The policy explains what information is held about individual people (DS Account holders) by the DS systems, how it is gathered and how it is used. Details of the data held or logged are given in the appropriate section below. This information is used to support user access to the resources of the DS systems, for system administration and bug tracking, and for producing usage statistics for management and planning purposes.
Access to these logs is restricted to appropriate staff of the Computing Service and in some cases to appropriate staff at Managed Cluster and Managed Print Service (MPS) Institutions.
These logs are currently held indefinitely, but might not be recovered as a result of an accidental or deliberate removal action.
Summary statistics are extracted from this data. Some of these may be made publicly available, for example in the Annual Report of the University Computing Service, but those that are do not include the identity of individuals.
Relevant subsets of this data may be passed to computer security teams (e.g. Cambridge CERT) as part of investigations of specific incidents of computer misuse involving DS system components including workstations, printers or other computing equipment in the University.
Data may also on occasion be passed to appropriate staff responsible for institution managed cluster\managed print equipment. Print log data is routinely passed to institution staff for billing purposes. Otherwise the information is not passed to any third party except where required by law.
DS data is stored on disk storage systems and backed up every day, week, four weeks, termly or annually depending on service. These backups are made to enable reinstatement of the data, e.g. in the event of failure of a system component.
The DS staff and management conform to the good practice within the Charter for System and Network Administrators. In addition, any user of the DS systems who approaches the Service Desk or any computer staff within Desktop Services for help with a fault, implicitly grants permission to the DS staff to investigate that fault by looking at data held on the system and files in their home directories or other personal or group storage area.
Data held by the DS systems
Accounting and other user-dependent system data
The DS system servers hold details of user accounts, thereby enabling a user to log in and use the resources of the DS systems.
The following fields are held for each user:
- Institution affiliation
- Last login date/time
- Last used station identification
- User administration history
These data fields are held in the DS systems from the time the DS user's account is created until the account is cancelled, whether or not the user ever makes use of the DS systems. All DS users are cancelled at an appropriate time, usually when the student's studies at the University come to an end, although some of their data may be held for up to 4 months beyond that time. Staff accounts are maintained until the termination of their employment.
Some fields of a user account record are automatically updated by the system when the user logs in or out.
These data remain stored until either purged automatically by the system as too old or until the user account is cancelled.
Other data held in the system
Trustee rights and relationships (membership of groups; affiliation to institutions) contain data about the ownership of certain objects (such as files). These objects can also contain information about other users who may have been granted access to these objects.
Each Windows workstation will log the following data:
- User identification of each user who has used that workstation
- User identification of the last user who has used that workstation
Certain constituent servers of the DS systems automatically log information about users sessions, according to the resources used to support the session. The data logged are as follows:
- Date and time
- Action (login/logout)
- User identification
- Station identification
Printing, Scanning and Copying Logs
Data are logged to record print resource usage particularly for charging in arrears. The following data are held:
- Time & date
- Document title
- Print queue
- Station address
- Document size
- Number of copies
- New print balance
The DS ftp server records the following file-transfer data:
- Time & date
- Every command entered, plus FTP server response
DS web page services
The DS personal and group web page services log the following data:
- The name or network address of the computer making the request. Note that under some (but not all) circumstances it may be possible to infer from this the identity of the person making the request. Note also that the data recorded may be that of a web proxy rather than that of the originating client.
- The date and time of connection.
- The HTTP request, which contains the identification of the document requested.
- The status code of the request (success or failure etc.).
- The number of data bytes sent in response.
- The contents of the HTTP Referrer header supplied by the browser.
- The content of the HTTP User-Agent header supplied by the browser.
Logging of additional data may be enabled temporarily from time to time for specific purposes. In addition, the computers on which the DS web page services are hosted keep records of attempts (authorised or unauthorised) to use them for purposes other than access to the DS web page services. This data typically includes the date and time of the attempt, the entity to which access was attempted and the name or network address of the computer making the connection. It may include details of what was done or attempted to be done.
MCS workstation application monitoring
In order to ensure the MCS workstations are meeting the licence terms of the software installed, licensed applications are monitored so that the number of licences cannot be exceeded. The following data are recorded:
- Time & date
- Licence obtained or returned to licence server
- Which application
- IP address of machine
- Hostname of PC
- User identification
DS Antivirus scanning
To ensure the MCS workstations are free from the threat of malware\virus, the DS users home directories are routinely scanned. To maintain the security of the DS systems, if scanning or complaint by a third party reveals malware\virus in a user's directory, we will access it to remedy that problem.
Access to personal data
For the purpose of the UK Data Protection Act 1998, the 'Data Controller' is the University of Cambridge, and the point of contact for subject access is the University Data Protection Officer (The Old Schools, Trinity Lane, Cambridge CB2 1TN, tel. 01223 332320, fax 01223 332332, E-mail: firstname.lastname@example.org).
Last updated 5 March 2014