GitHub Shared Service - End User Service Agreement

End User Agreement for University GitHub Shared Service

As a user of the University GitHub Enterprise License, you agree to the following:

  1. GitHub CANNOT be used to store banking information, Social Security Numbers (SSNs), passwords, API keys, encryption keys, or other data classified as High Risk by the University’s Data Classification standard: https://cybersecurity.uillinois.edu/data_classification

  2. GitHub CANNOT be used to store Personal Health Information (PHI) and HIPAA-related data.

  3. Work created as part of the user's University duties must be stored in University organizations and repositories, and not the user's personal organizations and repositories.

  4. Non-University related work should be stored in non-university organizations and repositories. Any data that resides in a University GitHub organization is controlled and may be owned by the University. See "The General Rules Concerning University Organization and Procedure" for more details on intellectual property and copyrights rules.

  5. When creating public repositories, beware that they give anonymous Internet-wide access. The creator must review and follow these public repository guidelines:

    • It is critical that GitHub public repositories are NOT used to store High Risk, Sensitive, or Internal information by the University’s Data Classification standard: https://cybersecurity.uillinois.edu/data_classification

      • High risk information should not be in public repositories. For example:
        • Banking information
        • Social Security Numbers (SSNs)
        • Passwords, API keys, encryption keys, and other authentication and authorization codes

      • Sensitive information intended only for internal (University) consumption should not be in public repositories. For example:
        • Student Records (FERPA)
        • Employee personal information such as home address, email address, telephone
        • Information covered by a Non-Disclosure Agreement (NDA)
        • Network and System Diagrams and Configuration Documents

      • Internal information intended only for internal (University) consumption should not be in public repositories. For example:
        • Unpublished research data
        • Intellectual property

    • Review the "University of Illinois Policy for Publishing on the Internet" guide: https://www.vpaa.uillinois.edu/resources/policy_for_publishing_on_the_internet

  6. You are responsible for reviewing the GitHub privacy policy. Beware that GitHub requires you to opt out of notifications.


Keywords:
GitHub 
Doc ID:
102098
Owned by:
Robyn V. in University of Illinois System
Created:
2020-05-15
Updated:
2021-03-24
Sites:
University of Illinois System