This document covers the standards utilized when searching UMD digital records maintained by the University such as email, file storage, and log management systems, as part of an investigation into the actions of employees, students, and/or other relevant parties in UMD’s sole discretion. This Standard applies to all data, systems, locations, and operations of the University, regardless of whether such systems, locations, or operations are centrally or locally managed.
This standard is being established to ensure that the University complies with the requirements of the UMD Privacy Policy (UMD Policy X-15.00(A)) and Acceptable Use of Information Technology Resources (UMD Policy X-1.00(A)) and investigate situations in support of compliance with University policies and/or state and federal law.
The Vice President and Chief Information Officer or designee, will be responsible for creating and updating this standard and approving individual DIT Security staff for access to systems utilized to search and export IT resources for investigative purposes.
Searching and exporting of UMD records centrally stored in systems maintained by the DIT for investigative purposes is limited to staff members of the DIT Security Operations Center. These staff members will not have administrative access to the systems they use to conduct their searches. The DIT Security Operations Center will maintain logs of all searches including who requested the search, the search terms used, and the number/volume of records returned. This log is being maintained under direction of the Office of General Counsel (OGC) and thus will treated as attorney-client privileged material.
Searching and exporting of UMD records stored in decentralized systems, regardless of the unit responsible for their maintenance, will follow the same procedure. DIT Security Operations Center will coordinate and work with local IT units to conduct the actual search, including logging and review.
The Vice President and Chief Information Officer, Chief Information Security Officer, and Chief Data Privacy Officer will be responsible for regularly (at least annually) reviewing the activity logs of the DIT Security Operations Center from the searches performed. The OGC will review the logs as needed.
Sworn University of Maryland Police Department (UMPD) officers may request UMD records from systems maintained by DIT to assist in active investigations they are working on by contacting the DIT Security Operations Center and providing the case number and their request.
If a subpoena or court order is received by campus it will be sent to OGC for review. If a search and export of UMD records is required, OGC will forward the request to the DIT Security Operations Center to perform the search and export the search results. Search results are then supplied to the OGC for review, redactions as required or permitted by applicable laws, and appropriate response to the subpoena or court order as determined in the professional legal judgment of the OGC.
If a subpoena or search warrant from an external law enforcement agency or a national security letter is received by campus the following people will be notified to review the submission and request their approval for DIT Security Operations Center staff to search and export the results of the search:
Once approved the search will be conducted by members of the DIT Security Operations Center and search results are returned as appropriate to the OGC and/or UMPD for review and submission to the external law enforcement agency. Subjects of Subpoenas and Search Warrants are generally not informed of the request by the OGC.
Maryland Public Information Act (MPIA) requests are submitted to OGC. Once reviewed and approved by the VP & General Counsel or designee the request is forwarded to the DIT Security Operations Center to perform the search and export the search results. Search results
are then supplied to OGC for review, redactions as required or permitted by applicable laws, and appropriate response to the MPIA requester as determined in the professional legal judgment of the OGC. Subjects of MPIA requests are generally informed of the request by the OGC.
Requests for UMD records from University systems shall not be used to originate personnel investigations. UMD records may be used in support of disciplinary proceedings against employees and/or students, or in a civil suit or other proceeding involving person(s) whose activities are in the requested UMD records and relate to the proceeding subject to this Standard. Information obtained in violation of this standard may not be used in a disciplinary proceeding against a University student or employee.
If a unit or department on campus has an ongoing investigation and would like to request UMD records to assist in the investigation, they should contact the DIT Security Operations Center.
Routine requests for UMD records will be sent to the Chief Data Privacy Officer for their review and approval. If approved, the DIT Security Operations Center will perform the search and export the results. The results will then be delivered to the requestor by the DIT Security Operations Center. Once such results have been provided, they may be used by the requesting investigators as needed for the duration of the investigation for which they were requested. However, they may not be used in furtherance of other investigations without subsequent approval pursuant to this Standard.
Routine requests are in support of an active investigation from the following units:
All other requests for UMD records will be provided to the Vice President and General Counsel and Vice President and Chief Information Officer for review and approval. If approved, the DIT Security Operations Center will perform the search and export the results. The results will be supplied to OGC for review, redactions as required or permitted by applicable laws, and appropriate response to the requester as determined in the professional legal judgment of the OGC.
The subject(s) of a search will not generally be informed that a search is taking place. However, procedures for internal investigations vary by type. Where those procedures allow or require informing a subject of an investigation, those procedures should be followed. Unit Heads, Deans, and Vice Presidents of the subject(s) unit(s) will be informed of the search consistent with the procedures for the type of investigation.
In order to preserve records while obtaining appropriate approvals of searches as part of internal investigations subject to this standard, a hold may be placed on the destruction of digital records. The Senior Vice President/Provost, Vice Presidents, Assistant President, and Deans are all authorized to request an investigative hold to prevent the deletion or destruction of records; they may not sub-delegate this authority. The Vice President IT and CIO may delegate authority to place holds to relevant university officials who have investigative functions.
Holds may be broader in scope than searches. For example, if there is a suspicion of misconduct by an employee, a hold to prevent deletion of any file, email, or electronic record of that person is appropriate. The goal of a hold is preservation of records while the appropriate scope of search is adjudicated. The granting of an investigative hold does not imply approval of a corresponding request for records.
Non-compliance with these standards may result in adverse impact to UMD’s mission, safety, finances, contractual obligations, and/or reputation.
Division of Information Technology
Reviewed by ITC: 4/10/2023; Issued by CIO 4/17/2023.