Policy on the Appropriate Use of Information Technology
University of Minnesota Duluth
Original policy approved by the UMD Campus Assembly on February 6, 1996
Revision approved by the UMD Campus Assembly on April 11, 2005
Revision approved by the EPC Subcommittee on Information Technology
and Library, November 1, 2010
1. All-University Policies
UMD is part of the University of Minnesota System, and as such, is bound by all-University
policies. See Section 9 of this policy for an extensive list of related policies.
In particular, the University policy on
Acceptable
Use of Information Technology Resources applies to UMD. Many other policies
and standards set by the Office of Information Technology (OIT) also apply to
UMD.
2. Purpose
Users of information technology
as well as the institution have both
rights
and responsibilities. The
purpose of this document is to provide guidance to the UMD campus community
in the appropriate use
of campus information technology resources. These resources
are valuable and must be used with care and respect, both for the resources
themselves and for the members of the campus community who use them. Moreover,
members of the campus community must be aware that there are local, state,
and federal laws which govern many of our activities, including those that
involve
information technology. Information Technology Systems
and Services (ITSS) bears a particular responsibility for providing quality
services, protecting data privacy and intellectual property, and maintaining
system security.
3. Limited Resources
Information technology resources are both expensive and limited. Although
the amount of usage may vary among users, all users should avoid excessive usage,
especially when it impacts upon the usage of others. All members of the campus
community are responsible for protecting the resources provided by the taxpayers
of Minnesota and the customers who pay for usage.
3.1
Users should not permit anyone else to use their computer accounts for
any reason. Accounts are funded in a variety of ways, and each user should
acquire
the type of account that most closely matches the usage of the account. Allowing
another person to use your personal account allows that person to avoid paying
the appropriate fee for service; you are helping steal resources and compromising security. Passwords must be kept
secure.
3.2
No one who is provided with a computer account for their work as a student,
faculty member, or staff member of UMD should use this account for work not
specifically authorized for that account. This includes, but is not limited
to, unauthorized commercial use, providing
or hosting services for an organization or effort external to UMD or
the University of Minnesota, use for personal financial gain, or excessive
personal use. Special external accounts are available for such activities. Individual
participation in professional organizations, individual activities related
to
civic engagement, as well as reasonable and moderate personal use, are allowed.
Individuals who make considerable use of the Internet
and network services for personal use should establish service with a private
vendor for these activities. If you have questions about this particular
rule, please do
not hesitate to ask the Director of Information Technology for assistance.
3.3
UMD will make every effort to provide computers and computer services to meet
demands; however, there are reasonable upper bounds on computer usage. Excess
amounts of central processor time or disk usage will be checked for on central
systems, as will excess amounts of printing on public printers. Instructional,
research, and administrative computing take precedence over personal computing.
Users should avoid sending chain letters and unnecessary mass mailings, generating
unnecessary output, creating unnecessary multiple jobs or processes, and creating
unnecessary network traffic. Excessive use of bandwidth, which is often associated
with peer-to-peer file sharing, is prohibited.
3.4
No one who has been issued a personal long-distance access code for business
purposes should allow any other individual to use this code. Faculty and staff
with business access should not use their codes for personal long-distance
calls. Because the University gets a tax reduction on business calls, it is
not legal
or ethical to make personal calls, even if restitution is made. See also Personal
Long-Distance Telephone Calls under
Use
of University Equipment and Services in the University of Minnesota Policy
Manual.
3.5
UMD employees are discouraged from significant use of
UMD technology resources for personal activities during regular work time.
This
includes, but is not limited to, personal Internet searches, personal email,
game playing, personal downloading, and any other activities that are not
work related. Such activities
should be limited to break times or other non-work times and should not be
excessive at any time.
4. Privacy
Users of UMD computer, telephone, and voice-mail systems expect security
of their accounts and privacy of information stored in their accounts. Information
Technology Systems and Services will make all reasonable attempts to provide
such security and privacy for users. Nevertheless, there is no absolute expectation
of privacy for data on University-owned computers.
4.1
Users should keep passwords and access codes to
University systems secret; do not share these with anyone and
keep them secure. See Password
Tips and University
of Minnesota Password Standard for
more information. Administrator passwords to desktop computers may be
shared with trusted technology staff who need to provide
services to these machines.
Report any suspicious account activity to Information
Technology Systems and Services by calling (8847) or sending email (helpdesk)
to the ITSS Help Desk. See also the University
of Minnesota Guidelines for Using Information Technology Resources. Security breaches must be reported following the University
of Minnesota Policy on Reporting and Notifying Individuals of Security Breaches.
4.2
Members of the campus community who are expecting to leave UMD permanently
should work with Information Technology Systems and Services to dispose of
information stored in their accounts or on their computers appropriately. Human
Resources provides a
check
list to be used for this
purpose. Information
Technology Systems and Services reserves the right to close accounts and dispose
of information stored in them if no arrangements are made to save this information.
In some cases, the University may claim the right to information produced by
employees as part of their regular duties. Rights to intellectual property are
governed by the
Regents
Policy on Commercialization of Intellectual Property Rights and
Procedures
for the Intellectual Property Policy. Access rights to data are governed
by
Public
Access to University Information and
Internal
Access to University Information.
4.3
All users should be aware that information transmitted electronically is very
easy to forward on to others. Users
should avoid
sending out any information by email or voice
mail that they wouldn't want to see distributed widely. Moreover, private
data should not be posted publicly on web sites.
4.4
University employees with access to private data must
take all reasonable precautions to protect that data. Data that are downloaded
from University Enterprise Systems are only as secure as the desktop computer
on which they reside. Employees working with private data must comply with
the University of Minnesota
Policy
on Securing Private Data, Computers, and Other Electronic Devices. All
University employees are bound by state and federal laws protecting data.
These include the Health Insurance Portability and Accountability Act (
HIPAA),
Family Educational Rights and Privacy Act (
FERPA),
the Minnesota Government Data Practices Act (
Data
Practices), the USA PATRIOT Act of 2001, and others. Under
HIPAA, health care providers and others with access to protected health information
are charged with keeping this data private. Under FERPA, faculty and staff with
access to private student data, such as grades, are charged with protecting this
data.
5. Network Citizenship
All users of UMD technology services should act
as good network citizens and good stewards of our resources.
5.1
All users should be aware that information transmitted
electronically, by telephone, voice mail, or computer systems, is subject to
the same rules and laws that apply to written and oral communications. Information
that others view as abusive, profane, pornographic, threatening, libelous, or
sexually, racially, or religiously offensive may be addressed under other university
policies, such as the
Student
Conduct Code or the
Policy
on Sexual Harassment.
5.2
Users of the telephone, voice mail, email, or other campus
communication systems who receive harassing or nuisance communications must
file a formal complaint with either the Campus Police or the Office of Equal
Opportunity before any action will be taken. The office receiving the formal
complaint will then request that ITSS staff collect relevant information to
aid in an investigation.
5.3
Network users may not access materials via the network
that are prohibited by law, such as child pornography.
5.4
Network users may not participate in spamming (sending
unsolicited email to large groups of people), chain letters, or similar activities
that are a nuisance to others on the network.
5.5
Network users may not use campus communications systems
to impersonate another person for purposes of deception or fraud.
6. Property
Software and information stored on computer systems or transmitted over computer
networks are considered intellectual property. Much
of it is protected by copyright law and rules governing
plagiarism.
6.1
Users must comply with the "fair-use" provisions
of the federal copyright law. See the UMD web site on
copyright
information for more detailed guidelines. Music
or video commonly traded with peer-to-peer file-sharing services is almost
always copyrighted.
Downloading and sharing of copyrighted information may be illegal depending
upon various factors. UMD will take appropriate action when we receive complaints
about such activities under the Digital Millennium Copyright Act. Students
living in UMD residence halls must comply with the
ResNet
Terms and Conditions.
6.2
All members of the campus community must abide by the terms of all software
licensing agreements. Absolutely no software piracy will be tolerated. The
network may be used to
obtain and use shareware, freeware, or other software provided distribution
rules, licensing, and copyright law are followed.
6.3
Users may not use UMD resources to gain access to either local or remote accounts
or computers which they are not authorized to use. Users may not try in any
way to obtain inappropriately a
password for another person's account or
to change the password of another
person's account without permission.
6.4
Users must not attempt to circumvent data protection schemes or uncover security
loopholes on either UMD computer systems or remote computer systems.
6.5
Users must not attempt to monitor or read another person's electronic mail
or other data transmissions without permission. Users may not read, copy, change,
or delete another person's files or software without permission of the owner, or appropriate
administrative authority under exceptional circumstances.
6.6
ITSS backs up all data stored on ITSS central computer
systems nightly. Backup files are retained so that data can
often be restored if it is lost unintentionally. Data that is deliberately
deleted might also continue to exist on backup files. Data that is
requested under court orders or freedom of information requests may need to
be recovered from backup files and provided, despite user intentions to delete
it.
7. System Security
Actions that cause the telephone system, voice-mail system, computer systems
or networks at UMD to fail or to become significantly impaired are absolutely
forbidden.
7.1
Users are required to keep their servers and desktop
computers secure by using up-to-date antivirus software and applying all
critical
security patches to operating systems as soon as ITSS authorizes them for release.
For more information, see:
Assistance and training in meeting these requirements
is available from Information Technology Systems and Services.
7.2
Absolutely no physical abuse, destruction, or
theft of equipment, wiring, software, data or supplies
(paper, toner cartridges, disks, etc.) will be tolerated.
7.3
Absolutely no misuse of the telephone system, the voice-mail system, computer
systems, the computer network, or other systems on the network will be tolerated.
This includes, but is not limited to: breaking into, halting, slowing down,
or breaching security of any of these systems. In particular, introduction of
any of a range of programs known as computer viruses, Trojan horses, or worms
is expressly forbidden.
7.4
Users must not attempt to corrupt
or circumvent software supplied by the University.
7.5
Users may not attempt to disguise
the identity of the account or machine or the nature
of the work for purposes
of deception, fraud, or mayhem.
7.6
(From the University of Minnesota policy on
Acceptable
Use of Information Technology Resources.) The
University assigns responsibility for protecting its resources and data to
system administrators and data custodians, who treat the contents of individually
assigned
accounts and personal communications as private and do not examine or disclose
the contents except:
- as required for system maintenance including security
measures;
- when there exists reason to believe an individual
is violating the law or University policy; and/or
- as permitted by applicable policy or law.
8. Acknowledgments
This policy was developed and revised by the
Educational Policy Committee's Subcommittee on Information Technology and the
Library. Approval of changes comes from the Educational Policy Committee, the
Campus Assembly, and the Chancellor.
This
document rests upon
University-wide
and Regents policies regarding the use of information technology.
See the next section for links to related policy and procedure
documents.
9. Related Policies
University of Minnesota Campuses