I’m sure he’s got “business reasons” for this:
…
What did the old policy say? I’d search for it, but that might be a crime.
Here’s the email, with many other policy changes, some documented and some not:
Begin forwarded message:
From: UO Policy <uopolicy@uoregon.edu>
Subject: UO Policy recommendations posted for Public Comment
Date: July 2, 2025 at 3:36:40 PM PDT
You received this email because you have signed up for university-level policy notifications. If you wish to unsubscribe, please send an email to the following address with UNSUBSCRIBE (no quotes) in the subject line: policy-notification-request@lists.uoregon.edu.
Good afternoon,
The following four policies have been posted for a public comment period until July 16, 2025, end of day. During that time, UO community members are invited to send feedback or questions to: uopolicy@uoregon.edu.
-
- V.11.02 Prohibited Discrimination and Retaliation policy has been recommended by the Policy Advisory Council for revisions and long-term enactment (currently, this policy is in effect as a temporary emergency policy).
The policy concept form, redline version of the current policy and clean version with proposed revisions are now posted at:https://policies.uoregon.edu/content/policies-open-comment-0
-
- III.03.02 Incidental Fee Authorization has been recommended by the Policy Advisory Council for revisions. The policy concept form, redline version of the current policy and clean version with proposed revisions are now posted at: https://policies.uoregon.edu/content/policies-open-comment-0
-
- Privacy Policy (proposed new policy) has been recommended by the PAC for enactment; the policy concept form and proposed policy document are posted on the public comment page at: https://policies.uoregon.edu/content/policies-open-comment-0
-
- Acceptable Use Policy (proposed new policy) has been recommended by the PAC for enactment; the policy concept form and proposed policy document have been posted on the public comment page at: https://policies.uoregon.edu/content/policies-open-comment-0
Comments on the proposed policy revisions and enactments and general questions can be directed to: uopolicy@uoregon.edu.
Thank you,
University of Oregon Policy Notifications
Office of the University Secretary
uopolicy@uoregon.edu
https://policies.uoregon.edu/
What, exactly, is the justifiable business reason for not securing data? Punishing those to whom you give access is bass-ackwards. A person “[n]avigating accessible SharePoint sites and file shares” can only do so if the user has been given that access. Because an tech-unsavvy admin can’t figure out how to set access in SharePoint to their data, they’ll punish anyone caught stumbling through the door they left wide open…?
The old acceptable use policy can be found here:
https://service.uoregon.edu/TDClient/2030/Portal/KB/ArticleDet?ID=30997
And you guess its age given the reference to muds and moos and irc.
If you read the new set of policies altogether you can see that the aim is to protect personal data when users have access to things like banner or other large systems as part of their day jobs. You might not want random person x digging through you hr, tenure, or library files. Not to mention student application files (roll on Columbia!).
Are you saying that UO’s attorneys aren’t smart enough to write what they mean?
My coworkers and I have this access and I know at least 2 of them have never been issued a work machine. I see security protocols where a whole team shares a single ssh key for this access, unchanged after years of team churn. The fact that MS Teams is just a veneer for SharePoint and that most of my fellow employees are expected to have MS Teams on their personal phones (because UO doesn’t provide work phones), means UO promotes sensitive data access/storage on non UO-managed machines. This policy shifts accountability further away from our mis-managers.