Case #1: Maintain information security with appropriate electronic safeguards.
Marvin has a demanding schedule filled with clinic, research, and teaching obligations. He has just hired a new assistant, Jan, who will support his calendar and handle other administrative matters on his behalf. At the end of a particularly busy quarter, Marvin is traveling when he remembers that his effort report is due. He does not have internet access in transit, so he telephones Jan to use his BlazerID and password to access his account and certify his effort report.
Is this a concern?
- No. Marvin is merely being efficient, knowing that delinquent effort reports are a violation of UAB’s Effort Reporting Policy.
- No, since Marvin gave his BlazerID and password only for an emergency situation.
- No. Certifying effort reports is merely an administrative function that can easily be fulfilled by an assistant.
- Yes. Sharing blazer id passwords is a violation of UAB’s Data Protection and Security Policy.
Case #1 Continued
In the case above, Marvin is in such a rush to get his effort report submitted that he decides – against better judgment – to give his BlazerID and password to Jan. At the time, he made a mental note to change his password, but when he arrives back in the office, his daily activities distract him, and he forgets. Several months later, Marvin gets a call from his department chair, asking him about excessive overtime pay, computer equipment purchases, and meal reimbursements that he approved for Jan during that previous quarter. Marvin knows that he did not approve those and realizes that Jan must be using his BlazerID and password to approve Oracle documents on his behalf.
What should Marvin do?
- Tell his chair that she had been working on a big project that involved additional data entry, entertaining collaborators, and working from home, and then immediately discipline Jan for abusing his access.
- Tell his chair that he did notice Jan’s overtime, purchases, and reimbursements and that he must have approved them by mistake.
- Tell Department Chair Bert that he made a mistake by giving Jan his BlazerID and password to handle some administrative functions and that he is concerned she is now abusing his access for personal gain.