Policy 4-002: Information Resources Policy

1. General
2. Privacy
3. Individual Responsibilities
4. Enforcement and Sanctions

Purpose and Scope‌

1. Purpose.

   To outline the University's policies for students, faculty and staff concerning the use of the University's computing and communication facilities, including those dealing with voice, data, and video. This policy governs all activities involving the University's computing facilities and information resources, including electronically or magnetically stored information. Every user of these systems is required to know and follow this policy.

2. Scope.

   1. This policy applies to all members of the University of Utah community, and governs all storage and communications systems owned by the University, whether individually controlled or shared, stand alone or networked.

   2. Individual departments and colleges serve diverse purposes and diverse constituencies; therefore, they have broad discretion in establishing reasonable and appropriate policies and "conditions of use" for facilities under their individual control. Departmental policies shall be consistent with this policy although they may provide additional detail, guidelines and/or restrictions.

Definitions‌

The following definitions apply for the limited purposes of this policy and any associated regulations.

1. Information Resources include any information in electronic, audio-visual or physical form, or any hardware or software that makes possible the storage and use of information. This definition includes but is not limited to electronic mail, phone mail, local databases, externally accessed databases, CD-ROM, motion picture film, recorded magnetic media, photographs, digitized information, or microfilm. This also includes any wire, radio, electromagnetic, photo optical, photo electronic or other facility used in transmitting electronic communications, and any computer facilities or related electronic equipment that electronically stores such communications.

2. User includes anyone who accesses and uses the University of Utah Information Resources.

Policy‌

1. General‌

   1. The University of Utah makes available Information Resources which may be used by University students, faculty, staff and others. These resources are intended to be used for educational purposes and the legitimate business of the University and in a manner consistent with the public trust. Appropriate use of the resources includes instruction, independent study, authorized research, independent research and the official work of the offices, departments, recognized student and campus organizations of the University.

   2. Access to computer systems and/or networks owned or operated by the University of Utah imposes responsibilities and obligations on its Users. Access is granted subject to University and Board of Regents policies, and local, state, and federal laws. Appropriate use is ethical, reflects academic honesty, and shows restraint in the utilization of shared resources. Appropriate use is consistent with intellectual property rights, ownership of data, system security mechanisms, and rights to privacy and to freedom from intimidation, harassment, and annoyance.

   3. It is the University's policy to maintain access to local, national and international sources of information, and to provide an atmosphere that encourages access to knowledge and sharing of information. The University also strives to create an intellectual environment in which students, staff, and faculty feel free to create individual intellectual works as well as to collaborate with other students, staff and faculty without fear that the products of their intellectual efforts will be violated, misrepresented, tampered with, destroyed, stolen or prematurely exposed. Nothing in this policy guarantees that violations of this policy will not occur or imposes liability on the University for any damages resulting from such a violation.

   4. The personal use of University resources is covered in the University's Conflicts of Interest policy, Policy 1-006 in Policy 6-316 and Policy 5-207 and Rule 4-004A.

   5. The University retains the right to allocate its information resources and to control access to its electronic communications systems.

2. Privacy‌

   1. Electronic communications systems have inherent limitations. No computer security system can absolutely prevent a determined person from accessing stored information that he/she is not authorized to access. Moreover, electronic documents may be disclosed pursuant to public records law or in the discovery process.

   2. Users shall respect the legitimate expectations of privacy of others. However appropriate administrators and network managers may require access to records and data typically taken to be private. In particular, individuals having official computer or network responsibilities, such as system administrators, network supervisors, system operators, postmasters or others who cannot perform their work without access to documents, records, electronic mail, files or data in the possession of others, may access such information as needed for their job responsibilities. Whenever practical, prior notice should be given for other than trivial intrusions on privacy.

   3. The University reserves the right to concurrently monitor an employee's electronic communications when such monitoring is necessary to the evaluation of his/her job performance quality. The University will notify employees when such monitoring or surveillance may occur. This monitoring will comply with the following restrictions:

      1. all monitoring will be relevant to work performance;

      2. employees will be given access to information about their work gained through monitoring;

      3. disclosure and use of resulting data will be restricted to University-related purposes.

3. Individual Responsibilities‌

   1. Users shall respect the privacy and access privileges of other users both on the University campus and at all sites accessible through the University's external network connections.

      1. Users shall treat institutional data, files maintained by other Users, departments, or colleges as confidential unless otherwise classified pursuant to state or federal statutes, regulation, law or University policy. Users shall not access files or documents belonging to others, without proper authorization or unless pursuant to routine system administration.

      2. Users shall not knowingly falsely identify themselves and will take steps to correct misrepresentations if they have falsely or mistakenly identified themselves.

   2. In making appropriate use of Information Resources users must:

      1. use Information Resources only for authorized purposes;

      2. protect their user ID from unauthorized use;

      3. be considerate in their use of shared resources and refrain from monopolizing systems, overloading networks with excessive data, or wasting computer time, connect time, disk space, printer paper, manuals or other resources.

   3. Users must respect the integrity of computing systems and networks, both on the University campus and at all sites accessed by the University's external network connections. As such, in making appropriate use of Information Resources Users must NOT:

      1. gain, attempt to gain or help others gain access without authorization;

      2. use or knowingly allow other persons to use University Information Resources for personal gain, for example, by selling access to their User- ID's, or by performing work for profit or contrary to University policy.

      3. destroy, damage or alter any University Information Resource or property without proper authorization;

      4. waste computing resources, for example by implementing or propagating a computer virus, using destructive software, or inappropriate game playing; or monopolizing information resources for entertainment or personal use;

      5. harass or intimidate others in violation of law or university policy;

      6. violate laws or University policy prohibiting sexual harassment or discrimination on the basis of race, color, religion, gender, national origin, age, disability or sexual orientation, or veteran status;

      7. attempt to monitor or tamper with another user's electronic communications or copy, change, or delete another user's files or software without the explicit agreement of the owner(s); or

      8. violate state and federal laws pertaining to electronic mailing of chain letters and other unauthorized use of computing resources or networks;

      9. make or use illegal copies of copyrighted or patented software, store such copies on University systems, or transmit such software over University networks;

      10. attempt without authorization to circumvent or subvert normal security measures or engage in any activity that might be harmful to systems or information stored thereon or interfere with the operation thereof by disrupting services or damaging files. Examples include but are not limited to: running "password cracking" programs, attempting to read or change administrative or security files or attempting to or running administrative programs for which permission has not been granted, using a telnet program to connect to system ports other than those intended for telnet, using false identification on a computer or system or using an account assigned to another, forging mail or news messages; and

      11. transfer software, files, text or pictures in violation of copyright and/or pornography laws, or transfer software or algorithms in violation of United States export laws.

4. Enforcement and Sanctions‌

   1. A violation of the provisions of this policy or departmental policy is a serious offense that may result in the withdrawal of access and in addition may subject the User to disciplinary action or academic sanctions consistent with University policies and Procedures.

   2. Incidences of actual or suspected non-compliance with this policy should be reported to the appropriate authorities. Disciplinary actions or academic sanctions will be assessed in accordance with the following:

      1. Violations of this policy by a faculty member shall be the basis for disciplinary action in accordance with Policy 6-316, Code of Faculty Responsibility.

      2. Violations of this policy by a staff member shall be the basis for disciplinary action in accordance with Policy 5-111, Disciplinary Actions and Dismissal of Staff Employees, and Policy 5-203, Staff Employee Grievances and Appeals.

      3. Violations of this policy by a student shall be the basis for disciplinary action in accordance with Policy 6-400.

   3. A systems administrator may immediately suspend the access of a User when the administrator reasonably believes:

      1. the User has violated University policies or law; and

      2. the User's continuing use of Information Resources will result in: (1) damage to the Information Resources systems, (2) further violations of law or policy or (3) the destruction of evidence of such a violation.

      3. the User shall be informed of his/her right to immediately appeal such a suspension to the cognizant head of the department or unit. Permanent revocation of privileges shall be imposed solely through the disciplinary processes set forth in paragraph 2 above. (Section V.D.2).

   4. Users who are not faculty, staff or students may have their access to Information Resources unilaterally revoked if they violate this policy.

      ---

      Sections IV- VII are for user information and are not subject to the approval of the Academic Senate or the Board of Trustees. The Institutional Policy Committee, the Policy Owner, or the Policy Officer may update these sections at any time.

      ---

Policies/ Rules, Procedures, Guidelines, Forms and other Related Resources‌

1. Policies/ Rules.

   1. Rule R4-002A: Compliance with Illegal File Sharing Provisions of the Higher Education Opportunity Act

2. Procedures, Guidelines, and Forms. [ reserved ]

3. Other Related Resources. [ reserved ]

References‌

1. 18 U.S.C. Section 2510: Electronic Communications Privacy Act

2. Utah Code Title 63G, Chapter 2, Government Records Access and Management Act

3. Utah Code Title 76, Chapter 6, Part 7, Utah Computer Crimes Act

4. Utah Code Section 76-10-1801

5. Policy 1-006: Individual Financial Conflict of Interest Policy

6. Policy 5-111: Corrective Action and Termination Policy for Staff Employees

7. Policy 5-203: Staff Employee Grievances

8. Policy 6-316: Code of Faculty Rights and Responsibilities

9. Policy 6-400: Student Rights and Responsibilities

Contacts‌

The designated contact officials for this Regulation are:

1. Policy Owner(s) (primary contact person for questions and advice): Deputy Chief Information Officer

2. Policy Officer(s): Chief Information Officer

   See Rule 1-001 for information about the roles and authority of policy owners and policy officers.

History‌

Revision History.

1. Current version. Revision 0.

   1. Approved by -- Board of Trustees July 13, 1998, with effective date of July 13, 1998.

   2. Editorial Revisions

      1. Editorially revised August 15, 2023  to move to current regulations template.

      2. Editorially revised August 15, 2023 to update references to Policy 6-400

2. Renumbering

   1. Renumbered from PPM 1-15.