ACCEPTABLE USE POLICY
University of West Alabama (UWA) provides and maintains information technology resources to support its academic programs and administrative operations. These resources are provided to all UWA employees, students, and authorized guests. UWA seeks to ensure the integrity of information technology resources made available to the community to prevent disruption to academic and administrative needs.
University of West Alabama must establish rules and operating parameters for UWA employees and third party vendors’ access to University critical information, their operator responsibilities, and protection of University of West Alabama’s assets, data, and PII.
Effective Date: 4/30/2024
Review/Revised Date: 4/30/2024
Category: Information Technology
Policy Owner: Director, Office of Information Technology
Policy Statement
The purpose of this policy is to establish rules and operating parameters for UWA faculty, staff, students, and third party vendors’ access to university critical information, their operator responsibilities, and protection of University of West Alabama’s assets, data, and PII.
This policy supports compliance with federal and state data privacy laws. The University of West Alabama’s (“UWA” or “University”) Office of Information Technology’s (“OIT”) intention for publishing an Acceptable Use Policy is not to impose restrictions contrary to UWA’s established culture of openness, trust, and integrity. OIT is committed to protecting UWA faculty, staff, students (collectively, “users”), and partners from illegal or damaging actions by individuals, either knowingly or unknowingly.
Internet/Intranet/Extranet-related systems; including but not limited to computer equipment, software, operating systems, storage media, network accounts providing electronic mail, cloud integration, WWW browsing, websites, and active directory are the property of UWA.
Effective security is a team effort requiring the participation and support of every UWA user and affiliate who deals with information and/or information systems. It is the responsibility of every computer user to know these guidelines, and to conduct their activities accordingly.
Purpose
The purpose of this policy is to provide a definition for the acceptable use of computer systems, printers, digital devices or systems, network, email, websites, and active directory and remote access services at UWA. These rules are in place to protect its users and UWA. Inappropriate use exposes UWA to risks including virus attacks, compromise of network systems and services, and legal issues.
Definitions
- Spam: Unauthorized and/or unsolicited electronic mass mailings
- Junk: Non-University business related email
- Users: UWA employees (faculty, staff, students, alumni), contractors, adjuncts, consultants, vendors, third parties and third party personnel
- FERPA: Family Educational Rights and Privacy Act
- Personally Identifiable: Information that can be directly tied to an individual
- GLBA: Gramm-Leach-Bliley Act (Protection of banking information)
- SOX: Sarabanes-Oxley Act (Integrity of financial reporting)
Scope
This policy applies to faculty, staff, students, alumni, contractors, consultants, vendors, and other workers at UWA, including all personnel affiliated with third parties. This policy applies to all equipment that is owned or leased by UWA.
Policy
General Use and Ownership
While UWA’s network administration desires to provide a reasonable level of integrity, users should be aware that the data/email they create/receive on University systems remain the property of UWA and that no privacy can be expected while using these systems. Because of the need to protect the University’s network, management cannot guarantee the confidentiality of information stored on any network device belonging to UWA.
UWA is responsible for exercising good judgment regarding the reasonableness of personal use. OIT recommends that any information which users consider sensitive or vulnerable be encrypted and password protected. For security and network maintenance purposes, authorized individuals within the OIT group may at any time analyze network utilization, traffic patterns and volumes related to UWA systems/equipment and network. UWA’s OIT Group reserves the right to audit networks and systems periodically to ensure compliance with this policy
Secure and Proprietary Information
Student educational records stored on or accessible via UWA information technology resources shall only be shared and used in accordance with the Family Educational Rights and Privacy Act of 1974 (FERPA). Handling requirements for information protected by FERPA are provided in the Protected Information Handling Standard.
While all UWA community members shall have a reasonable expectation to a certain degree of privacy related to their use of information technology resources provided by UWA and its component institutions, there are specific circumstances under which access to information or information technology resource use for a specific community member shall be authorized for UWA officials, OIT personnel, law enforcement, or other external parties.
Some of those circumstances allow for this access without the knowledge and/or consent of the impacted users.
OIT reserves and retains the right to access, affect, and inspect information technology resources, and the information stored within those resources, without the consent of users, to the extent necessary to manage and administer those resources (e.g., backup and caching of information and communications, the logging of activity, monitoring of general usage patterns, and other activities necessary or convenient for the provision of service).
Acceptable Use
Acceptable Use of information technology resources is always ethical, reflects academic integrity, and shows restraint in the consumption of shared resources.
It demonstrates respect for intellectual property, ownership of data, information technology resource security, and freedom from intimidation and harassment.
The following are explicitly defined as acceptable:
- Use that supports the administrative, academic, research, outreach, service, and operational mission of UWA and each of its component institutions.
- Use of information technology resources for which the user has been authorized to access and use so long as that use adheres to the intended use of those resources.
- Use that protects the intellectual property of others and the rights of copyright holders of music, videos, images, texts, and other media.
Unacceptable Use
The following activities are, in general, prohibited. Employees may be exempted from these restrictions during the course of their legitimate job responsibilities (e.g., systems administration staff may have a need to disable the network access of a host if that host is disrupting production services). Under no circumstances are users of UWA authorized to engage in any activity that is illegal under local, state, federal, or international law while utilizing UWA-owned resources. The lists below are by no means exhaustive but attempt to provide a framework for activities which fall into the category of unacceptable use.
System and Network Activities
The following activities are strictly prohibited, without exception:
- All users should take all necessary steps to prevent unauthorized access to this information. Keep passwords secure and do not share accounts.
- Violations of the rights of any person or company protected by copyright, trade secret, patent or other intellectual property, or similar laws or regulations, including, but not limited to, the installation or distribution of “pirated” or other software products that are not appropriately licensed for use by UWA.
- Collection, storage or distribution of pornography or material considered to be obscene in violation of this policy.
- Unauthorized copying of copyrighted material including, but not limited to, digitization and distribution of photographs from magazines, books or other copyrighted sources, copyrighted music, copyrighted movies and the installation of any copyrighted software for which UWA or the end user does not have an active license is strictly prohibited.
- Illegally exporting software, technical information, encryption software or technology in violation of international or regional export control laws.
- Introduction of malicious programs into the network or server (e.g., viruses, worms, Trojan horses, email bombs, etc.)
- Revealing your account password to others or allowing use of your account by others. This includes family and other household members when work is being done at home.
- Using a UWA computing asset to actively engage in procuring or transmitting material in violation of sexual harassment or hostile workplace laws in the user’s local jurisdiction.
- Making fraudulent offers of products, items, or services originating from any UWA account.
- Effecting security breaches or disruptions of network communication. Security breaches include, but are not limited to, the following: Accessing data of which the user is not an intended recipient or logging into a server or account that the user is not expressly authorized to access, unless these duties are within the scope of regular duties. For purposes of this section, “disruption” includes, but is not limited to, network sniffing, pinged floods, packet spoofing, denial of service, and forged routing information.
- Port scanning or security scanning is expressly prohibited unless prior notification is given to OIT and/or these processes are within the scope of regular duties.
- Executing any form of network monitoring which will intercept data not intended for the employee’s host, unless this activity is a part of the employee’s normal job/duties.
- Circumventing user authentication or security of any host, network, or account.
- Interfering with or denying service to any user other than the employee’s host (for example, denial of service attack).
- Using any program/script/command, or sending messages of any kind, with the intent to interfere with or disable a user’s terminal session, by any means, locally or via the Internet/Intranet/Extranet.
- Providing information about (or lists of) UWA users protected/non-directory information to parties outside the University without the express written permission of the University Administration.
- Any person found in violation of this policy will be notified immediately to cease and desist. The user will be given a time frame to comply or be disconnected from the UWA network until they can prove the issue has been addressed.
- Violations of the rights of any person or company protected by copyright, trade secret, patent or other intellectual property, or similar laws or regulations, including, but not limited to, the installation or distribution of “pirated” or other software products that are not appropriately licensed for use by UWA.
- Collection, storage or distribution of pornography or material considered to be obscene in violation of this policy.
Note: please refer to the Email Confidentiality and Security policy for more information.
Remote Access and VPN:
The following actions are specifically prohibited:
- Sharing VPN login credentials with an unauthorized UWA employee or a user who is not a UWA employee.
- Remotely accessing systems with sensitive data without a legitimate business need.
- The use of a VPN client that has not been provided or approved by OIT to remotely access the UWA network.
Policy Compliance
Faculty, Staff, Students
Any faculty, staff, or student found to have violated this policy may be subject to disciplinary action, up to and including suspension, expulsion and/or termination of employment in accordance with procedures defined by UWA administrative policies stated in the handbook governing that individual.
External Entities
Any external entity, contractor, consultant, or temporary worker found to have violated this policy may be held in breach of contract, and as such, may be subject to grievances or penalties allowed by such contract.
Legal limitations
All use of computers must comply with federal and Alabama state laws. This includes but is not limited to:
Sections 13A-12-200.1, 13A-12-200.2, 13A-12-200.3, 13A-12-200.5, and 13A-12-200.9, Code of Alabama 1975, are amended to read as follows:
§13A-12-200.1. "(13) (6) DISSEMINATE PUBLICLY.
To expose, place, perform, exhibit, show or in any fashion display, in any location, public or private, any material in such a manner that the material can either be readily seen and its content or character distinguished by normal unaided vision or be physically examined, by viewing or examining the material from any public place or any place to which members of the general public are invited.
http://alisondb.legislature.state.al.us/alison/codeofalabama/1975/coatoc.htm
Obscene means "that an average person applying contemporary community standards would find the material taken as a whole predominantly, appeals to the prurient interest or a shameful or morbid interest in nudity, sex, or excretion."
Roth v. United States, 354 U.S. 476 (1957)
" . . . obscenity is not expression protected by the First Amendment . . ."
https://supreme.justia.com/cases/federal/us/354/476/case.html
USA Freedom Act Approved June 2, 2015.
Public Law 114-23
https://www.gpo.gov/fdsys/pkg/BILLS-114hr2048enr/pdf/BILLS-114hr2048enr.pdf
Under the requirements of this law, the library may be required to allow federal law enforcement agents to examine the computer records and drives for suspect activities.
Effective Date
This policy is effective 4/30/2024 and will be reviewed at least annually.
UWA reserves the right to change, modify, or otherwise alter this policy at its sole discretion and at any time as it deems circumstances warrant.