IAccess, Supervisor Access, Emergency Access, ECP

What You Need to Know:

• Only the Laboratory COO & Laboratory Counsel may authorize access to personal electronic records (email, workstation) for purposes of investigation of wrongoing.
• No employee of LBNL may respond to law enforcement requests for access to resources without the approval of Laboratory Counsel
• Access to electronic communications for operational purposes (e.g. person is unavailable to provide access) is limited to the least intrusive possible means and is subject to Division Director approval.

Process:

• For investigatory access, contact the Office of Laboratory Counsel through the Research and Institutional Integrity Office
• For operational access, contact the helpdesk and ask to be referred to the IT Authorized Access Lead for instructions.

Note:

The information below does not create or destroy any employee rights or obligations. This represents the target practices of the institution, and nothing herein supercedes LBNL policy that no employee has any explcit or implicit expectation of privacy.

Defined:

Access Without Consent occurrs when any individual is granted access to any LBL institutional electronic resource (whether managed by IT Division or not), without the permission of the primary user, where the resource would normally be available only to that primary user.

For instance, Access Without Consent occurs when it is necessary to get access to an employee's email without the agreement of the employee.

Typically, this occurrs for reasons of investigation (investigatory access) and for reasons of operational necessity (operational access).

Although there is no expecation of privacy in the use of LBNL information systems, processes exist to ensure fairness and reasonableness in this access.

Investigatory Access:

When a supervisor or other employee seeks access to resources for the purposes of identifying or detecting suspected wrongdoing, this is investigatory access. Such access would include examining an employee's email looking for indication of violations of policy, or searching through network level records for indications of "timewasting." Because of the potential for abuse inherent in such access, investigatory access may only be authorized by the Laboratory COO and Laboratory Counsel together.

This rule applies whether the resource is managed by IT Division or not.

A manager or employee begins the process of requesting access without consent by contacting the Research and Institutional Integrity Office.

Operational Access:

It is occasionally necessary to provide access to an employee's systems or communications for reasons of operational necessity (for example, because the person is completely unreachable).

The governing rules are as follows:

1. If at all possible, seek the consent of the individual (if they are on a plane, surely it can wait a few hours, etc).

2. If consent is not possible, access should be granted to the absolute minimum necessary to accomplish the task until consent can be obtained (if possible). For example, it is less intrusive to set a vacation message then to give access to full email.

To initiate a request for operational access, contact the Helpdesk and ask to be referred to the IT Authorized Access Lead.

Behind the Scenes:

The IT Division provides a point of contact called the "IT Authorized Access Lead" (ITAAL). This role assists with either providing or coordinating the provision of access to systems.