Acceptable Use Policy

PPM 10-2, Acceptable Use Policy of
University Information Technology Resources
Responsible Office:
Information Technology Division

 

1.0    PURPOSE

91¶ÌÊÓƵ provides Users with access to Information Technology (IT) Resources (as defined herein). Access to University IT Resources advances the University’s mission to provide instruction, research, public service, and administrative activities.  The Acceptable Use Policy (AUP), provides guidance for using University IT Resources and protects the University, Users, and other University property.

2.0    SCOPE 

The AUP applies to all Users and any device utilizing University IT Resources.  Users agree to comply with the AUP.  At least each year, Users are required to review and accept the AUP and are responsible for maintaining an understanding of its current terms. The current version of the AUP is available in the University's Policy and Procedures Manual.

In addition to the AUP, all Users of University IT Resources agree to abide by the rules and regulations contained in applicable University handbooks, the Student Code, guidelines and policy and procedure manuals, as well as the laws of the State of Utah and of the United States of America.  We remind Users that state and federal laws apply to the use of campus networks and the Internet, including but not limited to those dealing with:

•    copyright infringement
•    defamation
•    discrimination
•    fraud
•    harassment
•    identity theft
•    obscene materials
•    records retention

3.0    REFERENCES

3.1    PPM 3-30, Personal Conduct
3.2    PPM 3-32, Discrimination, Harassment, and Sexual Misconduct (including Title IX)
3.3    PPM 3-33, Discipline
3.4    PPM 3-36, Conflict of Interest
3.5    PPM 5-41, Copyright Policy: Ownership
3.6    PPM 5-42, Copyright Policy: Copying of Copyrighted Works
3.7    PPM 5-43, Performance or Display of Copyrighted Works
3.8    PPM 6-22, Student Code
3.9    PPM 8-25, Reason for Dismissal of Tenured Faculty
3.10    PPM Section 9, Academic Freedom, Rights, Responsibilities and Due Process
3.11    PPM 10-1, Information Security Policy
3.12    PPM 10-4, Payment Card Handling Policy
3.13    Utah Board of Higher Education Policy R345
3.14    Utah Board of Higher Education Policy R840

4.0   DEFINITIONS

4.1   Electronic Communication - Digital correspondence, including, but not limited to email, text-messaging, instant messaging, and social networks.

4.2   Enterprise Email Service – The email system by which the institution engages in official business, such as @weber.edu. Enterprise email service does not include a separate, affiliated email service the institution offers to alumni or other groups.

4.3   Institutional Business Email Communications – An email communication that an employee, officer, volunteer or other designated individual has sent as part of their duties on behalf of the institution, and other email communications the institution has designated as business communications.

4.4   Partisan Political Purposes - Is consistent with Utah Code § 20A-11-1202 and means: 1) an act done with the intent or in a way to influence or intend to influence, directly or indirectly, any person to refrain from voting or to vote for or against any: (a) candidate for public office at any caucus, political convention, primary, or election; or (b) judge standing for retention at any election; 2) to advocate for or against a proposed initiative, initiative, proposed referendum, referendum, a proposed bond, a bond, or any ballot proposition; or 3) to solicit a campaign contribution.

4.5    University Information Technology Resource (IT Resource) - A University resource used for electronic storage, processing or transmitting of any data or information, as well as the data or information itself.  This definition includes, but is not limited to, electronic mail, voice mail, local databases, externally accessed databases, CD-ROM, recorded magnetic media, photographs, digitized information, or microfilm.  This also includes any wire, radio, electromagnetic, photo optical, photo electronic or other facility used in transmitting electronic communications, and any computer facilities or related electronic equipment that electronically stores such communications.

4.6    User - All persons and/or organizations that have access to University data.

5.0   POLICY

5.1    General

5.1.1      The AUP describes what User(s) agree to do and not to do when using University IT Resources.  The policy outlines actions the University may take to perform University business and to protect University IT Resources, other University property, and Users.  Nothing in this AUP warrants that violations of this policy will not occur, creates a standard of care, or imposes liability on the University for any damages resulting from violations of the AUP.

5.2    Responsibilities of Users

5.2.1    Law and Policy

5.2.1.1    By using University IT Resources, Users agree to comply with applicable state and federal laws and University policies.

5.2.1.2    Downloading or disseminating copyrighted materials outside the provisions of “fair use” or without the permission of the copyright holder is prohibited.  Illegally obtained material may include, but is not limited to, music, movies, games, software, etc.  Illegal use of peer-to-peer networking or other file-sharing technology is prohibited and may subject the User to civil or criminal penalties beyond penalties for violation of University policy. (See PPM 5-41, 5-42, 5-43 for the reference to copyright policy as well as IT Compliance Plan.)

5.2.1.3    Accessing or attempting to access computer systems using University IT Resources, including those external to the University, without authorization by the owner of that system, is specifically prohibited.

5.2.1.4    Sending electronic communication messages or creating web pages with fraudulent address or header information or containing misrepresentations in authorship or content in an attempt to deceive others is prohibited.

5.2.1.5    Using the University's official web site or email for partisan political purposes (with the exception of announcements of general public interest by University political clubs) is prohibited.

5.2.1.6    Using University IT Resources in a way which would constitute a regular private business activity or which would violate the University’s conflict of interest policies is prohibited.

5.2.1.7    Deliberately misusing trademarks in web pages and email, including University-owned marks such as the official logo or seal and trademarks owned by other entities is prohibited.

5.2.1.8    Providing false or misleading information in order to obtain access to computing or network facilities is specifically prohibited.

5.2.1.9    Using University IT Resources in a way that would violate laws governing child pornography or obscenity is strictly prohibited.

5.2.2    Accounts and Passwords

5.2.2.1    By using University IT Resources, Users agree that they are responsible for any activity originating from their accounts which they can reasonably control.

5.2.2.2    Users may not divulge or make known their own password(s) to another person.

5.2.2.3    Unauthorized use of another User's account is prohibited.

5.2.2.4    Users who know another User’s password, intentionally or unintentionally, must notify the account owner immediately.

5.2.2.5    Falsifying or corrupting data in others’ accounts or in public directories is prohibited.

5.2.2.6    Falsifying identity while using e-mail or any other University IT/Resource is prohibited.

5.2.3    Respect for University Resources, Users, and Information

5.2.3.1    Users must respect the ability of other Users to utilize University IT Resources in an efficient and secure manner. Use of University IT Resources shall not disrupt, distract from or interfere with the conduct of University business.  Prohibited User activities include, but are not limited to:

5.2.3.1.1    Using any device or software which interferes with the ability of others to access or degrades the performance of University IT Resources.

5.2.3.1.2    Damaging or attempting to damage University IT Resources.

5.2.3.1.3    Deliberately or recklessly introducing computer viruses, worms, or similar technologies which would harm the integrity of University IT Resources, as well as attempting to create or disseminate such technologies.

5.2.3.1.4    Deliberately or recklessly misusing software or other techniques to degrade system or network performance or otherwise deprive authorized personnel of resources or access to University systems or networks, including techniques to disguise or obscure the source of data network traffic.

5.2.3.1.5    Releasing confidential, proprietary information, or information which has been classified as private, controlled, or protected under Utah Code Ann. § 63G-3-102 et. seq., without appropriate authorization, (PPM 10-4, Payment Card Handling Policy).

5.2.3.1.6    Sending unsolicited bulk electronic communication (spam) unrelated to the University’s mission or related bulk email without appropriate approval.

5.2.3.1.7    Monitoring or attempting to monitor use of University IT Resources without authorization.

5.2.4    Personal Use

5.2.4.1    Users are authorized to personally use University IT Resources if their personal use is reasonable, responsible, aligned with good judgment, and subordinate to the primary purpose of the University IT Resources; and the use does not: 

5.2.4.1.1    Violate applicable law, rules or policies;

5.2.4.1.2    Disrupt, distract from, or interfere with University business, including but not limited due to the nature, volume or frequency of the personal use (the disruption, distraction, or interference with University business can be demonstrated by way of example: the number, nature, and/or size of the files created, downloaded, or accessed at work; or the likelihood the use has the tendency to disrupt, distract from, or interfere with University business);

5.2.4.1.3    Involve regular private business activities; or

5.2.4.1.4    Contravene the direction from University officials or supervisors regarding the personal use of University IT Resources.

5.2.4.2    In addition to section 5.2.4.1, Users who are employees, appointed officials, consultants, or contractors may only personally use or possess University IT Resources if:

5.2.4.2.1    They are authorized to use and possess such University IT Resources by the nature of their position, a contract, or at the direction of authorized University officials; and

5.2.4.2.2    In general, the use and possession of the University IT Resources has the primary purpose of conducting their duties.

5.2.5  Use of Enterprise Email to Conduct University Business

5.2.5.1  In accordance with Utah State Board of Higher Education Policy R840, all employees, officers, or other designated individuals are required to use enterprise email service when conducting institutional business email communications.

5.2.5.2  Use of any private, personal, or non-enterprise email service for institutional email business is prohibited.

5.2.5.3  University employees shall maintain institutional business email communications in compliance with records retention regulations, records management regulation, or any applicable law or policy.

5.3    Privacy 

5.3.1    The University values the privacy of its employees and in general does not seek to gain access to data that would include personal use of University IT Resources, insofar as such personal use is permitted herein.  However, Users understand and acknowledge that University IT Resources are the sole property of the University and all data contained therein must be accessible to the University.  As such, by using University IT Resources, Users acknowledge and agree that they have no right or expectation of privacy from authorized access by University personnel.  Notwithstanding anything herein, use of University IT Resources is a privilege, not a right and can be revoked at any time.

5.4    Remote Access

5.4.1    Only authorized Users will be permitted to remotely connect to University computer systems, networks and data repositories to conduct University related business as required by the Standard For Secure Remote Access (PPM 10-1, Section G, Information Security Policy).

5.5    University Actions 

5.5.1    Access to data contained in University IT Resources must be authorized by the University President or responsible University Vice President in consultation with University Legal Counsel.  The University may take any action reasonably related to the performance of University business or the protection of University IT Resources, other University property, or Users.  This includes, but is not limited to:

5.5.1.1    Logging, monitoring, reviewing, copying, examining, or 
disclosing electronic information from University IT Resources including but not limited to Electronic communications, web access and network traffic;

5.5.1.2    Disconnecting any device for University business purposes;

5.5.1.3    Curtailing, revoking, or prohibiting access to University IT Resources at any time;

5.5.1.4    Enforcing the AUP and other policies against any violations including University disciplinary actions according to University policies (e.g., probation, suspension, termination, or expulsion), civil suits, criminal investigations, or assisting in criminal prosecutions;

5.5.1.5    Authorizing University employees, agents or contractors perform the functions and take actions to conduct the business of the University consistent with policy; or

5.5.1.6    Deleting any file stored on University IT Resources, as permitted by applicable law.

5.6    Warranty and Risks

5.6.1    The University makes no warranties of any kind with respect to University IT Resources.  This includes, but is not limited to, the accuracy or quality of information obtained through its Electronic Communication facilities and services.

5.6.2    By using University IT Resources, Users agree the University will not be responsible for damages resulting from the use or misuse of University IT Resources, including, but not limited to, loss of data resulting from delays, non-deliveries, missed deliveries, hacking, or service interruptions caused by the negligence of any University employee or by the User's error or omissions.    

   


Revision History

Creation Date: 10/11/05

Amended: 12/14/10; 10/9/17; 4/15/2020; 4/20/22