Usage Policy
Scope
This policy applies to all users of devices and technical systems owned or managed by the University of Hail.
It includes compliance with all regulations and executive bylaws, including the Personal Data Protection Law and its implementing regulations.
Individuals Covered by this Policy:
Provisions
1) General Principles for Secure Use and Personal Data Protection
Personal Data Protection: Personal data must be handled in accordance with the Personal Data Protection Law and its executive regulations, ensuring confidentiality, integrity, and availability in line with approved policies.
Information Classification: Information must be classified according to the University of Hail’s Data Classification Policy and Personal Data Protection Policy.
Use of Personal Data: The use of personal data is restricted to specific and clear purposes, and must be processed in compliance with applicable regulations and laws.
System and Information Protection: Installation of unauthorized software or modifications to university systems is prohibited without official approval.
Professional Use: The university’s systems and assets may not be used for personal gain or for any non-university-related purposes.
Account Sharing Prohibited: Account or password sharing between individuals is strictly prohibited.
Risk Reporting: Any suspicious activity that may affect system or data security must be reported.
Secure Email Use: University email must not be used for non-work-related purposes.
Non-disclosure of Information: Disclosure of any sensitive university information to unauthorized parties is prohibited.
Review and Update: This policy is reviewed periodically to ensure compliance with regulatory and security requirements.
Access Controls: System and data access is limited to authorized individuals only, with access rights aligned with job responsibilities.
Security Incident Management: Any security incidents must be immediately reported to the Cybersecurity Department to ensure rapid response and mitigation.
Incident Investigation: The Cybersecurity Department reserves the right to investigate any policy violations and take necessary actions in accordance with the regulations.
2) Protection of Computers and Technical Systems
Use of external storage media is prohibited without prior authorization.
Devices must be secured before leaving the office by locking the screen or signing out.
Connecting external devices to university computers is not allowed without prior permission.
The Cybersecurity Department must be notified of any suspicious activity that may harm university computers.
External storage devices must be stored securely and not left unattended.
Connecting personal devices to the university network without prior approval is prohibited.
Downloading or installing unlicensed or unauthorized software is strictly forbidden.
Approved security updates must be used to protect against vulnerabilities and cyberattacks.
3) Safe Use of the Internet and Software
Internet usage must comply with the Communications and Information Technology Law and best security practices.
Downloading or installing unlicensed or unauthorized software is prohibited.
Use of proxy or firewall bypass technologies is not allowed.
Suspicious websites that should be blocked must be reported to the Cybersecurity Department.
University email may not be registered on any website unrelated to official work.
Use of file-sharing websites is prohibited without prior authorization.
Use of the internet for illegal or unprofessional purposes is forbidden.
Accessing or browsing unsafe websites that may pose a cybersecurity threat is prohibited.
4) Rights of Personal Data Owners
Content of Collected Personal Data: Includes name, address, contact details, academic information, employment records, health data (if necessary), and any other data related to university services.
Collection Methods: Personal data is collected through electronic forms, paper applications, digital system registrations, official correspondence, and surveys, in full compliance with relevant laws and regulations.
Purpose of Collection: Data is collected for academic, administrative, legal purposes, and to enhance services provided to students and staff. It may also be used in research and studies in compliance with applicable laws.
Storage Methods: Personal data is securely stored within university systems using encryption protocols and approved cybersecurity measures to protect against breaches or unauthorized access.
Disposal Methods: When personal data is no longer needed, it is securely destroyed using one of the following methods:
Permanent deletion from digital databases with no possibility of recovery.
Destruction of paper documents using secure shredding methods.
Removal of sensitive data from storage media according to approved security standards.
Right to Be Informed: Individuals have the right to know the purpose of data collection, how it is used, and who has access to it, through the university’s policies and published privacy notices.
Right to Access Personal Data: Individuals may request a copy of their personal data stored at the university and be informed of any parties to whom it has been disclosed, following official procedures.
Right to Update or Correct Data: Individuals can update or correct their personal data through official university channels.
Right to Object to Processing: Individuals have the right to object to the processing of their personal data if there is no legal or operational necessity for such processing.
Right to Data Erasure: Individuals have the right to request the deletion of their personal data if there is no longer a legal or operational need to retain it.
5) Compliance and Penalties
All University of Hail employees must comply with this policy.
Any violation of this policy may result in disciplinary action in accordance with university regulations.
Violations of the Personal Data Protection Law may subject the offender to legal accountability under the law and its executive regulations.
Any breach of cybersecurity policies will be investigated, and necessary actions will be taken per university regulations.
Reporting Responsibility: All system users are responsible for reporting any illegal activity or security breaches immediately upon discovery.
Ensuring Compliance: All administrative units must conduct regular audits to ensure compliance with this policy.
Employee Training: The university must offer periodic training programs to raise awareness of best practices in personal data protection.