Electronic monitoring is the use of technology to intentionally track the activity of university assets and resources. Queen's has an invested interest in protecting its assets and resources which can include physical properties such as Queen's buildings and campuses, as well as digital properties like the network, websites, services, and computers that the university provides.
A summary of this policy can be found below. The full policy is available on the University Secretariat website.
You can also check out the PowerPoint summary of the Electronic Monitoring Policy at Queen's below (video, 6 min).
What is the purpose of Electronic Monitoring at Queen's?
At Queen’s, assets and resources are electronically monitored to make sure they are functioning properly and to protect them against threats. Electronic monitoring of our assets and resources also ensures the best experience for Queen’s community members and guests.
The data collected from electronic monitoring includes data that could be used to track the activity of identifiable employees; however, the data is not used in this way by default. Employees have the right to a reasonable expectation of privacy and the university respects that right. It is essential to balance the university’s interests and employees’ privacy rights. To help strike this balance, before an employee can be actively monitored or before passively collected data is used to review an employee’s activities, there must be a reasonable cause for concern, oversight, and limitations regarding the data that can be accessed.
Some of the reasons that an employee may be electronically monitored include:
- Active physical or cybersecurity events;
- Suspected violations of university policy or applicable laws, and;
- Identified concerns with employee performance, behaviour, or conduct.
On occasion, Queen's may need to access the contents of an employee’s NetID account such as their Queen's email or OneDrive. This is most often done for business continuity purposes and may be part of an investigation.
Electronic monitoring is always done with oversight from an appropriate authority at the university. In cases where the university must access the contents of an employee’s email or OneDrive account directly, this oversight is provided through the Access Authorization Procedure.
The two activities that comprise electronic monitoring are the passive collection of data and the active review of the collected data.
An example of passive collection in the physical world is the collection of video footage from security cameras. Active review is exemplified by monitoring closed circuit television or reviewing stored video to see what is happening or has happened in that physical space.
An example of passive collection in the digital world is the collection of all login events from OnQ. Active review is completed by cybersecurity systems that detect unusual activity to determine if any accounts have been compromised. This active review may also include the review of stored login events as part of an investigation.
Questions & Answers
For the purposes indicated in the policy at Queen's, electronic monitoring is a broad term that generally refers to a system, asset or resource's ability to report on its usage or user interaction.
Queen's Electronic Monitoring Transparency Policy ensures that the university community is informed and aware of the various tools and systems used at the university that would have an electronic monitoring capability or feature, even if the electronic monitoring is not a primary use of those tools.
A number of Queen's university systems have the capacity for electronic monitoring, although the data from these systems is rarely used. There are two activities that comprise electronic monitoring: the passive collection of data and the active collection of data. An example of passive collection in the physical world is video collection from security cameras. Active collection is the real-time analysis or historical review of the data collected passively.
It is vital at Queen's to balance the university's interests and employees' privacy rights. This policy does not change the university’s approach to electronic monitoring but instead explains how electronic monitoring can be used. Some of the reasons electronic data may be used for employment-related purposes include active physical incidents or cyber security events.