentioned in paragraph 3.2. will generally be retained for three months.
7.2. In case of criminal investigations and when it is mandatory as required by law, the relevant data may be retained until it is passed on to authorities or institutions stated in point 5, or one month after the verdict of the trial, or even longer time upon the request of the authorities or institutions concerned.
8.

Consequences of violation of this Statement/Rule

Any user who violates this Statement/Rule will bear disciplinary and/or legal liabilities accordingly.

9.

Right of users

In accordance with the law, users have the right to information, the right of access and the right to object. Requests for exercising the right of access must be made in writing and submitted to the Secretary-General of MPI.

10. Effective Date and Right of Final Interpretation
10.1. This Statement /Rule is approved on July 22nd 2013 by the MPI Management Board and shall come into force on July 23rd 2013. The document with the reference number 12R/CG/SAG-CINF/2009 and the "Macao Polytechnic Institute Personal Information Collection Statement" (Monitoring of E-mail and Internet Access) issued on December 13th 2007 shall from henceforth be repealed.
10.2. Any doubts or omissions arising from implementation of this Statement /Rule will be resolved by the MPI Management Board.